4d50202f10577cc2d6d1e24f5eb479fe7edb00483d06033dbee9528188d8129a

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4010fff24eb50be0e7d6e50e2c27b49c_JaffaCakes118.html
Size

67KB
MD5

4010fff24eb50be0e7d6e50e2c27b49c
SHA1

3b2a87af4b0fa919307b238b574649ecad1221f2
SHA256

4d50202f10577cc2d6d1e24f5eb479fe7edb00483d06033dbee9528188d8129a
SHA512

5fe137f1081bebb3b6f3fc53f2a59b8b20e583c61e18fda18b22d5edae653a02d015c6e90d8c8f7332e8c3428cdba63a9f3bb04af27c63042fc3e75c07f9c25c
SSDEEP

1536:g3p7/VAk5MDkuq8yF8WHHPBHaBDEz9kDH0:0Vp5fuq8yF8wHaBDEz91

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
3092	msedge.exe
3092	msedge.exe
1920	identity_helper.exe
1920	identity_helper.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 2176	3092	msedge.exe	85
PID 3092 wrote to memory of 2176	3092	msedge.exe	85
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4380	3092	msedge.exe	86
PID 3092 wrote to memory of 4664	3092	msedge.exe	87
PID 3092 wrote to memory of 4664	3092	msedge.exe	87
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88
PID 3092 wrote to memory of 3116	3092	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4010fff24eb50be0e7d6e50e2c27b49c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6a246f8,0x7ff9e6a24708,0x7ff9e6a24718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16212798870374156401,10974353340733638451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b35245f68dba26cd422c1e390f000a59

SHA1
cd30f732559cc3249f957005e51557b1dddf54e8

SHA256
c82488315753b3ba0edceb89b8b6aa9aed31a55a1a3a847ecd165fbf837091c9

SHA512
344f98cd0294f37cb71ec674f9e7edcff60a2b7b2f4d9c78c6fc7c8514b6f89d453799b105a188df441b0b19921b75871f4595f52a77ec76a4166c2df31223e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f93f5cb8f988b2188958f48b9b8bea6a

SHA1
1b055a972880792c0b7e189230ad34d21251a0d6

SHA256
5319c03b208cd4df2b02822f49882d658d77287c688cf0106fdd524ff6a4dd4c

SHA512
31f0fe56ddd318178807fa16d7315dd43a991323316b6927566bd6a2a8413b80d53d8c2e5e1883db33dcc02af6ee7ab5624855eef2ef9e2df241b91ede539efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9b439aae90c189914a5adcd8c5a2ab4

SHA1
a925e1833097db4d47c4d175ee697b75a5ba8a6f

SHA256
e314e672f29a5276af7efc1c2230f10c23ab668c19c392ea88b55ef0c0bf8cb6

SHA512
75b735298953e3d413168cb4a3ef0d818ac6da0aae227e2f6d1b4868b5fa41a0ac935d8152e629dbe68f10f3cc05428d4935f5778edd002009a85a8638ad3324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a8dd7fd0b36a6f9b1283eed3e9f5b60

SHA1
539aac7ddd48c43bb708b6e9e803fd517d4d719f

SHA256
38ee50e801af7a56a366c2abdf76b68ffa49dd67c750a7c904566bf5cf84692d

SHA512
d8591066204d71ea134f145fc457c3511a0f3bd00f5fda8aeb50e7380dbcf65ca37355021dfcca6d325434582b6bdbd547dbd0003f69649a81560e148d6ae064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3814959ed7dfa02a9fab023cb319a4da

SHA1
bc3ac8289462965f0d72a28c49d806dcf257ca99

SHA256
efe2605f0d566e9abdb8a11c24f6d88163b9b60e53ada242c69d4f5571a7fd4f

SHA512
21cc15cde7a86dfe48fe666ca7048a3eae97f95704c47b70fa50d109c4c6cf4f5e67be514490826be7496bcfcb6072a506f2ead9b2fd2cd3bac6c24ecf994ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc47b21b1f39332a447050f0ae1d9dae

SHA1
80c2d415e8b85e4e2c646daaa7906a011398bad0

SHA256
7fdb71d2a62ad8baabd65ceaf4cbcf69168160db0767d5502c56398174d1772c

SHA512
1db70a1969e05097a63034a7655fa9e2f9a38a5ebfcd055c09211fa8e29521c80e38c8379350da6d88c28a095859d495e57d50bbfb0281197c3676cb6a787070

Download Submit