440368688434b4af8b947308d55d4397d4f207b7dd625cf8c5356c30068e50f4

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

4.5MB
MD5

d4a79b5d46f0931b9eb7125fd40baff0
SHA1

3a38fb263dde2251b9fe157b5fddec7acb07c53e
SHA256

03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
SHA512

17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339
SSDEEP

24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000002a7ef5362c522ffba4e00f489bc70443d8dcc63265d2a92a16a36c22b1b24889000000000e8000000002000020000000fb430361f8563ec1bc20dafeb8c888517fb9063fb7a946fb7efdbd151c3ab73690000000580fbc95fec4e0ea433b9b10fa56ba5b3c0b36aba64de4cbac46d8acfbbe0cc8bd01e1abe0cc2cf26fba971873146179b87ccb6ca1a0fba29ad2f504d017bc3ad18a7294387226d8f2849b301e194755a25b6ebe15855a364b2c65aff7e392f01388c38900cb86dee32d668e40bfc1f736f75024c41a3a8b7e3e69e048af948dcb960640b02bea8c94a49a605e3c1e7c40000000f704d2db5bbe698d93701f871d637ec8c64a9bdcab061b0e734ab9ff21b60dcefc8cba3b573e9205595bcfb427681f980ac4343ad043e163f794a78b23178f48	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430670090"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000028bf7ffd03e3fb12651e09ba7303ccea24bd8c6f82f64a04e5270a157c0b59bc000000000e8000000002000020000000c04ed0da9b8205af09d343bf45aad83c660dd829033f6dfae9c890a0ee9f87862000000031f300ab4e522611ac3ca52ed2be8ed8cec0cb9194eea970acd4204086152d61400000005246fdd816bdb9c45af5961a5c511071274c92b5d2d080e5f3d96e0b6bda331bdc211d215d8d4931c308ec927db6448cccf821f2047c69a7acaa9700900f9405	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB033E31-6221-11EF-A446-DA486F9A72E4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0eb937f2ef6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1884 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1884 iexplore.exe
1884 iexplore.exe
2256 IEXPLORE.EXE
2256 IEXPLORE.EXE
2256 IEXPLORE.EXE
2256 IEXPLORE.EXE

pid	process
1884	iexplore.exe

pid	process
1884	iexplore.exe
1884	iexplore.exe
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1884 wrote to memory of 2256	1884	iexplore.exe	IEXPLORE.EXE
PID 1884 wrote to memory of 2256	1884	iexplore.exe	IEXPLORE.EXE
PID 1884 wrote to memory of 2256	1884	iexplore.exe	IEXPLORE.EXE
PID 1884 wrote to memory of 2256	1884	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a27bfa19ff7f6b5dd383579e97e6252

SHA1
b1f3990aa11a534e564e005207687fada487c9f4

SHA256
b16508430103b6e2149183788a72c1ff3942115f53a26f722818f2598bf7801b

SHA512
cf8a38d709ddb1227acac8e4a8db4c3eed582dffb0e4b09fa14e63e91ef87fe762d3da5f9a1860cc4c41cd3ce4bc3570ed02550ca696105de6b0d0bb9d972452

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25246a1a9329aefa2f374884520c63f2

SHA1
95db02eac77850a2162039eea52e59656200cbbd

SHA256
06e6f5e3d29f91379753393610e087654f88f0941fed042b9899325f7b1a0bde

SHA512
467c5a5c4b613627114e53cd3c3a9d599ae0e53c6f4a18d57890a8d4ee2bdd7fb40faa8a88c9d422a271ad06ec6f0f6b6806c6b6a997daa41cf275d97d4b7526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1401f906f0efe72cbc6d9d7c23dd7b09

SHA1
fba0df32f5bf97c797057df336a08ddc3b801322

SHA256
79944abef650a5d041b597a6b246f5976c173ebf7c61e1d938aa31c5a32316eb

SHA512
2fe4ab8f5b2b5fbafdc774a33804e532116bf176020e6b04eb2c0048adc583f852797bb357cf4e583dd3fa833cf3fb433fcf5cd8aa660eb8fde9677ae6d468b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f47837c838aa392a989cb599c2486cd

SHA1
a3af343c10713c350a9e7082d3c716f5db986613

SHA256
e049762eb379916887b1931f9ee71a5af126170566b7111406da442e5c55e4e0

SHA512
c23a0d5354895231498b37b212b07ff1324f4bbd814c7056566ebbdf2c9894eb329b6dad6e946f487e46b52831e802b46ee6b6a2b9c534b09bad78ac9b82b742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f64369c08e3930efc7e9542c68e97dfb

SHA1
47d861f3734498eb4f6891805432bbea01a17237

SHA256
e1250ef3499d0944580ad35cd6e71cf4957390a250cacb59670ef27e66da9823

SHA512
cd81997af74f43e0ab65ec7584935e4586620cd13ef73288dcbc757dad02491e04a81337ccfd5b38bab317be5cb92877537394d337043ae9776265df5d1613fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6713b0fa4f686f7f04bf02d7e6cb4bac

SHA1
28602c3ac81967d1485bda63098c55ac57a31deb

SHA256
b8b3ea51cf3ac911fba2fd0295e7188cf103d42ff3eacfafb6e0927297a8b160

SHA512
30f036e76df5c0057ff6492ba81cadd42922bd9ba9a0dd3d1ce7e8d2b31f4b06a9005790f1153f2b0201e417f9fbc1621acc5cea6ab8ddf5b5b2768b82f7272d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0dbe54d61388e8631ca5c54afd65ce5

SHA1
0c5b16e4ec706afa0cff4c311716c6242a20a8ff

SHA256
25db17d7116eac8547606f8f6a5b579cba0cce494b945f36dd942afaff511d50

SHA512
277c2b060224d4e629c99fa85277720a3d8f7b0b528e03caf0e75df05b1c891411cafa1a454bc5493465f978ce249b3916b407df3c77c3ef5c237875556eb957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed4b41dc5de92a3e6cd44683f8d368e5

SHA1
a75f441efa5b990b6ad8936d52690bd61aaa5262

SHA256
8b88bbd4df94b2d8142392994bdf511c044caa26758e422b36db7228f6c4017f

SHA512
e07910a846ae2890e1a45c5bce239c9ab8cd3f5597e59946f439e37862f8f73171d3b37c4c73008235aa3c5e771c305f17d101debea78fa86aadb2bb3fa2e8a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce1cdca9d814681b31537cf08d07d24d

SHA1
d661504b418398777bfa9410a654021d64bf01bb

SHA256
4068e60edecd264fb5a212124fda29e25dd89676a357691c072c0cf95a427b0c

SHA512
6ac27f6ad4660fa48d0eecae0c9f6c166455bf23489c7b55e07e6bd91a1c167800a237376b7e2d76a4cf664de059a426e40db2f9ce5e529b8bac2969ec06d92b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d189173299704ccd12e31cc9c50aba33

SHA1
2b531f1f8a0edb7c07affeec0ad1caab427edfc0

SHA256
dfd8aee0b49b16fc7f451d8638636aa537e216c07bac4c67ff3e689e2b19e6db

SHA512
87e10b18aed31c97f5ec95a7b3b7c406ae6d55ed1fc26ca173f07c0a6e3b0fd89024de49fb8ed748f76384d7cd0e99be2e54a098c769de0ab2322013a481d6fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef7b68112ec7ed93d8a46985f780b4c5

SHA1
9db52ed13a67d7be37b589b79fef45cb41387e83

SHA256
126073030e0b42c40527201f0e848b396c23d1aa5facf16ed3e6c04e0cee3c11

SHA512
79a3d7ca1e62a3fba6201dd116a1316339d2a63f69b5a198de031601bfc71e568080ec8d1ec8fc3d34ce597ae9d27b1700d245f89f8128aecc334bb7a4e16aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be178ca717d9c82e8dbad56a4f5d8e7d

SHA1
b22336e0af2a6321821b31a30fc21f3e665f0bbc

SHA256
cf45140fec32bcfce330ea4d93abd3016f9bfe99c3677ff140e6e847598c53ef

SHA512
09e7349b3cf79d3eee3bb1a9cd4b5e122abbf34cf9e91094fc521f7d50af80917af9aaecb867671c984cee72e11fe3fbcc72f23dcff8e2734264d71c1a4711b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d52b819a9babf4c42d44b5bba2c9279b

SHA1
99893e739ec2aed0d8ae6b3693bd2187696737b1

SHA256
9960fca4baac29d9e6c9159f8d22b18d17fdbd08643531a6341fe1d2602e82fb

SHA512
b4c56834bf35635ba07ea9b4341ddd2388e21a41c33a8e014052836bcb66a96163545beb4dd9b659bf11c1f0c179a730af7cb8104a944ff9c0c8c3f164402cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
572533c49e4ae276fd415ac85232f1a8

SHA1
e0c1b877e4c7b7f617f3c6639a6001fd32fcfc2b

SHA256
708ad59cb6b2c89610f66622fab420897a288cb50b54c9f7284ed37cf1bff23d

SHA512
a403f66b097546ba6f52197e65ab2843bca187a305028a8ec31eb889e63fe229b49479750b9f963ffb89574cc2c687461e0a0702cb1b28e278186be6a9f8a75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48b229a713b79c45d2c9c10616760145

SHA1
59c1ba991a672832e675f87558ec2f7665d15158

SHA256
ede3b3d33e957b358420132f66b9eef758c445937d179502c27912d085c26d08

SHA512
e101597a9cdb1484b1546f8cdc73a7beaddf4e89b6e1c15560ba818cbac93eca1b7c1aa7cf762aca160803ef0a55c0a1e498a9129d1e14aac3038fa5b1ea6a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f54efa3a1f6b6aa079093dbb3e8c3b6

SHA1
885732f65b1ebacb141143dd10effc3823b945e1

SHA256
712d07bbc4dc585bbc0083001f9332b83784b0cc5112661c6926dac39d0f4eed

SHA512
cb5527896600297762fcecf2347227f3dff31977b65800ba0b6bd79e5672101c5cc0b6716215976c8f80af75356752230527ce092f34c4c4a3f6a5044bd1eec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFC7B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFD1A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit