bb611b84ee0fd7f45164974577f9ba532ceceb39d84cffc817a3248089032b31

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

168264b652c9b1d64f42d88662d797ae_JaffaCakes118.html
Size

97KB
MD5

168264b652c9b1d64f42d88662d797ae
SHA1

c56206b208d3b18e834056d4d2d8f206cd7cd47e
SHA256

bb611b84ee0fd7f45164974577f9ba532ceceb39d84cffc817a3248089032b31
SHA512

45beb3f176118941abd9c4b3c02a4bf2d2ece5651e2625242db66fb2ba1b72e6e233492fc040dd25bfb9972b5c600be9f4f2bb361698d38b6be2806f17aa3e55
SSDEEP

3072:4RpYBD3Q8qP6oKxMzTl3H6n5sBmQ5sBmpKUp0sD:qpYRQW5sBmQ5sBmz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
3264	msedge.exe
3264	msedge.exe
2264	identity_helper.exe
2264	identity_helper.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 5020	3264	msedge.exe	83
PID 3264 wrote to memory of 5020	3264	msedge.exe	83
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 3716	3264	msedge.exe	84
PID 3264 wrote to memory of 4468	3264	msedge.exe	85
PID 3264 wrote to memory of 4468	3264	msedge.exe	85
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86
PID 3264 wrote to memory of 1540	3264	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\168264b652c9b1d64f42d88662d797ae_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdbca46f8,0x7fffdbca4708,0x7fffdbca4718
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1498766452866695697,4203985162261219446,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9bec532233e6d12e29bed62681041cc

SHA1
e40e359cf9c248fe819633b8739bbe83f97b4d78

SHA256
4af975809f3a3da28299cb594b0f31d3e94b8b60636d5c3fbad0ba4f560f967b

SHA512
21384d594424c2aea25686827ec5244ffb3a8f0f3ac2104f567ae47dc702fd14d8423e4859c61ca5efb0c063f806cad3fc2f6e9e19171acc9b1a5d044b02401a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97ec6bca0436db5fac91efb35ac5f21b

SHA1
8c48b3318fbd0bffc232e155806fecefce08cf69

SHA256
831f5ea9406c1a2efbb6cafaff6e84eb8f426b672196d0a60503f1e7b95d68e1

SHA512
1599a92cd80c9b5f40800b855e63324d7e9baac8149fe365ddea853ec5eb7d57fb0fac73164d0caed10f10021831400e5313f81436ad4bae5c34dd947512f545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1a1535425c16a558ff7ad21560ee239

SHA1
68c58e3af963f6909061e66d6b72407c488cd91f

SHA256
c09fd2372c18a1f4187df50616c47145180d0f076b0924de66c5015ede1c230b

SHA512
9a776f811268e23e57bfe4ea49850b2edf7e78d16fd66745c9fedc1ac271ccf16b80d1a7e0ea07c6938c49463c2b8ca0228d68bab722bff2dc3bd355875ebe30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b049f0ac962c991dd2f0af465cfe6317

SHA1
6b4dba5adf744dbc4db0790436476f6baafc62be

SHA256
74858e06283e1018a83fd04ece85e0d46c0fc511c8741d4f6135dc9c4f2024ac

SHA512
bc03d514252734e7fd53ffc7604493e30932533e4d149bb1d017d9480419b2a7b51e25abf290f939e6e52340c7897e269539656f0c3f4d9449ea82fb0e8ba2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a9b414d256afa6d719854b320e3f043d

SHA1
d32ce6089683995f18da3b11355908cb217c51fc

SHA256
afbea8e30a514afae75fe51dc51d7de68326e8807271a07d2ee38aae98a74515

SHA512
bcadac5d32447691309a1465de257a0f7fa5df12aa5aeedf286d4f87eb1199cf65af1babc753ebdb6d7a9ea81d77afcaccd7484d380db8095627ba371857d66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58220a.TMP

Filesize
203B

MD5
8b8985cc889a59e15d9bd866422da2ba

SHA1
75272be9fba3b4742be9806676b7a2386ee4cb4a

SHA256
b2c5c38927347af3dcd1f2c9c76d574c13062753824efb2cc3ef501006e5e17c

SHA512
aecc97426161206eff4dad82f32da963d522d5fb62fca5b310bf7c4cf590d06983dd6ae36616dd38b5dcd7ebcccd18a7ecfe9b39a7b7187ced4f790f8f899183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cbe42cce25306e12b3c1a789abe49b6

SHA1
0396fb7d3aa3f29b67338d70b704bf8bd5ea96ac

SHA256
d5936fab9c817a2b37c7ba98b073d56a5a5741468f86810e72ed8028f66e6351

SHA512
69db6d55ab9ef7875f5a0881c0d6f9767d9c158c77ab64edaa385c6569e9891228a434b94b2143d153886bb38c1650d9c53a48117faeaf3e33348b049df00bbd

Download Submit