hxxps://apiservices[.]krxd[.]net/click_tracker/track?kx_event_uid=LR25EaJr&clk=hxxp://6yz[.]theaireplacement[.]sa[.]com/audioservice[.]com/am9jaGVuLm1ldXNlckBhdWRpb3NlcnZpY2UuY29t

Analysis

max time kernel
49s
max time network
50s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
23/05/2023, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=http://6yz.theaireplacement.sa.com/audioservice.com/am9jaGVuLm1ldXNlckBhdWRpb3NlcnZpY2UuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133293394272239195"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 3696	4108	chrome.exe	66
PID 4108 wrote to memory of 3696	4108	chrome.exe	66
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 1572	4108	chrome.exe	69
PID 4108 wrote to memory of 2032	4108	chrome.exe	68
PID 4108 wrote to memory of 2032	4108	chrome.exe	68
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70
PID 4108 wrote to memory of 2852	4108	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=http://6yz.theaireplacement.sa.com/audioservice.com/am9jaGVuLm1ldXNlckBhdWRpb3NlcnZpY2UuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff974779758,0x7ff974779768,0x7ff974779778
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1976 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4384 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3208 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5604 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4876 --field-trial-handle=1740,i,16147830439373410818,5128709684343471249,131072 /prefetch:1
  2⤵
  PID:1700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2a6677286f63c31192dacba99c1ed074

SHA1
31ce7f70c9f221a2e4650a4bec2f605f9cba3589

SHA256
064d34515b1c2246f93769fca0b9d9897743bf724b1125e01359e16576396a26

SHA512
b4ea84a6ba6959f170b507b36d14ce04ae023c567deb9fd472eba380f7811d6849ef1d2d13d963c1a9bc5d2bca63a69a2156c1e68550d5d7dbf43304a47203c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e0cd91def49c6a0a794f638bd773ca7

SHA1
b3650f26bd095f8bbcd50753d8f94d890dfd56dc

SHA256
86c0656005ab3bb8690501ab68f7a187884e767f3d5fddd6e6010f0a73441be4

SHA512
6e74a91b6f0bf56d707a39f673caa8bc2cfa7830b03f1d108cc427bdf8e8cea037135109d4942633cf3a461da2b54cafc68ceaadad72483cf9cf4262f87fd63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9dd4c1d3c2dfc477a6acb5151b8a9485

SHA1
82137c6f99375ea86fa5e3ff74275b7989cdcf5c

SHA256
6e22e9e8f70366144032b6c30f72ade492286de5323931dd99268fb7573a3d4c

SHA512
7a7caf7096116706346330d2faebf81d40a3ff47ddfa23a051dc27b7d5f3d134e97c981f1e11c4dc6ea4d2898a850110d76236f43f7b1d2e5a610b5ed736e841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
69b44231ce80d6c894b67bc5cd749908

SHA1
e45cd47c4f10381b0b435c9166190f6c900e8b9e

SHA256
ecc822ec4109db00685b6cc66fe24121789f5e9e7bef7fb310d78c833bccc311

SHA512
2ce208498a9640b270abef2208dd76e75cda3402e4388196c15834f3ebd6435fba7439af99227ec884621e1f6696e757cccd7fcc88349d3d8a013f2626e3280f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
93bd3b2d3f970198afc763595d2f6de8

SHA1
f0f418da06a59f7b6c490a9a8f16c76475b18d5d

SHA256
7944f9d469a0a1b81de6123630b14ca81e10ea6625fb42c940f83afd96247c3b

SHA512
32c4ac8028872070c6be2adca5909a3eab72d54be4c20639683cc666d615a0a5b2a65bda9c2a362aa1a486e8fd480e5a2771585cc31f4b4f6df7d29e70a1ee94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit