9ce1a9bddc7a4c130d887e11198b8bf2df15e2493d37430cd1f0ce7278aa61a3

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 04:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2e38efe4852aad6d2bde525671fc5d0.html
Size

96KB
MD5

a2e38efe4852aad6d2bde525671fc5d0
SHA1

50acceae12d6ac965b5a8069f317a54d009609cb
SHA256

9ce1a9bddc7a4c130d887e11198b8bf2df15e2493d37430cd1f0ce7278aa61a3
SHA512

04cbf36fa0f0e273ac6e03f7d6e28c13f3194cb232c2a0e74e402ad38fe6c6092a640a2b160ad626654a985289c89edf151dc436fb5054f68baa1114aaac5601
SSDEEP

3072:SvmydVQMXKidpQtrVE5s9Rkj/JO+OIxc+/IFXhVwFa:SwE5s9Rk0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
4444	msedge.exe
4444	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 5072	4444	msedge.exe	84
PID 4444 wrote to memory of 5072	4444	msedge.exe	84
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 1380	4444	msedge.exe	86
PID 4444 wrote to memory of 2024	4444	msedge.exe	87
PID 4444 wrote to memory of 2024	4444	msedge.exe	87
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88
PID 4444 wrote to memory of 3076	4444	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2e38efe4852aad6d2bde525671fc5d0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf5e446f8,0x7ffbf5e44708,0x7ffbf5e44718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14759852712926043535,11236712217714309287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
711B

MD5
279bcccd2e61f4ce0358080699606185

SHA1
6307bcc28f96f9fbc2c1a56ea2e3fb6c04ce964e

SHA256
f81c724175a49fa8b79d7578dc11c0eaae16b18d0216a2b2cae642b2d360ca13

SHA512
aa2cec4eabfc566f294805a416f9f2b2e4761282a722056296087d9f7aade79c220e72da457f77a1d492c8835a786fb213231c9e1c161bdb5ae8250e8f8e78ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
742B

MD5
518c716572dc74a83e130b0b2dd189df

SHA1
99595b081d607a1e4969e74b35d032c170d76380

SHA256
f1f7f328a7d466077971a66316ca862111b79d5d21ef59c6c9fcac2dd8adf766

SHA512
7f936b898b8e7cd8057947640ffd78ef966ba54a8b10b48b1bd2c7679236e4ec575a9667311fdf0d7449d3c19d3a3239c65c76172efe0b628a918edcc4c7cae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4e59ef4d8a78b6427abc2cc2b370ad6

SHA1
440cc97004161f54a7b19fafcdf14c0dcad5fb84

SHA256
e8ecbadff2560b380b9c3d444513706725f7c02702f5d8fdf46827ec9364c87b

SHA512
ae40c00ff57b2ea35927adb1d8368beec6935ae99b383b7d6a29dd4069f391c4ee9adcbe0837780a454b3b3e6cb6edfa247d926f1e11039fff018bbfbffd428e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6201e88e7eeb9ed5aa5f322ed630eb4c

SHA1
0ad4313c2c48f92f29409f5794f902cb397a4611

SHA256
4f5667f7d5860aa9855e40e82edfb83903fc77d4a8fbf4af10236fc06b5e4897

SHA512
8e47945539cd0cbb7a38155a8fc74c79553c0951d433f7152be34cb676d92f732ef14094fc2aec21ff39e1e0a158017ad5d535de212f0c6b823895b59d5076ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c77ba6002d0336e19112844f36505a2

SHA1
5c5c7b1910a99c576f82e4cf0dc85972e48670a7

SHA256
e28e09d58068e22786d46d28cdcc26a05ca2c317617fef37959227138235e200

SHA512
63db03665968cf80d8aac11a9dc47d9f3417b54c2ca118f89ed667d40bdfcd953eceb615ec7b4327cae300ed5b1fed82a0b1084fe0b93f870c23e0326315efb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7652482726cc35fb132ba4f506106f3a

SHA1
5353e30ec22e82dffde1a309cf83544fc002d52b

SHA256
85bf2514cf9f9f8daefeb0ee0309791009fdef356bfcbcff52c66d805d143e4d

SHA512
e1e3533566ee9529a7b9b536c1f703cb9c08f1ff71a95b93b5c04b180440f9fbf69206f5daa56ddb6267fadfce0a8997514b75fd0430ff602add0fbdc26eea13

Download Submit