hxxps://shareasale[.]com/r[.]cfm?b=922594&u=1803968&m=68204&urllink=https%3A%2F%2Fthepengenius[.]com/%2F%2F%2F/%2Fwp-includes/%2F%2F%2F/%2Fauth%2F%2F%2F/%2Fxa5rwi%2F%2F%2F%joshua@gmail[.]com

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shareasale.com/r.cfm?b=922594&u=1803968&m=68204&urllink=https%3A%2F%2Fthepengenius.com/%2F%2F%2F/%2Fwp-includes/%2F%2F%2F/%2Fauth%2F%2F%2F/%2Fxa5rwi%2F%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133233912838267155"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
3344	chrome.exe
3344	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1868	2152	chrome.exe	83
PID 2152 wrote to memory of 1868	2152	chrome.exe	83
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 4360	2152	chrome.exe	86
PID 2152 wrote to memory of 116	2152	chrome.exe	87
PID 2152 wrote to memory of 116	2152	chrome.exe	87
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88
PID 2152 wrote to memory of 776	2152	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shareasale.com/r.cfm?b=922594&u=1803968&m=68204&urllink=https%3A%2F%2Fthepengenius.com/%2F%2F%2F/%2Fwp-includes/%2F%2F%2F/%2Fauth%2F%2F%2F/%2Fxa5rwi%2F%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb390f9758,0x7ffb390f9768,0x7ffb390f9778
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1260 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 --field-trial-handle=1868,i,6665923129681600441,14526650387751829932,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8281921a-bf7a-4f86-b4b5-ce8783febfc8.tmp

Filesize
5KB

MD5
89d9e0109ff3ce56d65fdf5e0f4e9c00

SHA1
7e3ba1228dc480fb68f691a5aaf8ffeaa70b8735

SHA256
668955b9c882db4166b81d8bbc572c2ffa18c49085136aa6b1f963ccdf31d7d1

SHA512
3fa4be131ff3749275aca80d0b74ea90327591ede022cc0c0d65cd7cdbcb182316af17b0d5675e11e2b7bb9d30185fa8a08b6468e1e5f85e015d463c880dec6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
792565aac3e8b28c6d62c0cb71108bce

SHA1
43dc5396de6dab13b5bc525f7697d38a58f008da

SHA256
4bf8bd1169f9bb8524d6ebecbfc2b1ea6bfddddcbf784bacd5a4adc9627bca5c

SHA512
d3bd1106e71fb740630adc79d543bed11711db1f5f217bb0af179e476f6458be4f143af1c9ac2d41a3ef9d35cfca6a83c4daf4b7c3d0d4ef3d9effb6770bdadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
09cc4945a78e052ae8ea977753aadb01

SHA1
8e9c9341c3cb96350109a12673eeb81c36531e1b

SHA256
fc59bc40ee69e1d8d8045d84c87473201f74f33b3d1314c97b911c8837dc246c

SHA512
cf4f89b05633b1ee70b46ad1f1cd1ae0a7eb72c17fe0e6593177921af38985bbe2bed6a2757ff72b26a3aa50c1cc1460c805a00182d311470da433e8c82ca322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
21061c02d262da3c218909bb149424b3

SHA1
c772cdc8f325c4a71881bfb2ac58cc10643dbaf9

SHA256
e699d063bb19fd0a3f930392a4655839464e6c0ddb909b332079cf25a0c645b4

SHA512
1b47de158d9592f2639a56e4b62e08504cdd28820dc4250cf208b2507109e6d314189ad74ae6ebc36e5461f1587f57955d48531d6a647cd9e8506e0dbeda7c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5cfefa7d2ac4596e8df16cfdd71a0806

SHA1
f7a9f393475e3a60cf07c3730080332e26f52c6c

SHA256
7c2f287049bcfda6476e628cf8cca09665fcd08ca026ce116c2081190cb4ab1d

SHA512
0cfd448d83eb25c369b4ba9320a5220bf638a3cb8801159535b99c636679f8b0dab86f22f6bcd260cbd07223e63645705c2b814afd0b117c422581cfee9345e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
14d506e40c5ec5871930a64ba7177608

SHA1
63c23b9ad823b46aedc9012fbd6f4cc74f90e1e8

SHA256
ef3db9d6aa65d18503298961ec6fcb751e9ad5f957571903799ff5a6683b1316

SHA512
b22a5f55c0dad7d0413d106631740b962cdd8088345ae17639313bf37b8610cb45c83d21d7fe05104c816267d32e4312e249b8568c6ad5b65fcbdb6a0c0a633d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
676a036342f907a50d44167f981cba96

SHA1
1d1559389154eda3e514d1a80ee2a7d83cf4a718

SHA256
5aa243d56439d49fda0a61bb1d2d40d940fa0e8617982c5d13e410889da79d63

SHA512
df2eb296664c87fd92563b9afa3e8381768d3174990a94c6993e132bff6778334316ce990016bc7efe9efaf9045eea109bf2c700b4f0dbede686b7656b5171cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit