acac7b42c442828c19672df2e4d5712864ef1b4d907b4432c5b347bc87b48589

Analysis

max time kernel
149s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37f240e3a8bb73fafbc7abc474f47c0b_JaffaCakes118.html
Size

5KB
MD5

37f240e3a8bb73fafbc7abc474f47c0b
SHA1

8cffcbf0bc2d0ae170018b39443a84652324dce7
SHA256

acac7b42c442828c19672df2e4d5712864ef1b4d907b4432c5b347bc87b48589
SHA512

b565745f7aa0eecca74eef776f86ab95068465d5724fe8a172030943bb53f75fae437357842eb5dfd3981ae735901d858cff3455034ed891847aedf81583a357
SSDEEP

96:ST3k9EbLzAGt5gBGAiseA2utisGd4ikiZiN7ry6EHSj3l/mFUVWB5EV477V1:STU9EPzAG7gBl724bikiZiNa6EyLQb7X

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
3392	msedge.exe
3392	msedge.exe
2488	identity_helper.exe
2488	identity_helper.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 4908	3392	msedge.exe	82
PID 3392 wrote to memory of 4908	3392	msedge.exe	82
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 5616	3392	msedge.exe	83
PID 3392 wrote to memory of 4948	3392	msedge.exe	84
PID 3392 wrote to memory of 4948	3392	msedge.exe	84
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85
PID 3392 wrote to memory of 5348	3392	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\37f240e3a8bb73fafbc7abc474f47c0b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab54046f8,0x7ffab5404708,0x7ffab5404718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4534462288707466254,2183443553256239012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cea6716b21334d967f016984ceaba1c6

SHA1
1bf8c78c8545b8e60f20adae43973a18881941ca

SHA256
95d2765914ca3fc461acee90146e6ce4ac7a8ece03930ccd04d598dc9498c5d6

SHA512
ef8eb707a6da4e55d28531f028943124c04a56ae849dd171dea5584b07ad1449675b7b654949c7bd0f15346efa52171d871306dbdaf71b1ff6a04f5915cbf0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
601B

MD5
7f058dc67f7ad3a90d6640ff53d29a0a

SHA1
45ce45d7d506478e52c497e81f52ceda4ecce8c5

SHA256
7e2a4c2ab629730745f8e326620c09a6d58e647f4c6f6922986fda095aac8640

SHA512
a4be526a7927520a86bb65a565cbec98ac7694bb318cc2b9b99295a136f9d5bfc462f399fe8a4a905d52f0a7ce5f30ed76caee593b61d25f7eb219379aa0b41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96535e9bed817c6eb497a6b4eb51f19e

SHA1
0fbc229b9d7db793453244e09c97a3367c43ae37

SHA256
443fbbdc1ab52d70ddc7f680ebbd978333137bdf6b4d3316f1c72e596af671ed

SHA512
4b2e1e146fae70f20d80ac0afda4f0b5d7e2e478fd7060ed0103e0663568504c02de7f3d9917afd78268a62309945f36fd8101c27e4a4eeed99299f13ffd8f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a593a8d54e12bea3854272e350c4843

SHA1
8b5bca36e0508c1856dc5dabfb2c178525a5006d

SHA256
bd8d107c477b20fc84b41e761a004929370a1132d317261470d16650b462fe02

SHA512
7ee8613373ecab5b5603ea852e489be6622f6451be9c963849ab68d478624cf64ef043956aaff0db6faf564be7e3fa25366f3c626abaa6e365af8f289cec522a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10ff31dba6847c457860e204c5c56180

SHA1
fd80547dd35d1e098d00ad60ef4382b89f053930

SHA256
1d59f52788125277195a19235d88ef19df3e7b219b21128f1cf4bbc44afb1c6b

SHA512
1448cab317ad6e61275daadaed0683ce67e03c5d8ab2e8243772ca1f30acf9b7481ca1a63c8beb30560cfc40424eaf3e99678cd92c8e2be9f199003528665aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2765d764fff54cabf891bbdc32c899a9

SHA1
bdcc571f1c745cba642482a19e0df5c6fbd3f137

SHA256
5a53950d4add9447df73148692aa9f691d294ec93a8ffe0bf9d1b513e8f2b2cd

SHA512
843e3de842d8df70a71a11b171bcfc96b2c235124c9d06ecfaf7eb1bb94c9847573aeff5e24df49c7eb573065be4a37d2fee34f5883accdd31d948f255bf0ec6

Download Submit