hxxps://bafybeigvj4ex2mfzd57gaxk25zqx323yfyblzxcoduk5djgyduwapembl4[.]ipfs[.]cf-ipfs[.]com/tor[.]html

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
20-05-2024 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bafybeigvj4ex2mfzd57gaxk25zqx323yfyblzxcoduk5djgyduwapembl4.ipfs.cf-ipfs.com/tor.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2288	msedge.exe
2288	msedge.exe
3796	msedge.exe
3796	msedge.exe
3024	identity_helper.exe
3024	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3796 msedge.exe
3796 msedge.exe
3796 msedge.exe
3796 msedge.exe
3796 msedge.exe
3796 msedge.exe
3796 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3796 wrote to memory of 3812	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3812	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 4572	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 2288	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 2288	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe
PID 3796 wrote to memory of 3516	3796	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bafybeigvj4ex2mfzd57gaxk25zqx323yfyblzxcoduk5djgyduwapembl4.ipfs.cf-ipfs.com/tor.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff363f3cb8,0x7fff363f3cc8,0x7fff363f3cd8
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
2⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,2714412611226003926,15469595051241663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5028 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
f1700e9888c03f63ea78f231bb647dcf

SHA1
acb31c9e28f919b684a96b0c73effcdcdf9a45a4

SHA256
39d3a6b4427d4f9c1113544f46b875850958d6de37c3687a5ec9f24b0e4bdf49

SHA512
6db281f5eeceb65b9ce63f7d923963df85d30bc87192d472f857cb86e86ae01346c4b5092cd5b6b0acaebb7a60a740e23bffe3d8b2fa9785aad6f037191340b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
730B

MD5
8c7cd195f9533db93a3c5c1e34846bf2

SHA1
c59adb5a1cd27a8a5d1bc21f4af5163aef00f140

SHA256
6ea2a02f374e7e23f9d15994d31a8e113441bdb7d6debd0ec69aef3f5b02c13c

SHA512
e28f04dadac634bf97bcd4d4545e8b10718679bb57f85882f97ba5957a9b0254a267000042f95fa807c856621f2b3b89d2ceb9208a02a27cb83842e03b0e1d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
88a6e566dbbf41bc00f88cf84de0a87f

SHA1
4f307ff0025305858f850bfa9cf04867ba50d2ae

SHA256
1c4fb9d6d7dc68c80762993c43ae127330add2122aaf22d18a239a76f35fec34

SHA512
f1f07969011e60f06afb21b79f3ba85e2dce6540629aac717d9db63e1550041f07a44d2d18e10eae4b83ab5639a4637b6d00e85f1cd8da3df53865e7c33c67b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9f752197f37057d2ca0d98db52c59ca5

SHA1
71fda2d2e4300389258ee17c5b0d8aa746a74cd5

SHA256
ec853c6a29a220b6cf801c6707052b8303b8fdfa49b0337a2a3a20da35db85d4

SHA512
71a5b806400a5f39f12e50e6d211ef213f8c1f1832807648fbb1c1589a4cea7c8cfc40ef8a15f1d616cfaa19f54c7ab0af275f75ec1682f1ea807181b25d2ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
51d1a12ac31541691297e0cb7392968f

SHA1
a4fd12ba810d48d377f6d37434fe89b5e9a23c06

SHA256
57f3be400835dbeb6a3d82b6b6b945fd5ff74b5fd8e3335f75a611bdfe1f20ae

SHA512
bd3418a95dfdc2ae6c60a106fc6bd85c609cbbb390a09c16959706d5aef77c9563828df7ff7408df74fd9c119b1b484738ca8c54151ecd998868e003b81c1ce7

Download Submit
\??\pipe\LOCAL\crashpad_3796_XCTKWZVOBAZISFYC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit