hxxps://dl[.]dropboxusercontent[.]com/s/l51svloh29qfg6w/Job%20description%20and%20brand%20development%20plan[.]zip?dl=0

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dl.dropboxusercontent.com/s/l51svloh29qfg6w/Job%20description%20and%20brand%20development%20plan.zip?dl=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239826602289909"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1208	1524	chrome.exe	86
PID 1524 wrote to memory of 1208	1524	chrome.exe	86
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 4672	1524	chrome.exe	88
PID 1524 wrote to memory of 3996	1524	chrome.exe	89
PID 1524 wrote to memory of 3996	1524	chrome.exe	89
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90
PID 1524 wrote to memory of 2304	1524	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://dl.dropboxusercontent.com/s/l51svloh29qfg6w/Job%20description%20and%20brand%20development%20plan.zip?dl=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b619758,0x7ffb0b619768,0x7ffb0b619778
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1268 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 --field-trial-handle=1780,i,13556119658806270368,332142634567529953,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3712

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
84529bf5d5f029d41a03b661518808fa

SHA1
0edb938966eed40790c339ac3622a132f993f756

SHA256
36dc70bb0fb63f7604c2e2814f0eef094022ab7601cbb7892834e56e9073eb3c

SHA512
542ec7b240e95a8990c9450dab0903b5384945728fc6cb0c171589ba23fe6be6f1f40b0ffbe643f66d3e457765a15bee5939fb134cc8b24273bf61a10d6b20df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
648a010b8e9260236a01d978636897a9

SHA1
78a1e850686ed6fb21e7883b97768b7e247f5e86

SHA256
d641aa5fbe6b59f9b893ac1a2e6f06539583ca0f2a1da7e81bc69a52d731427f

SHA512
5899c560a9cfb36ed1b2071332ce8e33a46767d503808de1f4acd366f5b38002f6348be529f43d30eaf596211bfd74edb91930c0bf0ec337fe77d43d864f0049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
510dbb8102147fa8f9ffd109a05a9514

SHA1
3d3a6602c93e846312fce61da3e6a9ecc6ff6f65

SHA256
52581e475ea3e21ad4d8c77a9727c338f1e503810f9239321aae355a2a4230aa

SHA512
b1ac76151adc9c77b1e4784709219c30b77ce63c4eb7bfea3c79eead2dc1df8b277e5f226d6de82825ff8561c0f22da48afc08ee4116e4cd8c3d7dbca217e32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
33c53dae8c7c7263bb8391578abfb52f

SHA1
ff6bc2f8d388c4a5b33a60481247c558686dbda1

SHA256
a192f32948ff0b414bb4e7c46b82abe64592e7a14d0bef6e39653ee261aafca8

SHA512
451e7775ea66c2a9593ba24afb3211a9183e20b4de44d6b8834dd5250d493bbb0764d27daede7d4ae2546a8065654169734bd88ef341909f2464db73e8aeb20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
17097ba5e2e30928800da5a1bc0880cb

SHA1
d54db73cbdd3bd4c5062253d72bc227a21da1f7f

SHA256
8e6e78c8f0dde2bac6bda20d499f661144579ac808bc104aa3379e2feb0dee90

SHA512
6a0e60d44ee13e9e3e25eab67096ba6d2b5ffe27a2e4e0efb1fd41bbe8fa7a563e5fbdf4004c5a6ad0483423c65d3ef5e11d6a61d336686655cf6768cb83daa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4d83e835f763c2bdb10217c1dd8fcf8f

SHA1
be0798381d58552ddfc04bbeec0b398cb723fc02

SHA256
24d8fe5b9dbfacf47d5ef0263c4150e16a9ada7e46704ecffb6116f8ca5c5e45

SHA512
ada6fb8249e2886d1a2e2968bc05abd9ab05cc4298265d77a0e47be930b6a00de67cea90bb61cc0d04793e07be33474fc8ff3a5ed6481e6b2762eb2dbb92a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
0da06771abdf9349d147a33147ef2893

SHA1
e14d02f8e65c08902290e82e2da3af6e33dc0edf

SHA256
b247514e1e59892ee58d05a8dfb7bffeab0f19555486893978dcd9327ab6c468

SHA512
d881d38c8bf14140c825bf8a5b84fa2dc5da5ccaf0051991d70c908675b1242794f306daf995706490470e435f959ea1337c8adf819b94679c1d2c73ed6d3bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit