0448ee0fe99f9929fc8c297a3d772411ae94512f26ffc4229aeab8f4e62dc3af

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3714d2a434aa0a239c45ea1c851ed665_JaffaCakes118.html
Size

26KB
MD5

3714d2a434aa0a239c45ea1c851ed665
SHA1

b4da516e0466f81bf19493c6bc4e229177a71c9a
SHA256

0448ee0fe99f9929fc8c297a3d772411ae94512f26ffc4229aeab8f4e62dc3af
SHA512

9be7372e6e942bd4d066bbb0e4dabe57dbc1a3af14fdcfaa56b76ac4555cfde2083be01f77bffbc73f7720891aa2cbad1afc75ec619e231feebb222b826773cf
SSDEEP

768:U+Y1CB9sRG2b5xAdqj6dG1E2bf3/YDOkaJaMJN:U+Y1CrsRG85xYcE8SOkaJj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
3984	msedge.exe
3984	msedge.exe
1880	identity_helper.exe
1880	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3620	3984	msedge.exe	83
PID 3984 wrote to memory of 3620	3984	msedge.exe	83
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 5744	3984	msedge.exe	84
PID 3984 wrote to memory of 2780	3984	msedge.exe	85
PID 3984 wrote to memory of 2780	3984	msedge.exe	85
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86
PID 3984 wrote to memory of 5172	3984	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3714d2a434aa0a239c45ea1c851ed665_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d51846f8,0x7ff8d5184708,0x7ff8d5184718
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13496151432577389919,1827188764315151834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
831B

MD5
42647220c5e9aff5e880a68c40b79aff

SHA1
d8940563046950a16486283c7d934d7295740dc7

SHA256
8a5c1b8ebf80639a7135ebc907facd93c33bc5a885d408a7a19379a009fb72ff

SHA512
23df8bda4117a8d95ba21065827be2f4634748c1f9cd7df1224dcaabc3cd71582c05cb705d5391fcd040699612b0be4a503fbea15fc38a8c744e30034d92fe5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08025a63d69b17e650af928e7a426967

SHA1
d4bedb5164b018dfc7ab6017427ba6d4301e16c7

SHA256
7a4665740e5a8e9b3584e8354e0c3aab583d8af5b6a7acb55d59422097a62e2c

SHA512
5933acf1c9581be5e1f9ac73f36b0cf461a59681732357e4e95862f95d4c78a8dd8e46bc36f22f21855e9616980879e98557fddc2ed7232800648c53334275d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c91da8bee3ecb876b022dec152c7fb4

SHA1
16463082874c6d4f9816983dc344f1837fc1f104

SHA256
be470fa32590d66b4ee9e1cede7b9779cd03880c28b0e41982a1e13c82aa6ffa

SHA512
f46db4b57a1a59733b3084d291e681a8656d297d4d8e32ce917459de1c4c8362b9f79c1fff35764191cdd6fd8c381d37c8c3a68c924fab4d71c65d3deec16e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
4c0aa28dafecc9a9d847b0e9a5120a27

SHA1
ffce9606b7aad226cebd6deb114bde844eff6c3b

SHA256
3ad44eb04d5e9f8e5bbd17eb85b0e7e5684b1abbf5d46654eddf53463455a006

SHA512
028b4eb7406273d5f058c00dd4e2ffd1d9b6b7e9232660a04680ae6832a1b59d7cd3d51e547dfadabb8f495bd36a3a3bdbb0e34fb45c9e9eb69eade9d4fa8956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a836.TMP

Filesize
540B

MD5
9a478a16a2604a7eb44534ea3ebe5d32

SHA1
f2bdbee9810ae2782ef94364528132fe194f8334

SHA256
6e63ffe7d652c44ff285078723cf49777644fee58d1e86421f746d7f69df49da

SHA512
86203fc134f97795152725335c8e23485f1176ec68325e5461e40a03a1c8ef66d05060084511575df25b8e6d26a010f9f392c6d314ee86811d99908a6310f393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7dec18e66bbccc894b151115503354a1

SHA1
6508766c0fceaf0da3f4a62f1e95cabe4dda26ec

SHA256
20ffa6b63372eba224a94054908972e46f380d1398c7d65559a3bd3e7ddff371

SHA512
654aa5940e11ea434acec3397f03c2e016111a3c7ce7038895e1e5d01ec65397257efee1f908e9c0b7a929a846f4a267255602cdef5ff923aa963fd42e5575f1

Download Submit