f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5

Analysis

max time kernel
206s
max time network
234s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
Size

2.7MB
MD5

1225acf9d74a4e4652eb0484d7d83420
SHA1

e4a9475e685b326c291dc712fa49190b78dd3bd4
SHA256

f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5
SHA512

d8bc4757b7114aefdce5f52ece22aa95d77f2e8e757076e2b200a3e4cecbb145f2e180d4010546183fd53dc10de3796da51a6d5be8aeee1ca5d5126130719903
SSDEEP

24576:HafIiy4NwdLpQc9wibXbWejl9keHLXThLQs4G42zcr/FDp4G9Z:6ffy4NwrQ+waXxl9n/htP4ZrVOGf

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CFE593EF-748A-11ED-919F-DAD30C974647} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CFE5BAFF-748A-11ED-919F-DAD30C974647} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "119255"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.west.cn\ = "265"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com\ = "119300"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.west.cn\ = "186"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com\ = "119089"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "119486"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\west.cn\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\west.cn\Total = "245"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\west.cn	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\west.cn\Total = "186"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "119089"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "119123"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "123"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "246"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.west.cn	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "137"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com\ = "60"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2861648431"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "119300"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.west.cn\ = "245"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.west.cn\ = "123"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "119069"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.west.cn\ = "193"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2861648431"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "186"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DOMStorage\aliyun.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "14"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "119275"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com\ = "14"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000727"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "119417"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\aliyun.com\Total = "60"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2971648308"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000727"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "119545"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wanwang.aliyun.com\ = "119123"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
220	iexplore.exe
116	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
220	iexplore.exe
220	iexplore.exe
116	iexplore.exe
116	iexplore.exe
3760	IEXPLORE.EXE
3760	IEXPLORE.EXE
3756	IEXPLORE.EXE
3756	IEXPLORE.EXE
3756	IEXPLORE.EXE
3756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 220	3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe	83
PID 3180 wrote to memory of 220	3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe	83
PID 3180 wrote to memory of 116	3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe	84
PID 3180 wrote to memory of 116	3180	f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe	84
PID 116 wrote to memory of 3756	116	iexplore.exe	85
PID 220 wrote to memory of 3760	220	iexplore.exe	86
PID 116 wrote to memory of 3756	116	iexplore.exe	85
PID 116 wrote to memory of 3756	116	iexplore.exe	85
PID 220 wrote to memory of 3760	220	iexplore.exe	86
PID 220 wrote to memory of 3760	220	iexplore.exe	86

C:\Users\Admin\AppData\Local\Temp\f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe
"C:\Users\Admin\AppData\Local\Temp\f939375fd2b44e64fed69e39edcbe9ce6d86eee7e217988564b54d6680a56af5.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.jipinla.com
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:220 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3760
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1234.la/an.htm?qqchang
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:116 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26FAECAB15AD715CB7849E2211F9473B

Filesize
1KB

MD5
4fdbf2a017275068edb32ae5fae40486

SHA1
18e582515bf745300816dc8d4ca8156684a086e7

SHA256
05672ea05a2043c0b41dc8b81828d9987c683f90d5f2387f1f66cf352b7da937

SHA512
29cf468c20e6be691f6924f04cefa0468e5809319845a3cc3f433d20b27a99fc4e22b05fd73d876304bf456c4d5d5730fe110292ee13c4e29e8248fe15f30fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67

Filesize
1KB

MD5
1519171ba0e9b6aabdd22495c93b43f8

SHA1
da916b57522c4c4cbac2aedc3354bc6c69a56270

SHA256
dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

SHA512
7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26FAECAB15AD715CB7849E2211F9473B

Filesize
230B

MD5
d30978bc7a2ebbdf400ce0be0eaecf39

SHA1
ea3ee7fc6951ba6ad2e615434cc44afbd2841125

SHA256
6a79d02fcd0bf222f6ecbca252e245a611f4875763418e3dee0799fbb77e52e9

SHA512
a2eea47568600b84ab67080a80d313d91218f774be89d43807cfdb91adec7b05e810195a748036d9e7c1d1e5682cb22287c3b95ece8f0bb9ab97d00e474d078a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67

Filesize
186B

MD5
1f8e6c26d69fd220ae3ab6b13372ba5c

SHA1
f80ea8735b75cf6c77ad8d23387441e341421ad5

SHA256
0d6499088b46a90a79e9ac23669e6624d7bd09b08c5c61f482b0c734daa88e9e

SHA512
61b2e405ba840422d821ef487f05742d5c422d83fef7af4fa16bd175e6f1bf416ef480e2493e5ac07d3280886eb598791b78bfe1802e5a41a4802c43ff49f367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CFE593EF-748A-11ED-919F-DAD30C974647}.dat

Filesize
5KB

MD5
13124da690049eac7da7b73ac93a1a8b

SHA1
f810e77d5eaef4984351062bed79ba59dbd2cff8

SHA256
b1c7131c91f9715fa54c6418a70afd3bf2f45a378674de8f7d965bd556336dee

SHA512
bdbdb11954a073452f9de09a7389fa1188fc03065dd889cd11936a2e59fbb9423d9c105ccabf1624d841f35deb496b0e91c5d1181855cafdae201873ce14e0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CFE5BAFF-748A-11ED-919F-DAD30C974647}.dat

Filesize
5KB

MD5
e02ba6d79aeb8ca0913afb2f9ce33e7e

SHA1
0bb31621167ce3476ae79390668cbe52607201c3

SHA256
ee90094c7c3194e06d319843dbec69393ea8d18e70cb564a39b037cd2416d25d

SHA512
29ca913afa428e126bb338cc1eae81aa17b65ac8da7ead8ad2903ba6fcc1ca998a5a6f801cf07b6e1673419492d047f2164ce68e7479f5d0ab48b633d2c26d13

Download Submit