e0642ad0e69644db0030a103f9381bb2d519717905aecfe3f07fae262d6e615b

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a9fc5d90412a7b338734511065bd14b_JaffaCakes118.html
Size

47KB
MD5

5a9fc5d90412a7b338734511065bd14b
SHA1

3cb2ed320e7d8c9661892c8813843c2c2dea388c
SHA256

e0642ad0e69644db0030a103f9381bb2d519717905aecfe3f07fae262d6e615b
SHA512

48aadf65bc820d170412e85b589ba222b73262e07f1b46c911cd19060192127f0170400f2bafa521e768d575e1fc17ffe8cb1beab78dc37812704d994f4e08ca
SSDEEP

768:niakn1Jp3aV68i4F4xclEuwzT3+Yv6NM8CoLfsd2:n3kn1Jp3aV68i4FmclEuwX3+Yv6NM8Cy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
648	msedge.exe
648	msedge.exe
704	identity_helper.exe
704	identity_helper.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 2096	648	msedge.exe	83
PID 648 wrote to memory of 2096	648	msedge.exe	83
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 3280	648	msedge.exe	84
PID 648 wrote to memory of 984	648	msedge.exe	85
PID 648 wrote to memory of 984	648	msedge.exe	85
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86
PID 648 wrote to memory of 1672	648	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5a9fc5d90412a7b338734511065bd14b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbdde46f8,0x7ffdbdde4708,0x7ffdbdde4718
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16444361977932204775,7641489857704963574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6536 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
645942d80221c651cc6fc49e4609e06f

SHA1
80d6378223360e2b9fdf5a710068b7960c64c23c

SHA256
e392d12d0482133bc8f4fc83811a5069b9a40c5c594cd5e32afa8d2dcba0c5f3

SHA512
5ca2505e67cbad96948a91fc4c617c5163f3c59ead994690792a9eb1b2c236885c386e5946b95874c687d17eff4a27f79e3e5493bcb8f6513d5e4a7de6467d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7a79283838319bf51484ea1b980c831a

SHA1
2f9b62e0aea69eb5a95a523da1f01d2d881f886d

SHA256
5779864ea1fec65368bd8e4c2f13957ea4ecc3b1e382c881b6524ab8de9a3d90

SHA512
061c6f827cd0ce9c92a85fd0eeb4b6289e86f0aae8a35422d3ba059f3ebe6c82ce573bdc0641a91b963505a9beed41d53b1f0b1aa758046a4e99ce9e54f23494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b7aa8966c5c5b9e9e49b71d903fa054

SHA1
96d47ff5a90d551e64664c942ce8d9d09d6b7152

SHA256
36db69c5925bea38c37e9e90880b641c8692505658c00aaa576c8d1328cd9e5a

SHA512
d2b3687402b15d80af928cff469aeb92e8e9430d16cf1e2909e61b65046c302f76eceb7f408b75ebbfc64ca9c44d8e4db8aff3a33e448963d1c6e536e0f22d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa9e2f67edcd0d6e637c733a7ccc6941

SHA1
dc6b9c615556bb67dd5a3ae49d09a8a0f454175c

SHA256
de3f5ed235b15f8326623db552a193452cf62901cada3d59aa88b71aa5d5a7f7

SHA512
cac96183be7eb798ed3af6f84a885a9736223dd0750f28328b0bcfa1783fabfdebe9259feb0df52c1262072d24129c3a81307154de89e361c2295f0047950b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71cd4f4d50eae1b44da961172cf9a0d7

SHA1
a168b8b8c179151a28b00d07f3595ac9723f18ea

SHA256
3145ea4485de72c8e399143f804e7f2661c88b6bfb7e7b881b8a8aafd3486534

SHA512
7561b4b3e6ca30c52d7d306162d58c6d65b64ccee7b59da811c8bc35e28835234e3c786c7752b8d907ed286682b5a9c879dcfe43bf6b3f662beef2466aa4413d

Download Submit