11afc0214f50e3cb61bba3a6bcd753ee63c903d9e80804e548e71bb69c28916f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c96f44717d9fe953530cb866826e844_JaffaCakes118.html
Size

50KB
MD5

6c96f44717d9fe953530cb866826e844
SHA1

2ce81d197c57384569f0838446bc451947571a44
SHA256

11afc0214f50e3cb61bba3a6bcd753ee63c903d9e80804e548e71bb69c28916f
SHA512

9d1cc69c86a848a39d02b8263c3981dfa161813e66caf410e5c34adf45a7be40001c7ac1035ba986428cf3fb52f755c16f3af0b25f07f8274ce6f6bc9093162d
SSDEEP

768:wVu0AiqYZT32qxeQtRgdyEEC9pULHKeMWITTdhSGdLLX:wVu0Ai7sdLEC9pULqeJmdLLX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
4524	msedge.exe
4524	msedge.exe
2092	identity_helper.exe
2092	identity_helper.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 1292	4524	msedge.exe	83
PID 4524 wrote to memory of 1292	4524	msedge.exe	83
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 4324	4524	msedge.exe	84
PID 4524 wrote to memory of 1924	4524	msedge.exe	85
PID 4524 wrote to memory of 1924	4524	msedge.exe	85
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86
PID 4524 wrote to memory of 2384	4524	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c96f44717d9fe953530cb866826e844_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4047821672934243960,13985526746408054668,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
28ffecaa80f2c64fc023e9c14e6ee589

SHA1
5fc4dd23ae22b039ea0de3cba9473107c1f9f2dc

SHA256
abd584eb56a09032f60125817a1d6dc94170009c5528e7612467b19bf58c2837

SHA512
a3266c7c3045151fb387b637140b8f1cd217db4ff50fa5e6a453b60e75095b103f44eb575955bcbe7f158b15330a54f955ade546199be276c3b43921e936e4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6360c2e1a1352dc1706c8fdc640404e

SHA1
875c7ca80d0c6fa663788ae83a9ae65fd84d26c5

SHA256
7e2980addb79de43e110b9ba8f5f58011887adb5119b06cfac18ea30dcf92fcb

SHA512
91e8631b57a2f44a4dd7b145c46111f8cb2b44d851da9ab6008f7dde88a7b1dcc39784c27225a8ba726271334eb0b6eb32ad84857eb7fa68cb99654ea2dac8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
776afac7bc971c10162982c830340ff3

SHA1
8c0e6617b45741eb9f33843e008214402b1041bc

SHA256
52cd4d310983e8e1ab3d524dea0cfda1568cbdc9a474457c2fe25284fe866209

SHA512
5d098967bc8864e31d6b631a55680e685e2dbd593ae8da4e251dbb9117ce56a630da6e7a1cad6c8c5764de67818a8c6be620942b965bc75b84881047350e1e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06cd37170d4ca49861c0cab9c4d446df

SHA1
f9f6f0c092c52a1cb9581ff7a663d1b1d3914115

SHA256
21a4e4495aec4068f20bfeaaa11089f147be45da1cf44d5de021cb129c5cedb4

SHA512
3e5675a7ee643bd4cc5eed4f32afeadfc96f8d233140220bdfdf27e9274f4b1cc26d07723f83aaa630d80d0374ed01505abf01a3053fc79145d9f0ad445727fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ecf7a038e92fe56460fb83f40d637355

SHA1
610509481aa8e69de7f154414aae1c2522d1740e

SHA256
c49f7cfca2b306a0ad03922f5d085bbb030dfcf757317f784b17262375b1868d

SHA512
3525a4d2ffc4991f7be6e6a02ea9d089e27a1746232f963048277da63c0b043ded0c0d05298d41ecf7b9105a8d7b026b7908607ae86b8b84ad064f6badcc1987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b2a6.TMP

Filesize
372B

MD5
e5424c43222aac35afe7c1da6e2d389b

SHA1
6f431870b7bc6c3683027f93d0147cb8443d778d

SHA256
0d0de37a0b7b8afeb03c4539d64a1c16a0f444c5df55777244f93274ca597b53

SHA512
8343eb85587bdd81026f7550c87c322b280d773e68a1f3d5357c9e9fce28d7a7ac09ff41f08b81de8ff5edfe43b2d5b7b27980d61a912adf4c3a951f5d318440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7dda18678826e08cb3804143a1d4d93

SHA1
35f021759d6cf266a7ee008360d14908bdfc9780

SHA256
a1532b88669019a107c9d04598285e74dfe4c13d9bab02e99d9150ee5d2b766f

SHA512
a739dedae96192d1987898b6899a3781dfc73ce47d7fcd06d224ff7261030bcdc112e411cfb4d2f25ca6d75253ce57963f1e904dc15d0e754414591d49af127f

Download Submit