199ee8ed7103099539a6ed77179c7396054d8251ad4862a00450a21eeb5d1d15

Analysis

max time kernel
300s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2023 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Testattachment.html
Size

69KB
MD5

12e3f833e705a7e9d537ca6bb6845e78
SHA1

ecc5532199da0e4374307c450576cfca61708de9
SHA256

199ee8ed7103099539a6ed77179c7396054d8251ad4862a00450a21eeb5d1d15
SHA512

dd9e541062584d5a9979d9abd91a757e5a34d2da172cab7390917b12c3cf3ef562fe135958fd55aa86489dbc413e388744de31dfde56b2035ddf87184aba9910
SSDEEP

384:PjUEKpiiKN6oIIob3VgWCZ9frfrqfBfDbAwYkrmKunjoYLRGsLdTeYtqVRMs1f:rChbCjet8kyKm6YIr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288702263393246"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4112	chrome.exe
4112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 4872	4824	chrome.exe	85
PID 4824 wrote to memory of 4872	4824	chrome.exe	85
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 4544	4824	chrome.exe	86
PID 4824 wrote to memory of 764	4824	chrome.exe	87
PID 4824 wrote to memory of 764	4824	chrome.exe	87
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88
PID 4824 wrote to memory of 372	4824	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Testattachment.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2d769758,0x7ffa2d769768,0x7ffa2d769778
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5408 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3752 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:1
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4524 --field-trial-handle=1840,i,8734762800606551596,8979824967569555426,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59b02b3fbaeddbcb1aca47723cec7bb4

SHA1
6b28ad91dd14c5a042e18880383e0fce6c978d64

SHA256
1ce95e5355d0c53b8d3b329bba7cf0d839d7f2cd51a4d2c1a31b468940b1ce13

SHA512
f77956c0877a9f69387d897b563758c08882b53f5ee94ae71e15a15163b553886004a225e82a7b0213a09478e35314a87c41e9c03f2ea125948e7f46be9b458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
480545b49df4f9444141d0977cc92d2c

SHA1
4d4fd7759534c4b6b311fe0957d232869ccdb225

SHA256
b97d098f8f33ce7b6e7425082cbe2332044c10743be14b73cbccd4bb5f675953

SHA512
c3c52fb241019ee2017253afa85eebd9bb7a5bcf98eb443ab2629fe2644dfd0dc9518df9fee47859f1e954ef998d260084b5c902ee0f676c52e44dbf5bbfacef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
43b8d3825214010283a3134006e813ec

SHA1
20a74c53a720825497db10def5add6351764464f

SHA256
742b01ac0213ef9aeacdd475b2358b9b5f4d15f6a027be17812ef7591313c6ee

SHA512
91aed7b707a85bc5580d2fb7e11ea8070b1f74cf1c244ebaab157fbea145c1173e0643900247449f047a946df6471a0ec44071e35a21e233e57d372aac10728b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f935ca677551b1d68fdb20cc5fd97b09

SHA1
a148064b15c4868015d636673d8ac22dfc16883a

SHA256
519615724979296e4a49a7e789bbed64509dde423a0b5181764f6424cc3fd226

SHA512
4db975f0c979d667f60b43d385bda34c37c0dc3a4db8fa41dd6fbec34e2aeccc80668cbe40e53fed533ec4382c1534cb2c5db6bdb54a5caee5b32cd3a55a926e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0fe99dc09287af171503c112dd224337

SHA1
3603c1ac3f791ae9466e1c4afea0a71868d8d095

SHA256
b5dbc07bf03e8325f054dff9d3a1af242cfd544670119cef4b2b724d7bbe05ed

SHA512
fefb7196e8c9b02b9408080cc821851c55b6e379885198a84b8f4a275f003dc7f99ef43e8f9f168ca5863c07cbc5215dc02191434153bda3db39596953495250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
038d1f746870d2a7062c8f7a3eb11007

SHA1
2f9ababa95f0302d72ed6f896acd6bd7beb692b3

SHA256
683382325cf1819fd0632c9a4f3b670529ac2a8c55d2d08e40b54fb1a2302306

SHA512
9aba5857dde92f66a9b5f6234bdf45c3467253c66a6fac0e91a02314778233cfc9ef22124d62a1d3385d72e95f5c31129557a6acf2c64054719791210841102e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit