28e6912baff385ee064c25c97bd430ed63fe8bc5e819d940282a9356f86951af

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1b8d61434cab752fbef35d2fce31f1e.html
Size

38KB
MD5

a1b8d61434cab752fbef35d2fce31f1e
SHA1

48d8ef29d1665cac421a9c4924ccabbc13a768b1
SHA256

28e6912baff385ee064c25c97bd430ed63fe8bc5e819d940282a9356f86951af
SHA512

8054ae3de13849e80581b7bbc82fb8dfd714f78967596898e80df3f34e0e550b6a7fd46d7d38513729ee92c3ece0941d9738f949fdc2befe9a2cf256f0c2544a
SSDEEP

768:Xu5u2mVgIBSEhweeeXOL2uzowD0ZZmVgIBSEt5BeqzYeR3e/MeEeHen1/Ra:XuD2gIBp+eeeW2uzowD0ZZ2gIBpt5BeD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
740	msedge.exe
740	msedge.exe
4472	identity_helper.exe
4472	identity_helper.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2380	740	msedge.exe	52
PID 740 wrote to memory of 2380	740	msedge.exe	52
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 948	740	msedge.exe	92
PID 740 wrote to memory of 3672	740	msedge.exe	91
PID 740 wrote to memory of 3672	740	msedge.exe	91
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93
PID 740 wrote to memory of 1708	740	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b8d61434cab752fbef35d2fce31f1e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa252946f8,0x7ffa25294708,0x7ffa25294718
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16320703075929594285,576352387333863757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c8e17d0190648c505f26e95b46958e5c

SHA1
455112e279d26ab4347b9b26f78bd504bf1be9be

SHA256
f919c5cdee719e8b9bc59e2a88166422a637a7e44957de9bce443b67456b1cbd

SHA512
b4ab99f1d96dc4e28e638e55f582c33562754f2a7f62490d273b156ef07a5e982a999742b3287c7b8b3a9cc97d5b942bef6fd6034ed72fb98588ca4accd8ff05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17f922cae9222d52516a76418ef05e75

SHA1
7a0fa3114518ae1f1400f883bd79165e85722b26

SHA256
2987eb871f82407e1a7ba64f72bf44aebb7d01dbbbc3a3d0f2fdb8625a99463e

SHA512
6b8a2a668e64fb911e5b6fb905dd17a3768cde6dd2b77d8d06880af94c48d14e4c6e0f1cc4345dba84b5017b53e344602f2a0e5874da421eb1eeb7234ea395c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38188285130f5d005a60a48c2537b843

SHA1
8e83998e82c3cd1819a6865dd08d1b786e34616a

SHA256
4b674f055374f1a3d272077c32873b8a7ab0707d05850e266d023f0eaba8e042

SHA512
8f395df0830e4fb361f66b4a09327e83859df3801fd4efa88829e838f62f371cea3c8999bc4eccf8c814956d0d838574d342c6828d2919583a6849a49d1a2f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61579fe10019dadd7544992673726075

SHA1
77dde59237c7ab562e4966092c5ef51c6d7bc931

SHA256
be6cb8ed6ab1c834c1624c396e8c0542e42fad2b4c11a2833fdfa060716b5f73

SHA512
d0e39f23cc81d7bf9f1d21fb6ea1ecc3308c549152cabab87eb8c6df50cdba8332d360560ecc5435637a6909939de878f04918144bdf68a7031056f08cc938e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39efd7c71ec03885ef8934d8ce68808b

SHA1
d138fdf7ac64cead873a383b8bdf83c3f9e71ea4

SHA256
2ed7824407c7477301ad3722fc85dc977ead7f024e82075aef732e07549a1e5b

SHA512
e3c696633a0ecad2e3d5efef8d4fd9d24429658532532055e0b8e6aa59acd8187b4c6a18b18176d6a6e460813b201d0d508a6c5697f17775e867791bd624cec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f11d4d4e59184baf11dfd48f0fa7da0

SHA1
1f5987d157b2a5d989456432287c7b429658ceb5

SHA256
903204d06ecac98f30db09fb0ea6eb3b511ffb400f9393f894d0bc9c69305a8d

SHA512
e434f7ff8a5c212cf0b03e80c4803efff629469f849d400932a4fc7d238e0d84ac626368f8ae3fc4b96c76571ccae7f7228ebac02332bf21ac4c1970bf602c86

Download Submit