dde521173ab1ff800808028c89ae0d73e4662aa059b2f65445209202084f23f8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aafbefe986a37b03b8e158166fd5fa66.html
Size

57KB
MD5

aafbefe986a37b03b8e158166fd5fa66
SHA1

1a3a5042c07f47de78b8696e53ec3ed72de697d3
SHA256

dde521173ab1ff800808028c89ae0d73e4662aa059b2f65445209202084f23f8
SHA512

96bad760ea814bb0158c5c23c2268911fbfb93642ae05dcfeae37fdb312035557baac38b76996cae9899bd2a7dde34473bdc000b2c47583158536e6608930f66
SSDEEP

1536:gQZBCCOdV0IxCZpoqldTpZBozRrh10dUod/Whk0ptyXmog8UeZt+sBAfqBWuKGm4:gk2v0IxrqldTpZBozRrhedUod/Whk0pu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
952	msedge.exe
952	msedge.exe
1304	identity_helper.exe
1304	identity_helper.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 4856	952	msedge.exe	30
PID 952 wrote to memory of 4856	952	msedge.exe	30
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3880	952	msedge.exe	91
PID 952 wrote to memory of 3972	952	msedge.exe	90
PID 952 wrote to memory of 3972	952	msedge.exe	90
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92
PID 952 wrote to memory of 116	952	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aafbefe986a37b03b8e158166fd5fa66.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b5146f8,0x7ffe8b514708,0x7ffe8b514718
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2636276573479420213,16068482225939944149,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
846e753de75382177d3794ae48f774ca

SHA1
b5fe028a239a692a8309f3718a2abea0c5f5901f

SHA256
a114bd50acace2d2696bcd064e206f0418a5aa94f704c3c223c5d7acee1b70ad

SHA512
6c41e05625c46d5c06b67d1c740a8d7f50614f136c29ee201de03e8e9dc140db27718137544b644599f51c0c3ce318c7ef916dd3f5efb066d4d452db3998f8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eedabef04ac91eed3dfc31282114f82b

SHA1
de19409ff337408922ec13cbd5382cd77929c305

SHA256
ce257b2ed25d953cfd21a0ce3276f5cb09717035e43f48f8b4e5c856635fed06

SHA512
84307d69212b158b06f751fdbd21224c8789bcfb5ea1b4b1ecf071df46c36a0946716442ae2fb002d6052e0e30b7f4810914597b0410726a16f07ce1f05e02b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2dde88c178324d46bdde9aafff5b72f

SHA1
0377a494aa0c2c4553c4022ac7593ac136070036

SHA256
f62b6a3d1066989177ef159786de2eeb6ec2e619355b3d0c09c545636dd4ac66

SHA512
ffd31b01714c57afcc9e0a68426f601287437dd7ad9fa5221b4e8180c5baf99438674953cf5d32f1b350a03f85cfbb2cf66443f8aec486ce1c13cf479775ab81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7e6a3ab989f7787f5e54c53292d275e

SHA1
ef4d0831616ddfbbe569d0c88a6d086ee6566e0d

SHA256
350f0e6b5fb9bc3b62567a6bef763ae9d6a49ae32a99a0a6952e507033005d2d

SHA512
b93f1664d338d9ef1fcebfcc2b6449877e967a6b2278cf401d921a32a6157d1d32f6dff8f8d3d7488e4306d8570ea4272b7d5c9297d1ee9a697b9acc7ff9449e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af14e0f4ef135fd7211e9219f41f0d5d

SHA1
ef1f645604ac228fa138aeff5e2a638b3a1ce527

SHA256
90fae44f905399751df0d97831becf76214e738d2d5abc49bc588ae1a38e98ed

SHA512
d5bcd3d7cfe384b1d147783fe1da7bf006b8ff5ebafce6b616243c0fe4361f5f0e05091849b827e3fada6049b9da7da06a0b2936c9c58beadd37164f1a55767b

Download Submit