4b6cc676769de04acf4936a5a395349cb779616c0621c5921bf07c3e405b51ee

max time kernel
156s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast_secure_browser_setup.exe
Size

5.8MB
MD5

3ad1c03d333da86a47884f01b8ae7664
SHA1

9feb944a823a0374f6db7bfd5abf78b494e49782
SHA256

4b6cc676769de04acf4936a5a395349cb779616c0621c5921bf07c3e405b51ee
SHA512

121c6bd0150ecde57e379a62a19583c1412cd6f411ef46533a3d3241c59613905e56ae58943bc685ba7f892bbf37018ec34d3e6f6fdb36efd39220b2db60cb1f
SSDEEP

98304:R8PxEloFJNcSmf0UH/Z10hTSYPHnyJLhNr1/K9O6oTCA+iGGps74a4:RSvFJyBsucZ74hNxKDiG/4a

Score

7^/10

bootkit persistence spyware stealer

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	aj75D5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	aj75D5.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	aj75D5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	avast_secure_browser_setup.exe

Executes dropped EXE 1 IoCs

pid	Process
4112	aj75D5.exe

Loads dropped DLL 14 IoCs

pid	Process
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
4112	aj75D5.exe
4112	aj75D5.exe
4112	aj75D5.exe
4112	aj75D5.exe
4112	aj75D5.exe
4112	aj75D5.exe
4112	aj75D5.exe
4112	aj75D5.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	aj75D5.exe
Key opened	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\AVAST Software\Avast	aj75D5.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	avast_secure_browser_setup.exe
Key opened	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\AVAST Software\Avast	avast_secure_browser_setup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	aj75D5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	aj75D5.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	aj75D5.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe
3640	avast_secure_browser_setup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3640	avast_secure_browser_setup.exe
4112	aj75D5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 4112	3640	avast_secure_browser_setup.exe	102
PID 3640 wrote to memory of 4112	3640	avast_secure_browser_setup.exe	102
PID 3640 wrote to memory of 4112	3640	avast_secure_browser_setup.exe	102

C:\Users\Admin\AppData\Local\Temp\avast_secure_browser_setup.exe
"C:\Users\Admin\AppData\Local\Temp\avast_secure_browser_setup.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Users\Admin\AppData\Local\Temp\aj75D5.exe
  "C:\Users\Admin\AppData\Local\Temp\aj75D5.exe" /relaunch=8 /was_elevated=1 /tagdata
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Suspicious use of SetWindowsHookEx
  PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aj75D5.exe

Filesize
5.8MB

MD5
1deb81b483e500b96aabc4c8761e642e

SHA1
389a03ce92bd5869f24caccae43855331b4a9800

SHA256
7a48d929d17de49160db68b3be58aba7d354f73f7292125adbb024bcd65d82c5

SHA512
703eb1e3cad9349e1772d552b30e69ce07b3fb80b78311c0f698a79ca7cfb04d424bda1b722f4d8c586d9862ed56e1c2b99cd2d7df64509d3d66d1862e9ed936

Download Submit
C:\Users\Admin\AppData\Local\Temp\aj75D5.exe

Filesize
5.8MB

MD5
1deb81b483e500b96aabc4c8761e642e

SHA1
389a03ce92bd5869f24caccae43855331b4a9800

SHA256
7a48d929d17de49160db68b3be58aba7d354f73f7292125adbb024bcd65d82c5

SHA512
703eb1e3cad9349e1772d552b30e69ce07b3fb80b78311c0f698a79ca7cfb04d424bda1b722f4d8c586d9862ed56e1c2b99cd2d7df64509d3d66d1862e9ed936

Download Submit
C:\Users\Admin\AppData\Local\Temp\avast-securebrowser-main-tags

Filesize
44B

MD5
2ec65a257499e518b624e07fa5a6bec7

SHA1
6fda961264c69d30c1db21e72d07c4cc7c73ffb5

SHA256
fac1758f6f77b68e6590cb530c84091c308b96475118bf9c0f9d9aead73f7d7d

SHA512
b56cd3ba7c5a16fa736c2b746854024fd18b83ef64be3b9aa2a1c1b370e33837d44d9373522ea8f465a6e46c522ae589cd936d74151abda577749e982841a734

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\CR.History.tmp

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\CR.History.tmp

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
04091b9dc274a8aeceaa250d9d5aed4e

SHA1
39a8988a05b866ec3505be1650e521d2b3e71c1b

SHA256
dd54abccddbfdf9ad318f2434ea61fe16c446b0e0eb1b86f6f06124c6e3708eb

SHA512
7b2fc948b84d71f39b124690eb9fc4110d49b9750874171be634f39b747613e3380d4ff3968dae26eac127b66838f09781f8716549cc74046a36f9c8c5e8008b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
04091b9dc274a8aeceaa250d9d5aed4e

SHA1
39a8988a05b866ec3505be1650e521d2b3e71c1b

SHA256
dd54abccddbfdf9ad318f2434ea61fe16c446b0e0eb1b86f6f06124c6e3708eb

SHA512
7b2fc948b84d71f39b124690eb9fc4110d49b9750874171be634f39b747613e3380d4ff3968dae26eac127b66838f09781f8716549cc74046a36f9c8c5e8008b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\Midex.dll

Filesize
126KB

MD5
26ae155bc699bb8d535006d9889366ec

SHA1
47990e176505ba8fe8c9aa43018c71ce84702ed8

SHA256
7fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9

SHA512
03a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\Midex.dll

Filesize
126KB

MD5
26ae155bc699bb8d535006d9889366ec

SHA1
47990e176505ba8fe8c9aa43018c71ce84702ed8

SHA256
7fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9

SHA512
03a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\Midex.dll

Filesize
126KB

MD5
26ae155bc699bb8d535006d9889366ec

SHA1
47990e176505ba8fe8c9aa43018c71ce84702ed8

SHA256
7fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9

SHA512
03a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\StdUtils.dll

Filesize
195KB

MD5
f6e528af6e8b1e819c5c9f8138d38098

SHA1
f4e3e035648be7711aade5d1ae594d1069efd816

SHA256
e0922e33fdbc433e36fa069791b6ced6e8d3177544b1331bd0e181ad600c628e

SHA512
389bed7716d725f598a85f5e8a3806a351c40992dd5ed9bc1c4e4450b150d0d74f28df61d7cb0cbf6ebf681f49a454f9b04aec86a88fac9b7a33e6cdf964bb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\StdUtils.dll

Filesize
195KB

MD5
f6e528af6e8b1e819c5c9f8138d38098

SHA1
f4e3e035648be7711aade5d1ae594d1069efd816

SHA256
e0922e33fdbc433e36fa069791b6ced6e8d3177544b1331bd0e181ad600c628e

SHA512
389bed7716d725f598a85f5e8a3806a351c40992dd5ed9bc1c4e4450b150d0d74f28df61d7cb0cbf6ebf681f49a454f9b04aec86a88fac9b7a33e6cdf964bb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\jsis.dll

Filesize
127KB

MD5
6b740d7060e09cfee3523704436ba00f

SHA1
f369460d22992b8a468f08fc19f208de52e2cb18

SHA256
65c041a218bf05cfe824ebc155b4bf5749b3a2eca84be5e8f092927f09152b1b

SHA512
2c0cf9c8470d70a381c8ee0c09c81a6a643123c8bd96a5b32eaabf368d347cbd2eb771488a7ea150bd817b8fd2cc5b8ac84dd81830e5e6e31b9f01bc4ae50486

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\jsis.dll

Filesize
127KB

MD5
6b740d7060e09cfee3523704436ba00f

SHA1
f369460d22992b8a468f08fc19f208de52e2cb18

SHA256
65c041a218bf05cfe824ebc155b4bf5749b3a2eca84be5e8f092927f09152b1b

SHA512
2c0cf9c8470d70a381c8ee0c09c81a6a643123c8bd96a5b32eaabf368d347cbd2eb771488a7ea150bd817b8fd2cc5b8ac84dd81830e5e6e31b9f01bc4ae50486

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\nsJSON.dll

Filesize
36KB

MD5
0acda819bacbed7d368f036847960ae3

SHA1
8a4367182e41076e28870ef60efa8630ecdf846c

SHA256
2508170aa8ed183c2dba984cb22c0d622359963b4ee0099c734875b862b17800

SHA512
d501737aa62fae54552f382ab87e749ef9f3bc1349fd0945fa3eca9ebbcd6c690961a5f764aafe994f396bc303fa44d9670969b84810fa5fcadd1a20a469d321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\nsJSON.dll

Filesize
36KB

MD5
0acda819bacbed7d368f036847960ae3

SHA1
8a4367182e41076e28870ef60efa8630ecdf846c

SHA256
2508170aa8ed183c2dba984cb22c0d622359963b4ee0099c734875b862b17800

SHA512
d501737aa62fae54552f382ab87e749ef9f3bc1349fd0945fa3eca9ebbcd6c690961a5f764aafe994f396bc303fa44d9670969b84810fa5fcadd1a20a469d321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\thirdparty.dll

Filesize
93KB

MD5
3f2dd5b3899d0abf2ed4e7749d85900a

SHA1
682f8f786422a25ab5f525fb1d30928ab3f094c7

SHA256
6d81bd6f69d6005d0ebeea74ff185842dfd1df5ec1c84304370b88bde38da497

SHA512
3474a8e6d9550dff4b75af772248b2f48a95820554d10f27ac9dbc9178c659d8f7fde4ecfec26f648d5a93bdac3ec838b8ff581fb65f36d5b9e2475b16f659c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7B52.tmp\thirdparty.dll

Filesize
93KB

MD5
3f2dd5b3899d0abf2ed4e7749d85900a

SHA1
682f8f786422a25ab5f525fb1d30928ab3f094c7

SHA256
6d81bd6f69d6005d0ebeea74ff185842dfd1df5ec1c84304370b88bde38da497

SHA512
3474a8e6d9550dff4b75af772248b2f48a95820554d10f27ac9dbc9178c659d8f7fde4ecfec26f648d5a93bdac3ec838b8ff581fb65f36d5b9e2475b16f659c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7CED.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
04091b9dc274a8aeceaa250d9d5aed4e

SHA1
39a8988a05b866ec3505be1650e521d2b3e71c1b

SHA256
dd54abccddbfdf9ad318f2434ea61fe16c446b0e0eb1b86f6f06124c6e3708eb

SHA512
7b2fc948b84d71f39b124690eb9fc4110d49b9750874171be634f39b747613e3380d4ff3968dae26eac127b66838f09781f8716549cc74046a36f9c8c5e8008b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7CED.tmp\StdUtils.dll

Filesize
195KB

MD5
f6e528af6e8b1e819c5c9f8138d38098

SHA1
f4e3e035648be7711aade5d1ae594d1069efd816

SHA256
e0922e33fdbc433e36fa069791b6ced6e8d3177544b1331bd0e181ad600c628e

SHA512
389bed7716d725f598a85f5e8a3806a351c40992dd5ed9bc1c4e4450b150d0d74f28df61d7cb0cbf6ebf681f49a454f9b04aec86a88fac9b7a33e6cdf964bb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7CED.tmp\jsis.dll

Filesize
127KB

MD5
6b740d7060e09cfee3523704436ba00f

SHA1
f369460d22992b8a468f08fc19f208de52e2cb18

SHA256
65c041a218bf05cfe824ebc155b4bf5749b3a2eca84be5e8f092927f09152b1b

SHA512
2c0cf9c8470d70a381c8ee0c09c81a6a643123c8bd96a5b32eaabf368d347cbd2eb771488a7ea150bd817b8fd2cc5b8ac84dd81830e5e6e31b9f01bc4ae50486

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7CED.tmp\nsJSON.dll

Filesize
36KB

MD5
0acda819bacbed7d368f036847960ae3

SHA1
8a4367182e41076e28870ef60efa8630ecdf846c

SHA256
2508170aa8ed183c2dba984cb22c0d622359963b4ee0099c734875b862b17800

SHA512
d501737aa62fae54552f382ab87e749ef9f3bc1349fd0945fa3eca9ebbcd6c690961a5f764aafe994f396bc303fa44d9670969b84810fa5fcadd1a20a469d321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7CED.tmp\thirdparty.dll

Filesize
93KB

MD5
3f2dd5b3899d0abf2ed4e7749d85900a

SHA1
682f8f786422a25ab5f525fb1d30928ab3f094c7

SHA256
6d81bd6f69d6005d0ebeea74ff185842dfd1df5ec1c84304370b88bde38da497

SHA512
3474a8e6d9550dff4b75af772248b2f48a95820554d10f27ac9dbc9178c659d8f7fde4ecfec26f648d5a93bdac3ec838b8ff581fb65f36d5b9e2475b16f659c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2E39EBF7-B6DC-4F04-B603-9ED227824C0B}\scrt.dll

Filesize
5.7MB

MD5
f36f05628b515262db197b15c7065b40

SHA1
74a8005379f26dd0de952acab4e3fc5459cde243

SHA256
67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31

SHA512
280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C1C376E5-988C-451D-9A4B-89920B671929}\scrt.dll

Filesize
5.7MB

MD5
f36f05628b515262db197b15c7065b40

SHA1
74a8005379f26dd0de952acab4e3fc5459cde243

SHA256
67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31

SHA512
280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

Download Submit