8c0d782e8055542a81fabdd675b5a03cca387d746fb5193cfd2dc631f8596d8f

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_684313bfe36be7c5b250bb530a8d1e07.html
Size

113KB
MD5

684313bfe36be7c5b250bb530a8d1e07
SHA1

d659fc25f2d34eaff3e062a68274910716c87803
SHA256

8c0d782e8055542a81fabdd675b5a03cca387d746fb5193cfd2dc631f8596d8f
SHA512

cf0a873767780cceb048a928c889d29ef19dcbaca3c1640710d6dc1439933bb4521b2d7d41ddfacbb712a5b5e97a7cc6f104ed0fa88c10815114a0d7e43fb852
SSDEEP

1536:1EFwEz5TFEnBQ7/7NNYBWMYREDdj79pq1RT8wI9jxFn5B2S:C/pF37/7NSWMYREbs1949jfn5BV

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
15	sites.google.com
16	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1180	msedge.exe
1180	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1132	1180	msedge.exe	83
PID 1180 wrote to memory of 1132	1180	msedge.exe	83
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1908	1180	msedge.exe	84
PID 1180 wrote to memory of 1664	1180	msedge.exe	85
PID 1180 wrote to memory of 1664	1180	msedge.exe	85
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86
PID 1180 wrote to memory of 2036	1180	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_684313bfe36be7c5b250bb530a8d1e07.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10012802228238692990,12882559371982721238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
10a07dc306cf9e8decf89a2a6f361b04

SHA1
8656a1d4160e16c55215d12b7605a4163dbe0895

SHA256
c3e0b0ee0c05a5cc2a73d5042b5615f1333243f38e62722ac960cca0ebc9d207

SHA512
066dfa823a5660fc98d44a52bb36f14290384607482edf8c02ea8b9e509e548f9ae1c6ca6142b99ae6f70c916511776942eb7a1f12076bb4d1a22238c5ceb08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
412454a8fe4bbfdef8d2a949aa351423

SHA1
dd9ca72c7da13fb81bc9422b1819e2656e45db7f

SHA256
6afb8e57a8fd90a8e7b04f67eb9adf88fe8a7f58088e6891704c54387c2d4728

SHA512
b2d7a466ff7c4e212e9c2ed9290b1a4ede39e34a5323d2bcc06fec19d1fa6bd736a08ed13da2034f2f17efcef7bf939ca738a7499f788bebfa117d816636fd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fd3dc5743a8ea4c2dc4cb20e2f357f3e

SHA1
6ac08665e0874806b3dc4a1b8e3508fdf1cb905d

SHA256
cb485411becb2d41f5dfca3df335f2fffbe5a5d6bb056d4dae51b37976beb205

SHA512
4fb8ba999b32de79d83f39bdc9e947ebd7cdf12f6224034bd28aaaa484ea2cf498606669d98721e0b451928af016d7857c259d7c662d1388962c3bd7811634c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5004cc2c1bca7dd5d88269065f2542b7

SHA1
b4a7bf11e57d814db6db1a4ceb9e1ddc1540137e

SHA256
ac75f1e93f7597eca42a83134e5df310af122724bca9510127c9b246ce6197ec

SHA512
ac41b7ff041375ac06770d8993a86110902be5b707cedad24fd8aafb6ee439177d17e4952997db7bddfed5d7da5f00cf4e204f30715e7db4e28aa9c18fd1bf3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43ba60511d1d1ac93dd61650665af618

SHA1
7fd3e051806471233ea79e8e6105d60852bdb88f

SHA256
9084be6ad160cfe834537584b5eaa21da6f0c68664edcb001c61e4c7615feb53

SHA512
c83031969f224c3828d368b168033e304562861e99e83a318d4fa8cf588b549660d140f3f12d1d6861c29631115910abb66a605b7885763bf0fe12676799f5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7357e0867f17e2f1ffa2097270e8663e

SHA1
9cc3718111856ddeb8c181b1d50a9172dd02cb3c

SHA256
92f849b44bb3a677ff885ee757e28b6727993852be68f05eead3a8c14235f466

SHA512
f81310756886849dc9011c64f749443baeae057be95e941e7332d96c532e1e42fd7e6a883faf51aaff2a400ad82256f7db36c0144d72ea174f15366fb58ea511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582fd5.TMP

Filesize
705B

MD5
806d4228ef9f4b971ee64360d87fee1c

SHA1
dd5c989e43440f4d0ea04d1dcb6e648e6db49c54

SHA256
892342bcecd70f7557e3af9c5f2417733cdd5b7f292bf752727c99840d45508d

SHA512
7a3207f5bc6065378a8ee80c15a9700a8f8e9b90df39ed6dd474a555359992f43d20c506cc6e8fca6fb17bd0778ccc44c68d4b187aa29a655c0a091ae4a10061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f70c60f36cb4075534bc5d7c0ba1ed05

SHA1
be50f6ad2bb426076fbea4eea1c328fcd62f2e72

SHA256
976f8c36db710c11a812d6326ef02242da92e5dd0d9ab3dc72951b8e5682eb18

SHA512
2e335ddc339259f887fbed3e13713bdfbc87bf3750b8234eb3a1d4d959675a719c3da62bc57f1e32992fb60c3ea2ea37d1af0bbd8af4b81240a2a3ecc6c7a4b9

Download Submit