a6c4270e8c1da7d94a6c91834e4ff01d40564f04838b42601429f6be4315d90c

Analysis

max time kernel
150s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AimStar 4.2.2/AimStar-16ea93eaf2b2b3326147b9b0fdbee8cfb65be9b6.exe
Size

2.0MB
MD5

e8481322b3a0c5bf49c656b050678473
SHA1

e96d581fd26c4155f6b6ca6060db3173388e84b9
SHA256

17ece671248ce2d728eafdaaf2566cd40ea329d9e8988918159b4dbbd726fd2b
SHA512

8f066e45b48c8f6a33bfa50f935e015a4ee015d1b8885de9e2000642bc8dfa6923f3b0c4c47b449dff9d3259fc0bb3a786c91a7ff5926f3e93045bd0186f670f
SSDEEP

24576:AstDacvopRFWVl5NKzRbV4J7Z3YQdWQhsl+x/0f8W4aSdOlOZ+ISizD1Dfca1:ACMWOmnWQhsg0k5nEs+IC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
3768	msedge.exe
3768	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe
2692	msedge.exe
2692	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 3768	3528	AimStar-16ea93eaf2b2b3326147b9b0fdbee8cfb65be9b6.exe	85
PID 3528 wrote to memory of 3768	3528	AimStar-16ea93eaf2b2b3326147b9b0fdbee8cfb65be9b6.exe	85
PID 3768 wrote to memory of 1936	3768	msedge.exe	86
PID 3768 wrote to memory of 1936	3768	msedge.exe	86
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 1928	3768	msedge.exe	88
PID 3768 wrote to memory of 4856	3768	msedge.exe	87
PID 3768 wrote to memory of 4856	3768	msedge.exe	87
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89
PID 3768 wrote to memory of 4688	3768	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\AimStar 4.2.2\AimStar-16ea93eaf2b2b3326147b9b0fdbee8cfb65be9b6.exe
"C:\Users\Admin\AppData\Local\Temp\AimStar 4.2.2\AimStar-16ea93eaf2b2b3326147b9b0fdbee8cfb65be9b6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aimstar.tkm.icu/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef21b3cb8,0x7ffef21b3cc8,0x7ffef21b3cd8
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
    3⤵
    PID:4688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
    3⤵
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:2904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,7594250825756701532,1472001156166903750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
68b4ce1da63c98460c18cee4e7af6a6b

SHA1
6902bf457bc36aceb65cb0c69e47c56eb1ec7a80

SHA256
e7c2a4fba52b769b6f0ea652618605f15c2509b3a0293974684864f44a595ac7

SHA512
1b8c37a45ce0484ab3d9c654266cfd55b8a1ac4172c739ad600fc08eb34bf43b56bf3846a2346c2cc5dcd5bad1448723db90cea9ae99ea4a24b670cfb8c1e302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
d47be271323c1c6ff19aea22570d800c

SHA1
e5b382a1eb5f4e6b1e50bb0d48bd1d1c4a2ce5fa

SHA256
cfca4418a8bf2018a03509db0bbeaddaa3b271bdf6ea5ede78c3180f2582f447

SHA512
fd81b1402d88114747369a9eea1a834e7a4f7efceb822115b3b5c7a027f3b4481b10f87e7fdb7e121be5649f3f2637292eaebd46ce2aa899055a3c020b6e6798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abf2cacbe21901dc7b2c40b3b8ecb575

SHA1
90537cf0515596d79b58162b21253f5759afcf4b

SHA256
0ca5da8cedc60f8f9e1db50379a7f86d67e5f6c89f064c042d50c029c6e8a72e

SHA512
38a2798d582e4c8f513a0f315223aee9fd85e666f92a68b5d1159bc33aeab0817efacc003a9c657c11b63d5d8520c911c9d7015c5dc446bcc07f9f27f216f4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5e48813-500f-4ae1-8837-99bafc0bd6e9.tmp

Filesize
5KB

MD5
7c4aa7e23612e8bc894f5059e6f1ebf1

SHA1
539694c45d1b8277a1f0844deb972e9f947a310b

SHA256
2c48c45503ee65f9090f2647fb04a4d6821ca34b908cad0e13c2a7f9955bfff4

SHA512
e3dac26292969e0a02ab4aaeebb3e22b553bcba1cec0cac746677bcf9e81549f5b701f5fb12519c55ec135c7f7c57c7159b27b4e02205727ea25f8b1d2138ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b42e51defdcdcfe9de037fd2aa9f5c03

SHA1
5ed0cfcac959a7710f97d2780f593704bd5bf941

SHA256
7c79b99fddca4e0f1cf8207ab100a073305b3be0fcfcd21fd3132aaa44ec325d

SHA512
dc66095723cd7ced5099e0d3ffe45212ee3f8ad72c2d759e9e41eda4e79508df644f46ba6fbb2bf08ef7ccc1020c0d5e0b6dd3556fd3c969121a4f26c69e88c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28d680dfb2e98619872af8a7a7f540dc

SHA1
6003fa66642602bf313f4e95a8141772255ff7d7

SHA256
c1f2c7c5637eb9324fea292d689340f086b5364528e0e959d26a4f3c8276361f

SHA512
c3a038790d37a8b50364c20c4ff1c3932ac6ea34e3ec87947b89295b5c3ec7b741afb8a5595a0d0d88c1bd783ce587844002eb9d6accbc66c784568fca288254

Download Submit