a492ae2687c901e903a7f7edc586b5b1fd7e6de53f624154d479983e42f4310d

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4a7df1200789ee8b3cbc5a12524f2c4_JaffaCakes118.html
Size

162KB
MD5

a4a7df1200789ee8b3cbc5a12524f2c4
SHA1

e67be062d8bd08d9185bf69a6a78beeb95325a4f
SHA256

a492ae2687c901e903a7f7edc586b5b1fd7e6de53f624154d479983e42f4310d
SHA512

3a7ed42212c91d6ad18a0497bf37ae6aea19fffc1a1b879c78cbdec23ed3b0af218ffbebbd8cb00202a2644c66b3e8d3467949d9117d6f9b801d79e4f99a3c46
SSDEEP

3072:rF0o53qGudbnckaYJN4McZf+rf9OFYaiqat6FNajUSXOFEgAUHUopiLFHXPMhPHP:N53qGus5JJZYAYf8

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
12	sites.google.com
16	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
4512	msedge.exe
4512	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4564	4512	msedge.exe	84
PID 4512 wrote to memory of 4564	4512	msedge.exe	84
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 320	4512	msedge.exe	85
PID 4512 wrote to memory of 3244	4512	msedge.exe	86
PID 4512 wrote to memory of 3244	4512	msedge.exe	86
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87
PID 4512 wrote to memory of 4452	4512	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a7df1200789ee8b3cbc5a12524f2c4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7515117005500830736,10538745936115179306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a1068168009a0151f631478c0e88ef32

SHA1
b1396692d9eec79ecf3191e954265560fce2f9a4

SHA256
d13817a3b8ed64725e96de50f0582a5b30197dd40359e3e517caa639a2e126aa

SHA512
e513cb944b13d87f133abf6a5b97a7e6922f859af206cdff55e00e9c19f6727f5e173ad5fe1113af57f6b5c543a8420ffa0576a9847a81f5f70a892611c2613b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
941fd5e8e92bd5607592d3f74f8ae022

SHA1
40c50856d9bbab5f64f3ede0ec9c416e9252b85c

SHA256
5d9c62604861967c59881a01c1727e3aafde14d6d13da63abaf8094d8a53e2c6

SHA512
b96e522599cfdea8298a42f60e72a169f8eae25950c32cff08a74a34e5c80bc7595373c62be66538945c4eb180106880d383a08b1ce97a5b93a6f9a43511a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9dfd13edf5b87d5a377b8e76dff5d77c

SHA1
5e2e6ced39edfed5636a9255e886c105227695e2

SHA256
96a8b5bcb66e3d95bf242f46d2d865518f4683e28c7fd7df1d2fe459f4067040

SHA512
270a607062a9eb051712dcf4d63b0c6ddf0f48ae540d1f7e596a875da650c20517e9e48aa4ae145073ca83515c11000b38f3ea84b434449582c3487ab2c0b439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a2773cfa14c82922634ac985466482e4

SHA1
612536fe53094da870c43e8f4515b4700a712f02

SHA256
ccb57d5e908a5b2c0bcd7fb526bdfb3498b205a5a97379e18b74502324096b89

SHA512
94528eb937bd245b9318a5fa1a64935cadb555e40b0e7dec78c305c5277b145d1288c45a19c45d4b544875ed0b04a1c87f1562524c0b4d635b896ba42e973858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9886e5dcdd99de3acab8e210b22af3c0

SHA1
ac23711051fc9aef0cb60403aacef95b0e4566ae

SHA256
b00f74f6fa27ec40970f69f1514ec96fc83b0546233df878635d033615c5d005

SHA512
560e70b2dc4ae4bd8e3b0023b7a24acc92ea6891cbae603f5ddac5106ee311979b433f0866ee4866fba2ea3488789a9fadd9dd1c2453b2acf4e8d4d926dbdeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9e2bc24583cd7c539a54614db4d6f90b

SHA1
ba4863764fc96513402a53766e50219d66b9f3e0

SHA256
3610c65f88266eb87f05a5bc9a9b227f91f2a4b9a02f09ebdfb9d863ba63e86e

SHA512
fdace3d5abf742d2e84a75d31a622586055bb8cf1c0a2584a3a6d9f08d25013eef92babb5a07c9cdfd6e4561411b03b93bbb70b9b6344ab9ebbbe528aba07526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
79c9d97dca626537f81dd90c5c2f5d72

SHA1
36ca7c7622448176d38f19fcacc16f59a38a5926

SHA256
48e9f8ed69aa0cdb35947fe64cbd59958f99583399e8fe69c90f72c645efc03b

SHA512
7e383aab5cfd27e577f0310a1e2a1bc25a4833748f5356cd99f0cc967004998caa2a2b2220faca3efb7c380e3f34181f9efa1b38c92cdc2ec9fa9723b4e47f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58179a.TMP

Filesize
203B

MD5
72c8bdb89bae72a64fcfd586ede1d68b

SHA1
92d48593b92376224e88e0b06d8a363b71cc7234

SHA256
0e2c9f4cb2dd02f148782f41d3a8c2d7033cd8b2fdca04bbe3b6f1083c20f991

SHA512
3947b30abb693df30adb39408a4d0f4510377e26bf2ed3f655826be84149380ecaeade29098cad96a38afa0d9399f3de49fce27f53bb8663527a2803784e3c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f95acdc53ec698fac34791cc6c312c8

SHA1
a3388dc0dd666f57ee6bb8397a291661a9736417

SHA256
b7154cafbaf177b625dbb1ffb7d71c310f6be9cff8062230ddc6042ca03d85e7

SHA512
e21ea9e00a6158c5a957f5e7aba58fbebb0ab60cc94c550eacdd092e1242966d2d67480f56bf44a8977bf236eb5d531f869ba31ed20aef70dd244c4f26b21ff3

Download Submit