0ca52b490913cbb5a5fa6b5d1d84c5dd6fabae1d3b767a0475b4630334b81b16

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b88410e4e8fed101e1423cd3178ac6d_JaffaCakes118.html
Size

14KB
MD5

3b88410e4e8fed101e1423cd3178ac6d
SHA1

b78feea8f9d7beee8626cac37142c8260246202b
SHA256

0ca52b490913cbb5a5fa6b5d1d84c5dd6fabae1d3b767a0475b4630334b81b16
SHA512

576b88c05360d772b11ad48225985150d53ddb56c5e1120741cdcd1a73982923e84abd82f216b4f8183cbcdd126c9009515e3fd3124ca2c47df6ad433a0112da
SSDEEP

192:wEcfjqRvrX9TOYCr1SZjReubW9rBevxRROqLboNRoRPvoHrQsQZqb0qUDqeq9oGJ:VcSrcYCJSZjReUZbbLboNR0HuvdjeA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
1668	msedge.exe
1668	msedge.exe
3796	identity_helper.exe
3796	identity_helper.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 3760	1668	msedge.exe	80
PID 1668 wrote to memory of 3760	1668	msedge.exe	80
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3276	1668	msedge.exe	81
PID 1668 wrote to memory of 3304	1668	msedge.exe	82
PID 1668 wrote to memory of 3304	1668	msedge.exe	82
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83
PID 1668 wrote to memory of 1652	1668	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b88410e4e8fed101e1423cd3178ac6d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd168946f8,0x7ffd16894708,0x7ffd16894718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16149717010010111281,4809266836807410056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
97edabbef060cd1ab343887ac4f3dfff

SHA1
738291958bd9f488e97074806baf8073a52fb4ea

SHA256
7f7254c9498da08da96c8352f3995c416a255b5fcce05273575863fce2a12a8c

SHA512
b4d9a72d1c78550866f25444c0d541ee6c339539f34cbd724c8b1e30cd3938827af1344acfe0373a94f0386801b4539a926acd1f0d8901cc3ff3f6dcbcf85dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
118f2f2bc69ef9b5515648f6e46eb291

SHA1
42afc0d75f04b9ee4d395ef72851cfffaa948e65

SHA256
38e89a27ae34e81b3310eda74aff1b09b29b66134c802182deecfb42738a0fbf

SHA512
e6966252ccd2710a4d95f7ec361e9d79274af12d6c777b006bde4edba49f5da5c4aadddbef5ca02ebb87ed45f88e6c1142824dae1a684466e422938e34cdee6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
78de9ad1bcdd7f9cd1f5686877859978

SHA1
78a1e47ffe49f723d6fa46c6c7ce279f9ab4cf15

SHA256
44b447dcfb6c3e2d7154cc870eac9c5acc3e4a01b57bce297b0bcfee7200300e

SHA512
8e2e18e2e49c3ddc0d11fb04ab64c789a0d29da1cdf09581790fb6095daf957479e98805ef55df391d6dd9aed362c5a9012a73a2d489a60874aa6f036ea00cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ac407eb3c4959124564e1f60ea02399

SHA1
c324911260812be09e4d059f20dec17dcebcb13a

SHA256
c51b140d235fba5bec45083fb35e729a9c4a2d08eba210a5fc949c72326ed250

SHA512
e7457849b2536bc53609130b642b4957b065f1368e493c058090022cee1c7938dd94a241b72bf5b47cd2361d11c1cadaee2be437a9e0c07df69553e8ccd8dba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ce6a3e9c85c14d5e6b4f359800ab7d0

SHA1
f60510566dc7f9067afabfa5ff620ea9cf66d7f5

SHA256
677e77264d641c566e04c158e393bba68e6e03b81e34633cc9afe7864961329a

SHA512
7a05b47590dde6ee65946fb4013a6a07b1c71268ad23501afebad51a58b8e5d67649d0f74a0bc93e58731cbf20b4779ef03046578f7ae821aa6658469a9c409b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
424f6c1551381c78e8e4386d7cf798dc

SHA1
a506d6982fa5fdc12d84ebcdc899b0d37ed36a4c

SHA256
a6db1b4a096e0e97ff7552979d1ddf2437dc01f4f5158c6f6878c2c867c588ab

SHA512
6a509984001842600b8ea0fcdb920c2f4b10582307af57a4db4a81ce43e0d692bcc0b2f484e1a53a359f527b9758307b8c8ffe23f6f5905de750cef5d22feaab

Download Submit