hxxp://bounce[.]microsoftemails[.]com

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2023, 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bounce.microsoftemails.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231749208084632"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1720	3008	chrome.exe	87
PID 3008 wrote to memory of 1720	3008	chrome.exe	87
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 4656	3008	chrome.exe	88
PID 3008 wrote to memory of 2040	3008	chrome.exe	89
PID 3008 wrote to memory of 2040	3008	chrome.exe	89
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90
PID 3008 wrote to memory of 5060	3008	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://bounce.microsoftemails.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b16a9758,0x7ff8b16a9768,0x7ff8b16a9778
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5008 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3976 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1588 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4800 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 --field-trial-handle=1764,i,16131884107233163462,3639617955721493210,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1628

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4ce468ea4d0711b06b5559b5089c5fc6

SHA1
d8ba40c65b1bb1affcef7ee1aa5117ff318ae047

SHA256
67be4290e7e417c9400897781ec9a4e66e93abc9a4006cae47d96d4187dc23b9

SHA512
899e83ca823fa44d68bbb7203d256ab58f7684da85dca8e5f9a2d723c9d4f6e1e3fc65c01af5361bc5e691334aec1ce3f089a9eedf06fa0adba363897fd98cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4e2ba7305262bf7c92b6e5ac310878f4

SHA1
e76ab8b61e22d35275f164e39fe08605fb82c142

SHA256
8d405ff01147fddb74f62b1a5558882fb1f56c4f354406f48c5d26ffe51e60de

SHA512
097d7ba9f9871c3bc92b7a4f673e5f5f4cd16415fd7ea82e94c8103c504155ca8365043947411a0f680077f2292cdf0ed9ca9dd5e7b285376912477cebe42eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
00f6518b0789397d608686bddb5c85a0

SHA1
7f8d778d628b5352ffdd50b6842530391df3a8eb

SHA256
9807a3a115f42ab185c252c32efc6ed532a8c51e85a12c85fee7d26e3decccac

SHA512
558371c16d55eeb3b1721a2eecca55bc57c7f0234ce29087e1c63ad825febd84d65ab79dd4783388dda4de2ccb5c2bbbac1fdfc71becadd3b838f7c976e66164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
0b9eef2f01db4a5db43c2fce2773a978

SHA1
b31a5a41887fc7c26c3cb98bc0fb8a8bc063b7c0

SHA256
6b9f42bd9850fcd17e602e6759e06ca701f4b9b81ea41dc30fa4fb9b3a32d948

SHA512
f696317aca405786729814852a36ddd54395416cdc9cd4f2130587a2ba681df5a8926ae0ae96683514286e9dc541f8057aa4b21d7e136e01e54b28313bc0249e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit