f28869467dab3659ef153a98ae8ab105e474ae0f47ff04359053037e5675c766

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

814d9648ef7d7184ad487e0384a520e8_JaffaCakes118.html
Size

59KB
MD5

814d9648ef7d7184ad487e0384a520e8
SHA1

1e459d30124f294f253e48ab1800e5502a1fced9
SHA256

f28869467dab3659ef153a98ae8ab105e474ae0f47ff04359053037e5675c766
SHA512

34cb9b8aebfd222c55e18168c2dab7bfb4445ad161d67edeeb117dbdd3e8eb1c7d1459be5d166dbb147272d43433435d212312b866ec26f5ad5514b22f116969
SSDEEP

768:5vAiFh2JfCbv7miugb6fxjcXmNRS7OD2We9kDmdjvjWJBgGMIYFLphKbTrudA3uM:mCUgbsjcXmNRS7ODCABOIYV4rCA3L

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
4980	msedge.exe
4980	msedge.exe
2828	identity_helper.exe
2828	identity_helper.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 672	4980	msedge.exe	82
PID 4980 wrote to memory of 672	4980	msedge.exe	82
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3928	4980	msedge.exe	83
PID 4980 wrote to memory of 3612	4980	msedge.exe	84
PID 4980 wrote to memory of 3612	4980	msedge.exe	84
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85
PID 4980 wrote to memory of 4848	4980	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\814d9648ef7d7184ad487e0384a520e8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc63f746f8,0x7ffc63f74708,0x7ffc63f74718
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15854161281532779695,2234617186803919564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
479e86f82a7cff47ab2495d67ced1148

SHA1
7d4abf39846543c86ea15aa1482aa54626e688a7

SHA256
2dfa5870c7d8b8786f564258c7018f7a68432e0847193d9978b05b967fd1b29a

SHA512
6616750c5e362ebd61b6e26caccc12b7a798b44f5b011a02358c9f9dfd00fa3d4f5044c0d9b79c876d9b1a7e1819d544f9064bd2db0257f4c1f1021a85838e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1018B

MD5
78a1252dec6cb0630336997641906d36

SHA1
1af88942a80278f806ed5d6da213e022e99f7b63

SHA256
6d5e31b83727395acd3d93b6f0787924218f7769425fda1348aa026f62c0c66b

SHA512
a02ebef7c44b69f7dada0d67a94ed6d15cc5efd6cd0886de9b4d67ed62215e98087ef7732bbcdc8e42f6b31405cc0bf1e704d0d7915961ea80f971c18b9ce628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2415fefb5dcddd97d5bf554a39b80a71

SHA1
03d32c3033d9f8519087a19a98eafeaaab7e6f56

SHA256
6d9dd95efe2b8dd54a668fb40ecf5ae43d1a71228c89e62da7660cdc5c757759

SHA512
ba4474aebd31ee45af9d1a67ee8248b060f1e0d94b1d997bf2b358e46a2d0596802205e19861e364e3892a8e15284a2e83ad8f685708d244ddcf2284e1a82568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9f9e5553e7c5c7f742853ffe8a954c4

SHA1
6319e5275581c154d6a53eefe4ec6f9e64e264d7

SHA256
89dd247e14e8235a9272e670b932a4d75c11ebd21475bd3f0c26037f613bde74

SHA512
2a31a43ae71626af8042b494e444432dde1026ce1cf0848fdf1413ff1cdbc7bd7ce8700714c1ca171f76c7beb377511400af0ad0037d957f85362900e4839aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9291105419b82a7779e3967f52ee1cd

SHA1
202bcc6b7233400397506b2760a649321176c3f1

SHA256
6e1bd77ac64a39961f00ca0a47a1f30411fc3b9980ae4ce938072278127af073

SHA512
ec078290ad26bcafc83e405775f6aada9d97ea3c74217b485aeefeb1800023fe1280cdf51bbb0fbfbf9d502e041ab1aeeb06fdb7b321ac272b28ca2a3f665a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c0b91ed7-67ab-45d5-8a78-c6fea945815f.tmp

Filesize
10KB

MD5
3fef31ba4b17a2f2ce610a8ae143aa86

SHA1
11bbe1972649fb14f03b94b533859ab841e22c70

SHA256
e8a9d189c58f39435893e11238fadf8c29aae9dbd61f67a29a18efb135dbcf36

SHA512
720d9fffc53324622fbcee4545bc034723b03410437f2c1df45732d58b8048533dda068dd921530b47aa27baa10d82e872f01080d6a294b7df2a4da26d679540

Download Submit