hxxps://github[.]com/topics/risepro

Analysis

max time kernel
415s
max time network
422s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/topics/risepro

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
65	raw.githubusercontent.com
66	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
1828	msedge.exe
1828	msedge.exe
2440	identity_helper.exe
2440	identity_helper.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 1896	1828	msedge.exe	82
PID 1828 wrote to memory of 1896	1828	msedge.exe	82
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 4520	1828	msedge.exe	85
PID 1828 wrote to memory of 2232	1828	msedge.exe	86
PID 1828 wrote to memory of 2232	1828	msedge.exe	86
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87
PID 1828 wrote to memory of 1148	1828	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/topics/risepro
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1c8d46f8,0x7ffc1c8d4708,0x7ffc1c8d4718
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4239545447398118944,9258372027852743704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\900da29e-7dc3-4f32-9fbe-38cfeaee4b2f.tmp

Filesize
6KB

MD5
d35a8db70602f95169e454d316179238

SHA1
7a90205a1e8ded0cd9f0767a1c38d73f4c2846b8

SHA256
a09962734d06a482dc418cda02354754530236afcc7825c7b37688d226608a9e

SHA512
057773f10a9f7328c358ea5738c902497becfb7aee2765a866c6830cbfe4c628c6997241477294a8ffca25005e5de7373e3905a4f0e09738afe22bcd162c03b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
44b0b7b0b82ebf0ef8efde0276e961f5

SHA1
f098f2080747279255aff6eedb32f382b3ace439

SHA256
0cd96132f0fe53966984a88d3c43ff8a82634159f4266532fe85a923c27293cb

SHA512
899e8b589bb85138b20e5db63f9ed8e7f2b4d8f408e60f9f6aecb06ba4e89f7e92e6701d7412db404ae89a34518542bf7e4b49f18700bf688574eac1f9cad510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
97b5384e4a4dd23185685de772f31517

SHA1
7c525f9329035f7d8828e4ff3bf45dc6f6d6a738

SHA256
2afd12d81527b8734f929fb51cfcde9bc3e642bc6bf4ef513447796246a8f485

SHA512
cd923a24cb7264ac53d124484ee7e0e59a8e0edaf06260adfc91072dd30277f47be344d4eb3a506ca94c032f976e578936ddb664c032002f9c6d9859dd11c4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
26aa153f9bdcc4f3ea5c36c066b8f2d9

SHA1
de8ad805fbb2ee1c6387b9aaa883fea656576e25

SHA256
6b891e42a617f6456aafb8808a371ce171907bd9037128c151b9f0b731496152

SHA512
313d24f55d9451d18c96ed71d02c58c1a181c942a4502f87f9eb10eddbc4e2616cc323e070f880c5bc03fffa584e3d8b5645e1c676f801bc64c43237829a9e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04bd9f2fae7551c2a9116497e6eccb54

SHA1
a75cb0c00e2205995eec09d97c5f861711adaeae

SHA256
1987ddf0b1612c3801fef7f3e7ef7b45879c27b21ef64f851039d6200cb2d255

SHA512
8e619121bd037e7b390c7ee33f3263cf8a45bd4e32452f3949619567f6c6d113ab0f2a3c8e490906dcb65a3e693ca70fa5deff72780e645716c86d227b4934c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
174ac72afc0c0c30d1fbdbf0f7a346f3

SHA1
55881889355bcb12bf763e601cbf48e394d91caa

SHA256
c0a4cdb4efbb8755e8937cb6c0503f33d90a0af28920722dbeb9848d3fbba1c8

SHA512
3ddb6c74206e3e21fedcbc694a9355d9c40a443e67ea0748f7b1313119577389953e3580bc2eaf73fa353fa586fff0af0948028b3d708da700f563ce4345a6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31e86905b67211d7e4fd3cdd4d8c4f4a

SHA1
da648a51d97ccc82123dba218b91341583d1af84

SHA256
65639d3dd1d78345a102c559ed6e5bbd1c3857fb6d015e1ccd74b5f8803ee72c

SHA512
4c59fcc204eb88c3be7180926d22836f82f493054875cc1bba08fc69fa43531f583dcd73e6d28797b46b0f3195ffb77577c1bfadf113ea4ad37f1e8e63e2ecf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58316b.TMP

Filesize
706B

MD5
d5a3ef9c2dafd1856c3916fb31d60ac8

SHA1
ad7880776bb23d0132da529d6f58630094b23750

SHA256
9f7abb6da9b6e73f994ea792ad3b612bf7be23519b1b112f95a38b39dfddfdf6

SHA512
d676e32258138a8fed16b2502c0099028f8c6410cc63df6b9debabbfe23b508bcc07d2545023a398533851d7a0f034a742973e4e2a9b7f13398dcde48e651133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
feb475cab8abe9e0f6d687fe673652a4

SHA1
116313bb908f61cb9126b50f1d4cfcbf278735f5

SHA256
1607a39112e4fd3371dac4c13eac1311665b5ee0d99b43297303f8082ff303c3

SHA512
13e059b9510ba9302db29d766e3638e00f6139be7083e1c553dce3d5d35c8be669f99d80ee2874c75d550320b29e11cb667c0115ff17316588443eaf79f571c4

Download Submit