hxxp://govloginato[.]org

Analysis

max time kernel
145s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/04/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://govloginato.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
4980	msedge.exe
4980	msedge.exe
5076	identity_helper.exe
5076	identity_helper.exe
1576	msedge.exe
1576	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 4944	4980	msedge.exe	78
PID 4980 wrote to memory of 4944	4980	msedge.exe	78
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 4384	4980	msedge.exe	79
PID 4980 wrote to memory of 1380	4980	msedge.exe	80
PID 4980 wrote to memory of 1380	4980	msedge.exe	80
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81
PID 4980 wrote to memory of 3444	4980	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://govloginato.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff914003cb8,0x7ff914003cc8,0x7ff914003cd8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15281085420714069305,14906586001091041172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b6a368c-edd5-4cc8-99fa-f8d093a5e902.tmp

Filesize
5KB

MD5
8f052e8c9f1c3af86396058646fc8720

SHA1
848a7407c727819acd64b982182e31d65172e584

SHA256
c5e60afb3541af7ddc69ec07594dabc6bc30526e3052f7b97a7821e99e9cb53d

SHA512
609c7d5ee6a1a1254d7a1e66cfceae36573405b847a918b32e4aa9a822563bfa0d6634fb1bbca3d9a9a33d1f8c3b2ed9c6ac127f4fbe7adc575452a0ddbc896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
aee1679ff5006da2ac2fe4aa18573293

SHA1
77788c53dcfdc0f9af85a13cf28f6be7f39821e3

SHA256
0b2322e2e332dd1b2e449d117323004c4f8a01d7b1570012fb6837d5571c7322

SHA512
6d1d0998325109eaa9ab10bf91508578406e9efe2f87e2e23862bf35c68c0ea5fb84c1d01b2dc3ce5cb3fff1f1b9afe4e149843f20a81018d2c4e6c5e665ddae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
554B

MD5
e8521e2d9dc206d3daeb61e0b0cd58f6

SHA1
b032b153dae11c60cc1428ee39062c5e6a0258f2

SHA256
1548bd4f1f7663ac997b04b4d96262ecf1220234648939fac11714907c71ba7c

SHA512
5ab3a822a6fdc2486567789d88cbe02e0b9fe1d3cf3bd7896e70583b96bd12bcafa06aad7ddb5cca89e396b24ed5284954e4c2bdbff313bd5da2a4d51351d3f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
548ae91cd3ebd990fde483296081e194

SHA1
eb18dbbda773a1ce861bc69777bf576321d5080e

SHA256
0ac6e2ddf96282b241bf7fc93371b4eb38db3dd8b8e23ebc0ded732dd62e1327

SHA512
aa87e4ea17e1890f957249b79bd5b20e1440c4f94e6461e6da74ef98f5753aa809c6d93cdd26485a04d5a6dd8f4ac0c9049ae0e58c44be4c819b56adb39db57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c0ffadbf952d4e0572d2a6f4d12ecfb

SHA1
349c485fc6461f56a0d5806c3d2eab10b4af630b

SHA256
81c5e1298366eb79261ef4f6b8e8b6e7733a3b8bbb1b9750bcf2cc705468ea04

SHA512
b203fb1070c9e8131e7db81835444ae2f6e1fac219fe8a10b650d2a8ff5cbf266b882a4426c369f49e8dcc621091037c8ffa3297dd824b0b8236151079412602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b4fb1321b92c3b77a79b862490faf9a

SHA1
206dd2a901c03369961bd3a4148aa9b8689d192e

SHA256
b1ddc926506fecc1ae863aecd3757655bd05f89e13dc7ba3cefbfa2efa1781be

SHA512
88b3bc9b41aecb8447a68558738c2eeb6195c3b0d616d2b1abc5f664d96f358db32e3b7a469c922379e5aef98f886038e3675147937c7b1b479cb3480c9ea122

Download Submit