hxxps://stats[.]sender[.]net/link_click/NWFo3KgrcK_F7ljG/352fa17763aaab7f68e8b873b5f1e3ca

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stats.sender.net/link_click/NWFo3KgrcK_F7ljG/352fa17763aaab7f68e8b873b5f1e3ca

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
2180	msedge.exe
2180	msedge.exe
4276	identity_helper.exe
4276	identity_helper.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1460	2180	msedge.exe	63
PID 2180 wrote to memory of 1460	2180	msedge.exe	63
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4064	2180	msedge.exe	85
PID 2180 wrote to memory of 4540	2180	msedge.exe	86
PID 2180 wrote to memory of 4540	2180	msedge.exe	86
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87
PID 2180 wrote to memory of 4492	2180	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stats.sender.net/link_click/NWFo3KgrcK_F7ljG/352fa17763aaab7f68e8b873b5f1e3ca
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcae1746f8,0x7ffcae174708,0x7ffcae174718
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5039146826113726151,15626404546191932986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
9ca1c221bfc91c1e98a0a7b47602e1ce

SHA1
ccaf2cbdc92a0aeb07dbd4fe6a015fd2020ac333

SHA256
970c5ded6774c2e0c460fc79a21b45d08295d86796c93f4905f9d35da07bbeaa

SHA512
122f815b7159d65a89487e1c0af466117248d749b849024978556f61668b4b845ae6f141ae96eb396f49d62c42312c17c6b7d9affb0ea0406206b05a2078dad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d4419a664fa4c5709e3d3c664a8608c

SHA1
c27399c36d94db370a00d06cdb28e96fd4484bb9

SHA256
43fc00a742f770e91b019188b49c1cba462efaba1065bf0c7202c0b3eca0874c

SHA512
2970af1ae7cdafb938a98eb58b889a1c3bfabdb41f60966b63f958ff4492aa616e3ee8da37a052da8a88c109fcfaa8264606a57e29e2e1467d40ff714ac4b82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1052fb112937013475261585ec3f78c6

SHA1
f6442b9290aa82fd5752a72d1df39b007c008516

SHA256
8c8ec1bc121a38710557a36cd0e192a891d2ba1976e4c28125ef3ff93e2df789

SHA512
a1c66d0b3975f1ab6a417ba8ef142c37d490e53d3ca2438cd037dd2172ceb3ca7db7d64a1e36c7cc515e1014cfafcdf8ebdd0e18b55190a3438a20b11fa2fda9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cbc221840ce08945e466b611abfd2df

SHA1
095f795da16de87115198954a60a68a0793feae7

SHA256
976cd0c068366eed26ce55bff4bfb5eaba23f3ccbf8b6391362749b65a5de4d0

SHA512
e20e0368d2b0376805205e83d75902aa09b1e86c7e6b3bf38b73c5dcb5a62edcfdcbf5414dc046192e65cc8b235747d4ec9c517e27e7e6be9438e7828c8f6906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
50a49fd83ea090b777a8cc5628620889

SHA1
c6c99a74a0e04355ac287ee03d481ddae949f97d

SHA256
56102220f1546045abed74076ca7e417f123abb9e8fe4706dce152bc58099941

SHA512
f95b6bc616a020a4569c839f384364013b02a67a764947d396bca4ddf18963d3bf2b06cf4fbefc5556ce2d3894e96b84e6d07f0a0f8045787e4ab80a14a76255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c10b97fa340faf76d9d7305150ce7530

SHA1
a93500aefee19f64a096a423d0da619cbec4f3c0

SHA256
a8dbaffe9d18d4ff514ebcf663e105c7cc642abc9ca2177584baba9aca4e7b9f

SHA512
9ed006d07d58f98f2bcc7c5cfd55621b0f2bc3df8b2a836b4241f1c6c1c837018e7d26985d34d9f7bae4d48b3f0e3eb621661ea2628623bca081ebb84ec7443a

Download Submit