f0fa27896ac98b0dab7e62bdc00a3a595f25866000580116d28bde64e9df4db7

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e9deb9fe69f53bb6e7b0afc4a407b10_JaffaCakes118.html
Size

58KB
MD5

2e9deb9fe69f53bb6e7b0afc4a407b10
SHA1

9105c669b2ac8418899de63fa9c48c0d65997930
SHA256

f0fa27896ac98b0dab7e62bdc00a3a595f25866000580116d28bde64e9df4db7
SHA512

90d25b6b665274d2bfe60f99043e2a543b0e21c70e57ba8935a32ca743dfb1fa84d441ef49090f28839d08d157052315096591788845ab19b319bc02e21f13a5
SSDEEP

1536:Q3KqUU0EeyGKgQiuejT/1lFNiqgDZaMkvww26rGr8:Q3K+0+2ue1lFeD02EZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
1532	msedge.exe
1532	msedge.exe
4108	identity_helper.exe
4108	identity_helper.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 1812	1532	msedge.exe	82
PID 1532 wrote to memory of 1812	1532	msedge.exe	82
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 2532	1532	msedge.exe	83
PID 1532 wrote to memory of 4268	1532	msedge.exe	84
PID 1532 wrote to memory of 4268	1532	msedge.exe	84
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85
PID 1532 wrote to memory of 4260	1532	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e9deb9fe69f53bb6e7b0afc4a407b10_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccfeb46f8,0x7ffccfeb4708,0x7ffccfeb4718
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10279420841584953262,5266260272954911665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
726B

MD5
a6387f1232fd98eab97a85168b37c41c

SHA1
3da0f022227e1175fd9f6e7446f8b903197fb692

SHA256
5c0f1f3e76e770df86d9fb69b0a8c522b930029c899b1a47367f929c10cf954f

SHA512
1ad88c4c842b1dcc4cef010f3047f5a82c5a607754eb7de9db1be2f44cbeb45fc350fe630cef6a7a02d7ba27501d4ead968eec5a0868ba9adc33ecc06c419ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
939bb4f6fdbc48aa27a29dc9bbbebabe

SHA1
63d5ced8abd6e8a8ca48a4252bbbe136f3c779dd

SHA256
e70d452ab2d8a9fe94455d7d202c32a8f13d103bb64cfc571cbce471c6cde62f

SHA512
e86ab15db2d18afdcf3c011045b7d696fa28abfa5701059e8f5dc41417b6910af98a416f7078561ebc4e3b2a1917e588b5083f18b7bff25b989f74d4b04ebd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19c4f49cc44b4c78c3302efa87d42587

SHA1
700919d3a69a0993bbe99ea88c3fc4f1c2e553e7

SHA256
8a8935c1dfbd43d89e72340701e38147e6569feb72e416ec398f646fb7c27593

SHA512
daa5ff0cc40e242eefe3c7f6b87b2c54db24028168c61f98dc91c77a4fea1ef666fce76285d9b6282ace327ed1ad1959e590507ac287c3b6afbb634122cf9e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5b5ca0fc32c2781aa0a0341fae508dc

SHA1
aef260ea682044af38c191f0595038b73fbeabed

SHA256
35d69a544ea62d229542708d3e2b5e2a7154fbec7334daacfe0fce542a026a9d

SHA512
5429ed07763b1a959518aa91e3f7dca84789df014c5807727138c9bb3f79fd53ca686a4d9bfbc0506f48bfe81d8b2bdad60460808b1f6dcde6f7ba374b8fd836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
af0815888190bee0c985615dd85379b6

SHA1
082655c2fb9488adfaee129b0a0f43ad0e21e971

SHA256
4c9133e58daaf72c20a05623bec2e7afc432e43b1049eab0334b4d92a7b91d04

SHA512
fd5902f41e734f5a691bf5b2fc05fb6faa449849a6827875a7f6f12f8ff622a6c6d847041188abd0a2688e240e13821a915c3ee4596e22febd2221a58b3dd164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d9bc701b96648829dd048072a20359b9

SHA1
78ab5c40d0025de47e1c485d74837e9033182134

SHA256
c8b682145b1d8df0c25b82602bc7b9c57fb4b66db1c895a963bd1e82e21ed1b8

SHA512
47ac2073b8d0e52b2275642ad63561af3aa7fb73bd716b7548492487299e64e2d4f308c4c7a761a3d36edd09ee44afd787e0f7147c679211cd6cde10ba5f1928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a48d.TMP

Filesize
204B

MD5
95bd448c8292309c176e8217ee6bf5d9

SHA1
0aff2ebe39f13dc75a780da96a882cd95d8fbb0b

SHA256
1852a59bf3cf2e363e2134304a9e49f8c5c7797a06e5b540dde0d704de70e5ec

SHA512
440e5dd086872a1d9cde41f4c358850423d4e3331153dac92a243d984341a06426f3be187f2abf77836d4de0d86950cb489f6ca33e939da0833d66e6e181190c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a5aeaed3c38f65d1ddb39a374285fa7

SHA1
05667b73716146739fffdba1a22d1f705c1854c1

SHA256
3f2d0c0a0f50fbd6ae113c77be36308bfde797b0ceb465e9359b05951ddb078c

SHA512
8b669b30cdbe71b1f28c6337276b4993b0bb317229272f0c2934867a80f14f4b2ca46bb398bc8708a470d99f26bc741b994dcc7b47768105f6dcbbc6eb9c9937

Download Submit