f56e6f71b2dc8a0a3b0400afc430544d072aae88b2fc14df8efcfe007e9e3b98

Analysis

max time kernel
148s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4495bccbd300de5f329ec4d71a6f728a_JaffaCakes118.html
Size

14KB
MD5

4495bccbd300de5f329ec4d71a6f728a
SHA1

fe2fa8f20556c1100a49e29bcf66bb2ea6b25e81
SHA256

f56e6f71b2dc8a0a3b0400afc430544d072aae88b2fc14df8efcfe007e9e3b98
SHA512

6d7a13e7e759dd327b5b93dff17c48ad7ed034756d897a8a7832d7be5ed90e2e0a2fb1a0f408df6e9e375fefd74d3a7ad72ba437822e73169518cb18ad353aa8
SSDEEP

192:S+x1WD7dhEKzkiYt9ShhAwZzj5zt2BsPlKAu2tUrmEua5JiUErh6U5:S+x1WDphjzk7t9Sn5t2ePFtKgaa3hd5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
2780	msedge.exe
2780	msedge.exe
4496	identity_helper.exe
4496	identity_helper.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2900	2780	msedge.exe	83
PID 2780 wrote to memory of 2900	2780	msedge.exe	83
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4616	2780	msedge.exe	84
PID 2780 wrote to memory of 4296	2780	msedge.exe	85
PID 2780 wrote to memory of 4296	2780	msedge.exe	85
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86
PID 2780 wrote to memory of 3776	2780	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4495bccbd300de5f329ec4d71a6f728a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8ddb46f8,0x7ffa8ddb4708,0x7ffa8ddb4718
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8498403800365559158,1208646974692021227,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f549d33f2a6e1ede85b3be113fe07a22

SHA1
4699884702355ddac2b7fba02d37643e32024287

SHA256
16bffbd7cb0dcf2144247f5a100c2f4b106d827bc1b9f579ce7ddb5e496ebfbe

SHA512
72431f74981e2d86686bc615c4610cdc0dec65e431aa981aeb680860dd77bf9efdcfea35e01d148f7c04cb8885c7aecb1d43ed71e402a86b488825f375dade6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30cd6e5f918b328984e21a8eecef3d51

SHA1
2538570c23731da4de73661f843518528a423a48

SHA256
8f96766d6bc5d97807f23a552393aa76a81c1bda000597fb2bbc3a95bbd7bafd

SHA512
f45ac63f6486b2a0c3c2429d5c156378804279375a37b2ec73e5b941c06bc1cf842f2787f79e7a742fc4eab5059f3c9d0eaed5cef2e88a09cea274c9872f279b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2e7ede92db45d7b8c64a89a762461cd

SHA1
e2e3ef4ec575deaa419388e25bfd0009d8e36deb

SHA256
df884b2b32b9f9ec2d28b87164db9be85f250826892bd2cfb7d920b9f5d00fa4

SHA512
4915900820a8a7b580edbee55e5a0dfc20b5129e7c4653d3763fb4a4725d514399981bd3f7a0759c11a53e7ffda6bc3adbac9cd064fa4f0b83325acbdb676e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93b75342473418ce2d2627c56fd40c55

SHA1
24bb6e3d88cc26da4fa71da0891b1ebcd1227b29

SHA256
cb3aeb5ad0486e205d8a6c073d92292844c3bfc3bd95f8b5ca26135c3b5e7614

SHA512
8d0df0d77bfa5a0e04ba61e606d52e922d718c0aa6487768d873b947f940154bb206cb9fc030ba945d1ca43931308810de9c910f5c64b89f467869ee70cf97eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d21f5db41ca0cf2cb0998f33e7310ee2

SHA1
babd1c44d1d924e04945b045aadfe1b451aa2aab

SHA256
c2da1800e099c9913acae845d225e3d08a3fda11dce1730c65982f7750668b21

SHA512
cbc79d5a018f3fe512bcdb563071fd02ef9af4b22fd931785c5a73b47070288acfd63d221c0c545b4f6f840cec063af25faa2d2adf21552ff51162d06a75ef8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
698c4acc068b2a86a62ff4efa7577ed9

SHA1
b62ef70df30bf11067e528b3c702a6f4476d3fa4

SHA256
93887385c2bc172926903df71e174abc29c9d01047adca2b87df5642f3bac0b2

SHA512
2ca6a0c4d27ebae24831da364d4b880ccdc2e75424fe864f5aab01e548e861f9361ab5dfda73293d8ae200477c08a6795010a5f83c8af6c9c296690aff731fed

Download Submit