hxxps://ums[.]koreanair[.]com/Check[.]html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=hxxps://ums[.]koreanair[.]com/Check[.]html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=hxxps://spaceoutof[.]space/new/jokasa[//]/

Analysis

max time kernel
59s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=https://spaceoutof.space/new/jokasa///

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234610635020105"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe
Token: SeShutdownPrivilege	3184	chrome.exe
Token: SeCreatePagefilePrivilege	3184	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 2728	3184	chrome.exe	84
PID 3184 wrote to memory of 2728	3184	chrome.exe	84
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 2664	3184	chrome.exe	86
PID 3184 wrote to memory of 3416	3184	chrome.exe	87
PID 3184 wrote to memory of 3416	3184	chrome.exe	87
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88
PID 3184 wrote to memory of 312	3184	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=https://spaceoutof.space/new/jokasa///
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff8fae59758,0x7ff8fae59768,0x7ff8fae59778
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1824,i,4721664294919223391,11382259577511705250,131072 /prefetch:8
  2⤵
  PID:4456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2fd0aa81f3b4002a64a9c03a722f517c

SHA1
d3b3f43fd6aa9a33392a3494b4062f5e09d45fff

SHA256
ac23a642b2ccc4dab8f5ccd502d2682f2fcd3276ac4d2cc6c24edcc4e1091500

SHA512
082b827ccb28a23fed50faf0bd5581be97dd9e4c35b380f7d67cfc860136d89bff08bde06d8488dd92294566d040f60debd5fdaec8409fdd965624212304f684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
180de7e592741e0923d32179004605cf

SHA1
0a3d380a0b0265ab448c6a21096de902cae85782

SHA256
4d459d49c6fb8f610bd458eed322d500c1a7a8608f64cc71a2d366c0a72ba01c

SHA512
38a94950b09c836b2a824976d48ac5d79c5590439a38c2009b14425f8098f7e24747024a38fd6eda378fc2a6db608e5faa719f63f43c12897c3b2a99c744763f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83805a205b937a8280e64fc6129bd34f

SHA1
c5daecafba398af77f2eeb87c6f1f2d5cd8b3ee1

SHA256
ed1ad65b7653237b559729a9768e24f50680b763ae30a00e92320631682c8a4d

SHA512
49a90fe51750f93d9edc1d18d8116a47424a39780384fb3240c4e0da50a0ed01089fcff6cda27543d31c6e12f9aabab745f5cdc490b182f1a4f3c6c3c9eb882f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
67d7f92e2ee6aa0a49636b32c028ef6b

SHA1
e23f16500cdd72d83016178ba6c8396eaa8471b7

SHA256
e27e4edc8564d05c97738d37dd837beb78870cf3e24723687732f0b6491dbe87

SHA512
2a53275721bd7248b8bb45c5b5b30c0b45570be1db106d1de04761e2f4e798f482fe253b8712d9c0213cecc3e4193829897cab7bd934cb0a7e1229aab79d0d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
c7985062bfb696d4f990d1774511c0f2

SHA1
d751706a55ec659c3aac3c24b83e813e45bfba63

SHA256
ba3262bc5b9d49b44943eced6db81ff3f81b516c7cd57aa46d7953aa314176ed

SHA512
3dd68acb1f39fe900d0742b3d4ae73271216927b088098901893783d1d025218198872cce57cbf8c117f9a181748cc0812749864a4b4575f9d3f8d2220bde0d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit