hxxps://storage[.]googleapis[.]com/1b1cc374aeb6fb12e8a6/28ead50359fd29bfd862#c2o2ZmZObGtMRDUvQTNNS0w4eVNMUGFnOUVhOGFCNm1Hd0JMdFY2c2MwaXZGMEVlazgxS0ptbXpmaEZIYjNMVk1PQmZMR0daUEc3UldzdHplYTMra0NaM2JZQVhpbDB4ZFVDdnFTT2hYZTh5UjdZQ1lFNkZHZWhlSERpcE1Od0hraXF5TmlNeTVxamEzOG43TVBaeGFRPT0_

Analysis

max time kernel
600s
max time network
559s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2023, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://storage.googleapis.com/1b1cc374aeb6fb12e8a6/28ead50359fd29bfd862#c2o2ZmZObGtMRDUvQTNNS0w4eVNMUGFnOUVhOGFCNm1Hd0JMdFY2c2MwaXZGMEVlazgxS0ptbXpmaEZIYjNMVk1PQmZMR0daUEc3UldzdHplYTMra0NaM2JZQVhpbDB4ZFVDdnFTT2hYZTh5UjdZQ1lFNkZHZWhlSERpcE1Od0hraXF5TmlNeTVxamEzOG43TVBaeGFRPT0_

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133282373209579691"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 2300	4972	chrome.exe	84
PID 4972 wrote to memory of 2300	4972	chrome.exe	84
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 652	4972	chrome.exe	85
PID 4972 wrote to memory of 4416	4972	chrome.exe	86
PID 4972 wrote to memory of 4416	4972	chrome.exe	86
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87
PID 4972 wrote to memory of 1936	4972	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://storage.googleapis.com/1b1cc374aeb6fb12e8a6/28ead50359fd29bfd862#c2o2ZmZObGtMRDUvQTNNS0w4eVNMUGFnOUVhOGFCNm1Hd0JMdFY2c2MwaXZGMEVlazgxS0ptbXpmaEZIYjNMVk1PQmZMR0daUEc3UldzdHplYTMra0NaM2JZQVhpbDB4ZFVDdnFTT2hYZTh5UjdZQ1lFNkZHZWhlSERpcE1Od0hraXF5TmlNeTVxamEzOG43TVBaeGFRPT0_
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2de49758,0x7ffb2de49768,0x7ffb2de49778
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:2
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2836 --field-trial-handle=1276,i,5550044107969685486,704315189069009089,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1b729241a7a3c23b37aa3527c39039c9

SHA1
c2e0b9fa4f0b65840dd2630880a0274af99f55ac

SHA256
98b0ff971d9aa90be7fe340f68dad6cb0c529eb9717422a09273da85e4e6f501

SHA512
ae41f1e3615fa68fac3eae3f4c9dd0df8bab92d4c4bec40c2040c83af366d6f3efc1bf979b00302f0da7c44b7ab8725c544b6a750a20f52610bde19918fe7029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f6fb033f0d5ae97f85aaa3afa27a54ed

SHA1
ce6de78feeaf3de4bc22c80af6d3780b2639e9b0

SHA256
757c02393b9932ed353cd79a3d5b25a08952bdadd0584489d04a1ccb97944f8d

SHA512
7911aaf484b2aadc36e8244f5cb2debe69282761825467df98314178cca8177a7f3f638b56b9067f00bd24e423a575cb85a5950da3d5b016c0b87f115cb8ce0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f3055d1251d1d1b49bca4d4b7d934e63

SHA1
8e3b1d307dea06f0dee553d17b236280315c5367

SHA256
68a4b8eb468fad3f13046551f40914632a7e8b53b36cbe96fe10bd8f5be30956

SHA512
979b111dc23408c2a0d82c14181eda3f5e55ee1e8ddf8fc00150e72cacd97d6ec9b195579aba8fd673f1c4d9cf62bb7e7c1395f3b32501f0220fc681692a2e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
79eef363702d22c3f4ae601a00114e1a

SHA1
4741ceb36fec9a679907e2a58962caa380ca3165

SHA256
7f3ac83bcac0dadcbf94b3e705260c4b3508e1c119030aee26ee8631342b63ac

SHA512
3adf66a58a485c22ea918d226f2a5f093e686bbbc25743dee5a16f2e1de9159e0046c44292c0afd038420a66a98ededde567a07abe72699b144737d310c41208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
dc5252e91e4f1dfd51df7dfe41ab8f2c

SHA1
181a701f02216c9dbf890e516f5991245cd80068

SHA256
5a69da1ef96d865732eef3563e9cff0112813d87d23157c5d5a1f28bc1ea7c64

SHA512
4574b3c5bc88f34de786ce28441d3b3a08c814a5d64ec3a71331a34dde5ba38c79003d00ea50f0b8d8e98268c1e59d90b9aa3cf856f4545df337ccef3421d52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c7ccbe6fdf8962469ab3b50ca537757b

SHA1
5e25b136efc17d40a5baeda5abd4e3f686a2cb96

SHA256
f8422c974bda3c37fa758d16924f962922c2e5e2636a3bebb2476d34fa7e0565

SHA512
9c1dc9b489ea250087677c4aa9dce25f32d0672e0acf1e50818f6eb6cea2c082fee37ac3d349fcdbaaaf91ebe7edac93a8a09ff62eb3910cb59a5126855fe4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
46ed223dd3ca6963f5704ebb3bc8d209

SHA1
3962911bd77e94050fc27438e35d1601a881e7af

SHA256
a745d72192a3fdd950acf2a1b690aeda3a22bf04fd907a6cbeaa1f38c23ffeee

SHA512
3cf772b655696b62a80ccbb019153c1444e4e29155161c68ee671d54ba5158898180d056d74ed6dbbe6ac519043755f3bbd5f689250626af48256df84013c2a5

Download Submit