hxxps://affinitybiologicals[.]com/products/factor-viii-inhibitor-plasma-frozen

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2023 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://affinitybiologicals.com/products/factor-viii-inhibitor-plasma-frozen

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133306205291455606"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2000	2028	chrome.exe	85
PID 2028 wrote to memory of 2000	2028	chrome.exe	85
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 2420	2028	chrome.exe	86
PID 2028 wrote to memory of 3944	2028	chrome.exe	87
PID 2028 wrote to memory of 3944	2028	chrome.exe	87
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88
PID 2028 wrote to memory of 2428	2028	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://affinitybiologicals.com/products/factor-viii-inhibitor-plasma-frozen
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd3bc9758,0x7ffbd3bc9768,0x7ffbd3bc9778
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2832 --field-trial-handle=1844,i,6222803040199843081,10154483261995764436,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93c94425-bfc4-4f95-95a3-998ecd5c2b2e.tmp

Filesize
5KB

MD5
9fd740560cc9e21acafdaf01b5b00f4e

SHA1
3cd4a9f2413dfb39665e23e4c00d6fd15bd2c910

SHA256
edd7faa534f02c200c569f94a5caffe7e90bff1b900f7b5cb95be15ec895119b

SHA512
777c2dc04eb2cada449b707c12cc9180d0d3ed23b1727cd5f98a9055f91a71303450c07e2ee370fe95fd48b091a7046bce7253e4722cec7269a4c8ba167b303c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
162KB

MD5
839a6afa03312253885699c84a96e70b

SHA1
7d58a182c70501beac223c48636c059632163e65

SHA256
90c81168c32945db973e0a1da67d6981293a0b3b996459c488ec409a188a7f1d

SHA512
d3759e7d1a16979833711e15b5064262ef5f3728b1f9941db34aa0b6fb9ea5891ac441bc708f3a56343763d017cd3257e368abccd5be816b9c8a9754f987b524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
abb5ee1fc662cbc00ac8b8cd0dc2a58b

SHA1
ac46dd9e20805e7eaf90ac66c695c770362581a6

SHA256
4a79fe5c65bdca964d72327ee19ad8dffe0cab76e94cbce5a2ce1b75009d0928

SHA512
bd1077bbc382ccb6e571a319a56414f424c6eab6d1022b4ca555d0d4ac49ffb3aba80e650f3ecb6ac9d73c6884a3dc65ccedbf774e1afb2459ee0d78732c374b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
79b01e6872024b15dde7c78fe2e70db4

SHA1
a85f99eb8bd3cdc28547911cb9168a507ad8fd6e

SHA256
8078671d04184a25c5c69b7f599e2fd1399ca96eb7872647fadf84ebafda8b72

SHA512
5aeac455a472fbdc60fb192423e7eac5c1683121d2c9ee8b469d86d6a6765d49a10eb9d8d630b879ffa15a398e46cf5a1b4c6a10a4b1ad20b3cf1a1670442469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a884a11641aa2df97c849f6457069307

SHA1
f299c0fdfe477b868107e8a620e99e7908765d98

SHA256
c6a437980d0d94e08a60383f632d4cfde82794ea5edffa47cd02d00f2db8761c

SHA512
67d5d98acf000b6522d607e4e1d233d5eb8fe0421e8d7f9c8c1e7b9e763e6d5a04bd524c16faf166b88d17b88485c6f86863b6815bf9afc9b4ae9798d674f9d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
41d150d58292df21541e75341c2d3da9

SHA1
29b7c2f020d1c59edab7fe03011183eb2b93e47d

SHA256
4e06fb37ff8f99d001f1aa78d2c6cffa0508f39a7fbf5caad8905a8fc29acc65

SHA512
3424c5cd7214c35e3a94ea7eb14600e836af5ae36e6f4d5b29eff780c188746fba447b389d0047615bd89d4fd60f9a8feb628621013dc03d38a0379457c57df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01e68bb4d69458e20e91aacc6a9835c2

SHA1
0264d2af6f2d05ea3c66b7d96943616e94cf45d3

SHA256
23eb417de72f761daaa627ae74c0fb5e13afda9ffee26d852531b4d6213054a0

SHA512
1bf86fcbb6fcb5a5d4377dfd5d4640356e9602c6a5bb0be428424ab4a25c9de2bafb40c20caad9bec5307db801fca0afe896f19942e39f35ec675a747927ade3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
dfc19064e622a475b887d8955372a26f

SHA1
4800df759d7cc91462392570c8f7aac80af8da20

SHA256
12181651cc13b63523fe46f2424971516e0fe4511770b7daff7344215ab44158

SHA512
999c3b87d68c88d03dd5d0951c3589e05b34ee10900289ece38cdcf6fb349c65e377fc1407e1b796f11d7de67d63d30325e6d1ddfa0d344df9fdf86cb315a643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit