hxxps://wetransfer[.]com/downloads/418f47430eb2963b5512e5ccbd227d7d20230327040337/a7ad4ea37d69684d47aca661d723898b20230327040416/20d310?trk=TRN_TDL_01

Analysis

max time kernel
44s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/418f47430eb2963b5512e5ccbd227d7d20230327040337/a7ad4ea37d69684d47aca661d723898b20230327040416/20d310?trk=TRN_TDL_01

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245695409353829"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 1976	3748	chrome.exe	85
PID 3748 wrote to memory of 1976	3748	chrome.exe	85
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 3460	3748	chrome.exe	86
PID 3748 wrote to memory of 216	3748	chrome.exe	87
PID 3748 wrote to memory of 216	3748	chrome.exe	87
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88
PID 3748 wrote to memory of 1096	3748	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://wetransfer.com/downloads/418f47430eb2963b5512e5ccbd227d7d20230327040337/a7ad4ea37d69684d47aca661d723898b20230327040416/20d310?trk=TRN_TDL_01
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb3919758,0x7ffcb3919768,0x7ffcb3919778
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5372 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5396 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1820,i,18337995072691088450,5578523417586579839,131072 /prefetch:8
  2⤵
  PID:2640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
9cf856c3b0071561c3d1a91b86c347c5

SHA1
5d83310f35e3b16a508b7d1e90db28a81b2efe3f

SHA256
d0a0ad43061a652ec656e3f613d7b41a32f67f1940ff63f1c699e895a6591881

SHA512
2be1de57534fc93418c98b489d0b2e9a74d8e30f9b96aeb36338178f345fc84aef38872a62f47779d3e10dac23aa3709d105f3eab485c7fef4796556e208ff98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
47f7b205eacd1777d0e54b40c2687451

SHA1
505d4d0f743c4b4fa1afcd0a25c8f31fcb798266

SHA256
c68b2f21a998a4d76d082727ce542c17064063e1d61c2ae4843ef0283f1dbcdc

SHA512
7b015cb2f8d345f7a1226edea7650e7dbb4b34f5b4b71a74c177eb30778bf01af2ffe7e50069b3dcd308f24bab5425758c0546b9d88de9b664430133a8a5f7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c4a300b3647b8b111ec15ad770540c41

SHA1
6b7e48a273de611a6a075b41785d1a49c9b5df2d

SHA256
d714487426088b7358e07108be074b04002fd5086c1d05ceb515c2f6f517a9d1

SHA512
89908dfa53ba3c35356f61df6e13486307ceb8822efe0f8d93d05e877c437d241e1ac8be47e15e8532193b568213cbedc7abdbad0cd4c22212f4d892282f6341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48296a079c19e1de40119a19152d3886

SHA1
c1bb681fac5472f9d7c2c471b154fad243202a42

SHA256
772b87721aa2d4f17859d3b21086e83dbc17c5394eb02989896e1917f26587cd

SHA512
d757e02d680bc6bbfc2c1c51a8bda8f69ec5394abfbed7d25c536ded20320c1665d6cb0351bb19bd72e3aa4db72b12613859cf77dc1ccddb6d158218854345c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d8418d8395b191507e953b7deed27f9

SHA1
39c6bbd4c674af638660a9bc44428ed2131dee66

SHA256
81e5b072d78dd37c97c0ff98a3a0aa25142943349cfdeeb9af5d4d6da89ebf84

SHA512
9bd2d63cab0fa2f4371dabcb0f674037da547b734bc2797b4399f2ed05c801ebe69761488848b5852a477c3d72acb45139b194de4edf85082a89fef56da8672b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
15c12d7f85a07388d321f36ecfcaa38d

SHA1
f7168c82d1834a1f6a769c564789ef7972bc02c7

SHA256
f23452ccc1044d4b6cbf93be60c87ff0e3788f75213ef5004a3ad1074c091f30

SHA512
5d4c47bcc343c3ea66510646632f8bd14c244aad30bcfb17eaaebfafc63cee67516b256ff65fbded6fa6dc7cd496cad05237cf85ba758447574082365af9af8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
b2699765f80cfd6496ad16703cdac5fa

SHA1
7535487483d60bbe68ab9c84e17ff7d483acaee1

SHA256
a53cfc5a5774c9d28ba085463dea4ceecb03d8951a3f4fb8c6e477e271a987b3

SHA512
1c37ba7ac56533b1458d16f8edf845288619541cb31bac4d5cf93bdff3d4e10331776b2fa2b149059aeeeb8a495ab98e087ec49469f4fc4be168e086363f800e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit