hxxps://cv01zl[.]s3[.]amazonaws[.]com/index[.]html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#itservicedesk@rtl[.]nl

Analysis

max time kernel
37s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#[email protected]

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
1192	msedge.exe
1192	msedge.exe
3208	identity_helper.exe
3208	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 4044	1192	msedge.exe	85
PID 1192 wrote to memory of 4044	1192	msedge.exe	85
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 4172	1192	msedge.exe	87
PID 1192 wrote to memory of 4172	1192	msedge.exe	87
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88
PID 1192 wrote to memory of 2740	1192	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9846e46f8,0x7ff9846e4708,0x7ff9846e4718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3004640332560279572,5357764860913310017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94340a40836060c5ecfcdae1b3be9112

SHA1
9e11806a12a6d92745e6a3809d4f9cc266f165f4

SHA256
dba0e2d093fc06b80e81d94c4930b6a61c59be296125d33f77a91864b9c231f7

SHA512
5ecb4dfc867b5aac89c6e221cb81b9b1690a812904fd60c72909aa592423ca901de7c47815e8215b619764dea033526f0c7a392b7e277c7bdc6576c8e64c6324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a0d6f8f625ced06311e04f3a39f13a2

SHA1
713f790314c43002f307e3a64d0d318404c656e6

SHA256
187c30ad4fd73811e55f2bd28e9a23254e07ed01e748822737ed1f4994f1b577

SHA512
1cc896a6a7fcc3fc17ad19654948d63a3be79d92e932ae7a39eeca6b1219053fd8ffb10d26cd92f579c33b4b27a6975e926936b84f9bf593f4637e5564d3a2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e48334f2c847bc809e70584b67f2ce3c

SHA1
f9be824cc696b588e5b16a2e90fd5538ffb26bb1

SHA256
d29b71b209d64e25d850fd9e2f6c64339937b95ae0fe8cce61c61fb474068e00

SHA512
01f2b762d77dc2b85b3e931c1587a11ed14f42d97b2e29786827317b16f083b46d1d4b33bb4516c67ab1c698a7d6dcc1a9f025905220f0599ceddc268c2c6299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
830c6726ad520b1bf053ee97bad22794

SHA1
5a533b58178235c1a148f40738836b41ee36e77c

SHA256
71e7b18f24bb4d8f1dce6cf8978ea04b9d80986e181d6f33b503da1d10c6c805

SHA512
0d0b8005d52bdf5593b07274f4294cf274769ce5b64a58ad9243baa5feac1b19ea36c3dbf4abe8c76530bb7240e6929228bad51d9be3b027f91d217e9ecab687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583776.TMP

Filesize
369B

MD5
01c707c4b41ac80880ecfd4b3444722c

SHA1
66d9d787082df8ece21a882b76bfb3c447cd1b64

SHA256
40543a8dde96cb68e12bdc0992ef663810423defea83e0cba0a9b910b3d388b8

SHA512
b135ad84a6b9114cdff959a5c76c3aac13eb69005193d1a36ad8bfb4583096c052a627050b6c7541f4bf1925169a91a88d3c30f9e9b8acc6556adac5ea2c8b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2cad7d964c8e306f7bdaf493e358a966

SHA1
ea24dbb3638dfd6b5428d5221eff18bce2b9bc96

SHA256
e28a9f296cfc319ce19d9bb1f90b90af1281da4fd3df65f683ea2186ddb91455

SHA512
b26014d19e25ac65bffcfb4befc308027ede57c04cd486f2dae1ec3f9d401b49a992871507ab469b85c204e176e43dc856a6019abafedbc419a7e579cb2b5dd2

Download Submit