9ce02f6df5e1d8609a59d1f4de6795b794396350bee69c206c420eefd10422fa

Analysis

max time kernel
120s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

📧™ ETF Invoice 15 March, 2023-375512 PM-34351.html
Size

84KB
MD5

15d0aa457a4818a95fdc50c5fa2d03e3
SHA1

8122f92ab7d4ec300c19960da7af50d06f04c2ab
SHA256

9ce02f6df5e1d8609a59d1f4de6795b794396350bee69c206c420eefd10422fa
SHA512

574e4241836837073c6e124b876eb850384fe7ce7a79361bbad211fab495d24630cf9c0e009e636ab986d5b008392225269c6cac8e053e242bc564c76ff2597c
SSDEEP

192:rarn5yCr4p1QvrhMNDhTDSjBL/GgFMy5oHMoowEgbeYBi4UwNO2XzlxD9hMhQbiN:C5yCkpv2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236697332969825"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 700	2884	chrome.exe	86
PID 2884 wrote to memory of 700	2884	chrome.exe	86
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3484	2884	chrome.exe	87
PID 2884 wrote to memory of 3644	2884	chrome.exe	88
PID 2884 wrote to memory of 3644	2884	chrome.exe	88
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89
PID 2884 wrote to memory of 2632	2884	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\📧™ ETF Invoice 15 March, 2023-375512 PM-34351.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba369758,0x7ffeba369768,0x7ffeba369778
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1860,i,9828396042266408850,9754086687382041448,131072 /prefetch:8
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
71bf1aa706139d4fcea24650fbb146ae

SHA1
266ccb6b4ff3c101dba66d4c4429f7fd82e2bf3f

SHA256
b52a2f04705cdff5620b5c50ed837a91ef19303254d29915eb166555391047d2

SHA512
05f3db6287649f6e291e916c078b1009020b0bedd37cf467ef2a63aa44de804d98c94077bdfbaf3a3ae8d209ce7a659269ced1179c09a09ff08219806f7f5459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a0dad58bdd0e0e01cc8634a52046a45a

SHA1
9c6d6ad51039decdfc94af2cf0cd87c0a736f9bb

SHA256
7174d6415aa4060e9ba31c6f3487573ad93e5bce0acf559f83225a022ac7c329

SHA512
66f56ca62a3941549784482ef760311acd6599cfd15f07a759d59339f1d5a457f6bc55f0b2597ab11b40add960a0c05a524264263fa4db64eccdc9490c3b0963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7daa6c02a5b10548f1af3da6f5a25556

SHA1
0f5ea3c311fa3bb78697cd658ac6496e93b49347

SHA256
d496d1a1a5d1a63f53aacf1394044d8b53913b03c486f42c3bedf02a72f916c3

SHA512
8a23bfb13171d86989a36ba4a7e24be3e44aaad0a329f65f9e71c53ecfb260e7754e73ce7a81c673dbf10b2ce3036da52c381367f539ab9439bc724ebd256766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
89e91eebca2a06a84b184ce72b9244b3

SHA1
1408edd8fb639a3d245eb6645790228f16d8e7d2

SHA256
3da4a6f70ce084a10f3bfd26f61e740a7691b3cec030687b923dbc2670e537d2

SHA512
db317db997f51741867de68c9630d386092e0f7f74803cd5cd86d3bd9bedcf13f7e8c14510772f05b8059e2ae152f9d81215c28fc3e4cfb08fe60d203d0264ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
539b2acf433c6af128fd5bc28605d215

SHA1
a8d38079881811ea4ea91ca1cc8655fc952f845c

SHA256
1463aee088abe7cc2d8244ea978b6f835d18aa3d4afb27dd98e60b3efb89294b

SHA512
22aa39ff2c7400114a5fc6433f184772f05337d8d6ee1ab8f844e29d4059da1f6f66e42b7431006bd659a24dcf88152706f6b38f33a8c5ef983798dba9866bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
9bca96ef205e467db484be10fb788437

SHA1
01688c24d497f7efb101672b7f3017ba9be20590

SHA256
06d99ae8fabf18e65b4619fe579a02c8ce9996a1581044a6bc4a8cb2597c2acb

SHA512
3006964860d34b41b02c9a65d82956cf7e88b2e7bd74d4ac2e9276c5d718947f7cfca95509c2390d8eedccc03a71520d175f49edf24f1b23dcabe0cbb45d6e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
872be79dc3de3d4be297322c9c5e98cf

SHA1
d6882264bebe08771ce376d7aeb67ac36e25e6fa

SHA256
f789a273b91f4660a67fff44da87f59f2a47b61e81b2d3a678e5cdd54a1d89cb

SHA512
6a4dc4e9607f339a6ded7769e29ad00f119dde17b95997096005fed70697f0ed2a24e184e3383e01066d2c2c08894621bb378ee936ef81b1bc56109a01d7c3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
c12ef6011c4f260778648d4d929f1a7f

SHA1
559fc3a650b7e73c9e15442f7753e35960d45435

SHA256
5b4f6f0ac82f11af81c577aacbc8e6385cd28d3a8e5a01f606f1a1e560e31001

SHA512
155122b73b5b0c34f785721844498d6eaeee6c6c2fd2d7bebe166de3a284851377fe47932d4cba969f1304a9ba804b2eda3b373414786240d7a21747699278c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit