7d0668e4c7f8656452e895ba7f811f62004934af61dd2ad4e1daff1e0e409419

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30573a37497251d021fafb8a0beb01cc_JaffaCakes118.html
Size

62KB
MD5

30573a37497251d021fafb8a0beb01cc
SHA1

2a0c5176b86dd4190f5e24ab90f28a54f9d07290
SHA256

7d0668e4c7f8656452e895ba7f811f62004934af61dd2ad4e1daff1e0e409419
SHA512

f804d804f23f4a31fdf93fb02c47095b4cc599e238bae3f24198a01aea72b4a80a8abe712544915430e4ded8550196c74bfe02c73a158e9caaeb39b5d2943082
SSDEEP

1536:jYQBszVr+n3SElwJwTccJ7V/KRW1Olv0ZQ5C:I+3WwTzLmv0Zp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
1276	msedge.exe
1276	msedge.exe
2956	identity_helper.exe
2956	identity_helper.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1552	1276	msedge.exe	83
PID 1276 wrote to memory of 1552	1276	msedge.exe	83
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 4548	1276	msedge.exe	84
PID 1276 wrote to memory of 540	1276	msedge.exe	85
PID 1276 wrote to memory of 540	1276	msedge.exe	85
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86
PID 1276 wrote to memory of 4084	1276	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30573a37497251d021fafb8a0beb01cc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffed61946f8,0x7ffed6194708,0x7ffed6194718
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12437673660517009926,15818140490340990413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
761dd90b876a73b022997b65450eea87

SHA1
62623ef88e6a3bafbcecd3d49e3462f38ac9ec41

SHA256
a6aae8348d0e6ce702238a61e3c84dac59f0f93bf009fc7ef1b3cbd8e855bfb6

SHA512
4bae81e25ba99a6a2f346e04606f0206c6c21fcb7b67ec8f61ecfa7dd324c6439acceeb26d1a1f1d4ae3dfe18f501c107bba4fdc2da554a957ebf8dd816ac03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1004B

MD5
e8838de0e53a54a04552d365e83dd4af

SHA1
b212e3cfc59609909fc538178324509c232d8025

SHA256
c60b33e67bd4d8370cacc4f8343eae6667537ef08ac711169ccdf4b67fbd9fe9

SHA512
b770e83098ada283b5515af900da3ee156f85387173099f8300da6473551d0b3a69a98d34d2502524dbb76f83f43f931e2dc758886ebdfb415fd74fc0483f158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abaeede89af6d3d5fb8d69df4a114d2f

SHA1
ff5494d1cfbf24a468692a97a17823b9fb07d450

SHA256
134a643307ab063fb9307d977df55013ca5ea80a5bb36dbb28f13f2fd8b27c7c

SHA512
146c147812eb7be0c324a73ec5e159999c4e8dbe39bc2496437656c0a94c4fb319a62fd4a49a3a98fc84ecd074c1c98c8bdfae723710540c723c104ef60fb6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e0e8a3f3ed3fe63588d7ff47bbed808

SHA1
8e73c43bb8b2e5bd48a8df69a981de028140b508

SHA256
1afbf1af48afe6f5e39dd56d95eb5bc7859d63dce7fdab28db8f4dceca16f0c0

SHA512
04a257f5414a17787d5212c201bac9094bc934968f76468f26164db9132835c392a1fce86c3c9737090d83403b1507690ec7b84927123f83c2871d34f2f22ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24e9eba00bd6a07bf508b12de05bdb10

SHA1
49daed2d821ded9e8f7064ff30c5036b0dab43ec

SHA256
0d1fd5c5db39bacaffeceaa77f7e12484cacb5dc0183b5b1018a67b036424c2b

SHA512
8e348a24409f9e4cd50488b758c58d072bbc65cdf89c2d4c92c21a95230a4562606ef315bc402052cd25167ecc546a8ce9b2e07a7034e050eff0d890753fa00b

Download Submit