Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

1

https://cdn.discorda...

windows10-2004-x64

8

Analysis

  • max time kernel
    583s
  • max time network
    611s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/01/2024, 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1169014829235830866/1191759612567879721/HoaExternal.rar?ex=65a69ba1&is=659426a1&hm=ab9ab0c0bad33f7413557b4335d5987cce511cfa7179b678522af7f1cce71e3e&

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1169014829235830866/1191759612567879721/HoaExternal.rar?ex=65a69ba1&is=659426a1&hm=ab9ab0c0bad33f7413557b4335d5987cce511cfa7179b678522af7f1cce71e3e&
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffdc82e46f8,0x7ffdc82e4708,0x7ffdc82e4718
      2⤵
        PID:4372
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3036
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:2684
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:1796
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
            2⤵
              PID:2308
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
              2⤵
                PID:3320
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                2⤵
                  PID:736
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4196
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                  2⤵
                    PID:2416
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                    2⤵
                      PID:1916
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
                      2⤵
                        PID:3648
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5084 /prefetch:8
                        2⤵
                          PID:4412
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
                          2⤵
                            PID:756
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                            2⤵
                              PID:3284
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                              2⤵
                                PID:2960
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
                                2⤵
                                  PID:4904
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5220
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5539921604149623773,16600376549892455713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                  2⤵
                                    PID:1552
                                  • C:\Program Files\7-Zip\7zFM.exe
                                    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\HoaExternal.rar"
                                    2⤵
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:2556
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zOCF9455C9\installpy.bat" "
                                      3⤵
                                        PID:2368
                                        • C:\Windows\system32\curl.exe
                                          curl -o python-installer.exe https://www.python.org/ftp/python/3.9.7/python-3.9.7-amd64.exe
                                          4⤵
                                            PID:3216
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2532
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4528

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          eb20b5930f48aa090358398afb25b683

                                          SHA1

                                          4892c8b72aa16c5b3f1b72811bf32b89f2d13392

                                          SHA256

                                          2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

                                          SHA512

                                          d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          111B

                                          MD5

                                          285252a2f6327d41eab203dc2f402c67

                                          SHA1

                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                          SHA256

                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                          SHA512

                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          186B

                                          MD5

                                          094ab275342c45551894b7940ae9ad0d

                                          SHA1

                                          2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

                                          SHA256

                                          ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

                                          SHA512

                                          19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          62bcc70c4e517de90dd8dbd76220f612

                                          SHA1

                                          244bb2ddb867cd7365d84cd453586bb7d92ac6ac

                                          SHA256

                                          512200a934a6837e1cff779f7f35ae7b50c05637576bc5203186021ed3cbcea1

                                          SHA512

                                          37a3ae3d92586eff463098840c6e0d7e88bcbe08bf2dbefb5eb49fb8a43c15fdae6aa24c56fd74d262d4f91bd96faf733e4ff4fecd405a965891ef5b09193bf0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          9ea50f174a2eeef81c37cb48d71299cb

                                          SHA1

                                          3d6dde968c789d8fd741417d2dbf2fc334b337a4

                                          SHA256

                                          a8989c4ef69d212372e9f37dd63f91af9d22e19d05be6520c04ac047eb21b72f

                                          SHA512

                                          b28f2a7af2c8c0e086823f918ffb2dd25b9ba24222b01a7605444902c601e51ca033e73a3acdd5e22c72e0839cd67f75d7736877c4780018f1e3f1de035cd5a7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                          Filesize

                                          24KB

                                          MD5

                                          2bbbdb35220e81614659f8e50e6b8a44

                                          SHA1

                                          7729a18e075646fb77eb7319e30d346552a6c9de

                                          SHA256

                                          73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

                                          SHA512

                                          59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c862ce72-0a7c-407b-b11a-e816a4f46310.tmp
                                          Filesize

                                          5KB

                                          MD5

                                          ce438b077bb0d56acf81df995bc5fd51

                                          SHA1

                                          f5c976d35e93d0a0a20fc4b5e277312a3b2d0f5b

                                          SHA256

                                          f1ec2d7f3ea782214e8daa1499ee6ff484bffb0df8ed74b396a19e316be3831b

                                          SHA512

                                          691d0b5dfa063ca02f6fb701273e4d330643a2de9fb01bd6a13090b7ae51ca4fc7fa818efbf90af07d01b3c02f7b7ed9280c55c748490e45b0eb3964129f5f89

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          12KB

                                          MD5

                                          8cd86f2c79a4f580fbaa20f7ed4e6cf3

                                          SHA1

                                          6058ffa5b438f134d8e4d738e95705adf4df4a1c

                                          SHA256

                                          2a42200461d162df1533e5b646fe8d17b96c766d3144358ed4eb72713d8b5e37

                                          SHA512

                                          df9328449c1de915d9925aa8ea9041a1c12429690f4fa0c091995e35baa19b89801580118563b4c7a1b280c68b2583f2b18ff162041c71c71f0846f6f467c05a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          81ca9de59acc394be4a59dccad7e1487

                                          SHA1

                                          c44b21693979664471b9793853d3dea799a6648f

                                          SHA256

                                          937edbef9accae5f903e3247665c06ba8e826ac59916df54e40e675167ca33ba

                                          SHA512

                                          6f784986eb1507d1bfb18bbc0805a8973fb77acde5bc67092caabd5edcd463da1919b9f3cbaa2c7929799cc1afb50ade6e261b31ce06ebd3718dd2199fc34179

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          12KB

                                          MD5

                                          2285a94c6025cfec252f578d3bad020c

                                          SHA1

                                          00e33538a0158aeb56bb46a579edcd3973aa35b0

                                          SHA256

                                          ff5eae2714a0dd410c1349b881690ef0b1af1e5b0bbbe4b38ecb4104bf002a54

                                          SHA512

                                          0b68e9475ef8a0a42d792452c611bb54ecfeacdadce374b0f5ee2c8a0cc14d57738a5ec365634a96ca9d7a7cf5a1a1e715a5e9319bb05c61d310a49118da2eea

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zOCF9455C9\installpy.bat
                                          Filesize

                                          598B

                                          MD5

                                          f3cc941cdcdaaa4199007c9f3ba778df

                                          SHA1

                                          5c2308d940821b84927640a4da1c9c6c353a12c3

                                          SHA256

                                          8068c6d4a453730306714fb6b6e8d3b3d33ded7fd0cd24e249bc2a70a03c2947

                                          SHA512

                                          96bae023796bcb793974015c8c1a9e60819b91688215f07164e0eb5b54db3917f91b6fe7b7db4e4ca8e9e0d5a75c1cc562d863642866771cc9c3d5d94e2cd4af

                                          Download Submit

                                        • C:\Users\Admin\Downloads\HoaExternal.rar
                                          Filesize

                                          6KB

                                          MD5

                                          55e2602b395b323781ffe5b910ad7789

                                          SHA1

                                          d5d335710ed273575847a2e899bab50a3c220a1d

                                          SHA256

                                          e5947a88b30fa8dce8ef0e0c35a8696f8e10d2c95b3358f2433a245cc2471a99

                                          SHA512

                                          7650e6edf83b1f1e1a50051fdb35245aefa21d0a79d131ee148e6d986cf3ff61c0e0aebaf1bc01bade8fb520ec83911f817161dd64f50ba088db3892c4bee07d

                                          Download Submit