hxxp://pumaenergy[.]com[.]a9vk[.]ya2[.]design/?YW1vcy5wYXJvQHB1bWFlbmVyZ3kuY29t

Analysis

max time kernel
60s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pumaenergy.com.a9vk.ya2.design/?YW1vcy5wYXJvQHB1bWFlbmVyZ3kuY29t

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294737958873652"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeCreatePagefilePrivilege	1312	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1264	1312	chrome.exe	84
PID 1312 wrote to memory of 1264	1312	chrome.exe	84
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 1572	1312	chrome.exe	85
PID 1312 wrote to memory of 2304	1312	chrome.exe	86
PID 1312 wrote to memory of 2304	1312	chrome.exe	86
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87
PID 1312 wrote to memory of 2244	1312	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://pumaenergy.com.a9vk.ya2.design/?YW1vcy5wYXJvQHB1bWFlbmVyZ3kuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff916b9758,0x7fff916b9768,0x7fff916b9778
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3500 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1824,i,7947475698735391696,44474771273308070,131072 /prefetch:8
  2⤵
  PID:3084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4068

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
329469f7b747381a2efe2bce8ac6effb

SHA1
33c25b8ef3186a27a9b1017a7dd190307a67ef91

SHA256
7d38192d908d7347797062a888c62bf2bd0c2b4f1abcdd7948c211ffcbdb2fb9

SHA512
1bc425e55b6ded3f48b834c4a3aea61cc6848ef104aaba71d0d9fb01b622448eab85aadd6a0ee9036b6851a4f627252e33f6a66d36cd5c6c7e6dd76f056716c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
216843dcf37d3f54907112dacf7ef373

SHA1
2a31001bef36253bda9cf36a25b1c8e7d5724ceb

SHA256
562127d0462f2b39407784267e74126656a4b0145b8b306c8fa3ddaeb5112216

SHA512
e54e0ff6c3a31bc83ccd96b9bad5ac29f0e81745c6fbceeec76bdf57806a4948b50580e0e09e85eead1148fe88d22133b6b7b0ea8466f87a702bf7b4bf9ca8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
77d9e7bf713ef73419ad0355ed38c042

SHA1
400baafc0060281652bcc12cd2f006da3d0237bc

SHA256
60f3dcb526d8d9ecb7e372ac283cb69d69e30d6bededb2c3a5954fab1d3010fd

SHA512
0efa11c33c3b276fb8abb40cd6ccc615c328b11e84a8f87388e092a71ae56f74aeec01694f7167106e08a152e99c005ecb99d1e652ca6c6e9db93c60653279b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e548526f623554e7a1837b9c4ec99e6

SHA1
57d28e2e4645ba607eb6d07309c304ce6dab8a9b

SHA256
db4fa68e245f278ce4f36246a3273ead88e5d958845ad55407c6f49f6c4bcdb8

SHA512
cd72cded474baa408a1c0dd495644547e48afac4de12fee02aa0ad966f02e3880bcda9895b6dfce31083a8b804f2bfe0d84a12e3bf2da79f87cea019c844c2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
adab22c0e0c50b9acfa0b39fa73c5e70

SHA1
bedfb6fb91889fe4b7b9424ed118bd55661c14ff

SHA256
1fa4704ffdc69602a83876a3ba32292d4143810313616cf385e2f46bb6842202

SHA512
40409394c824ea64aae977865b4354aa3308139b81ad5935a9a5495dffe72dc2f70ca3d245b3af7a891d435ea5ec7f88c1590a604162d2468df30bc8cb8b766c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d4b3d6dae6696135700b3d13dfc07194

SHA1
504dce1cbb3fb1947845f7ed2adf6391fd96a8e3

SHA256
7161e884f60a4f039680ff9f43327c057c4d577b82ce1aed117f25200e313415

SHA512
81f479a50b2c0ac0fda014b72e85f06ef1e9e48d745c7ae2db930b1fe620e6a314ba9d8482eba37f1786adddc2b709ec06f64a230108f94dcdc5c0f702a43f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
b5ba2c8663f9b30c2c4557c9b3ad7661

SHA1
3ef3ea7a1c0607b8b7c5d96bfdddadb678d4dcf5

SHA256
3f06a16f2b74b060f80810ac270f614c487f64e2b10a027229420f84c0b0ebcd

SHA512
0ccc9f3649db26a040ba35679022ac3e8b1201b6e244a88b6349423af539e6c698802fea8843bdb70c0a2acfc7e4e0ee5a0cd42de37b2f979aa000645068ec20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit