hxxp://mail-bn7nam10on2120[.]outbound[.]protection[.]outlook[.]com

Analysis

max time kernel
599s
max time network
590s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2023 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mail-bn7nam10on2120.outbound.protection.outlook.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133338430860498135"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
116	chrome.exe
116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 4496	1224	chrome.exe	68
PID 1224 wrote to memory of 4496	1224	chrome.exe	68
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 2708	1224	chrome.exe	93
PID 1224 wrote to memory of 4752	1224	chrome.exe	89
PID 1224 wrote to memory of 4752	1224	chrome.exe	89
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90
PID 1224 wrote to memory of 4248	1224	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mail-bn7nam10on2120.outbound.protection.outlook.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb30829758,0x7ffb30829768,0x7ffb30829778
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:8
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=6132 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3276 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3780 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1780 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4588 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4784 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2916 --field-trial-handle=1876,i,9799524495634884552,6640673864087253356,131072 /prefetch:1
  2⤵
  PID:924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
edd5630734cd6989bbf7d61faf700f49

SHA1
559e767711e38e8730f88b831499610874e11dcd

SHA256
47c2d7bb8adc2df3fa14255e76805216836bf662faf1a5651ebc2c6d6e955a9b

SHA512
24a29f87f78b8bab71de3d50c9947179086aeba37866b38b39af13bdc6d738d40e28a931d84d5f4767e4fa1517cad9f1597b23f48d8dbd8dd22692185b36b5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba61f49b1d921674d3318bbbbcbeb9f5

SHA1
c48a9ec1583b3743c1623a4477c3a2de5ca405d4

SHA256
6b36d326a65155a3cee69fc2d148d6d5a9358cf2112a8424ce048f50ade622bb

SHA512
aca919d13f51e46906ac80a1c4b48606a402411dc7d2a73aa652b325bcb110707ff436ba8bb9b4a503e196dede3b70cb3b8b218679967f904d15cc965d242798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a802524c8077701d316f5611539a28c0

SHA1
8a46f24d24472544b1783e581e82168c63a259ae

SHA256
f6ecd9cba5e5fc6d79477be0c083fa2fbef1f3b30ec2e2704a64daa98e07be12

SHA512
f38d82e7185619d5585702992cb78788d9c8b35e9c37b5547aa83f4a839b203b58a206e551a1c24f8dc72a7f13878278fdc598e73390bde2b0c1fca0da6373d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
6b1aaf45f297b7e2b5a0f16661981565

SHA1
838401a0340b37d1a5196fee5f9ffb3719b909d4

SHA256
1714a38e2cc721a67616b47fcb0d330770c356e1b5bc9d7693288df6d3dfd777

SHA512
e4a3c6dc1f78a7299e37910619b3c3e410a9bf1c97296a4d093ee6d999a6bfaa219e526c0df277f0fe418f51279ffa92aaf022eb23e03926ff5cad8dd5ae7db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit