hxxps://www[.]baidu[.]com/link?url=3N_psbvgPKh3Qr_TgA2pZzq6_yVzn1k3HRoLOXq7sLSfZinLZaV4LmTPjNBTxUhb#ZG1pbGxlckBlc2FiLmNvbQ==

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.baidu.com/link?url=3N_psbvgPKh3Qr_TgA2pZzq6_yVzn1k3HRoLOXq7sLSfZinLZaV4LmTPjNBTxUhb#ZG1pbGxlckBlc2FiLmNvbQ==

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133375705389124507"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2212	chrome.exe
2212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3464	2316	chrome.exe	81
PID 2316 wrote to memory of 3464	2316	chrome.exe	81
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2900	2316	chrome.exe	83
PID 2316 wrote to memory of 2932	2316	chrome.exe	87
PID 2316 wrote to memory of 2932	2316	chrome.exe	87
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84
PID 2316 wrote to memory of 3832	2316	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.baidu.com/link?url=3N_psbvgPKh3Qr_TgA2pZzq6_yVzn1k3HRoLOXq7sLSfZinLZaV4LmTPjNBTxUhb#ZG1pbGxlckBlc2FiLmNvbQ==
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3e09758,0x7ffae3e09768,0x7ffae3e09778
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4712 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4664 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3356 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 --field-trial-handle=1864,i,2080169963127141237,2156733780016156261,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0d0878433121113e50cebb4f0652cce1

SHA1
41168947cc12948f03d899e562feef407eec55cf

SHA256
69f61c409b5aed758c5790a1dce0908ca234b3f056d9155b6f954a43fea9546d

SHA512
14b6ad18592780af1cbfc0309f5fa263fff1ff9dd332e74d317960f7b84ffc16dabb91bbf8146b031615b90c0eb17f3c7ab08b229ae2c32ad036905bcfaf77a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
51363dd5d50f61c27197812bca969ef9

SHA1
228aacc26687fadaebf7a0ddeb62afb097f5582e

SHA256
cbff097b86f0433fb9de4cd76fe04431a7c99a3e6872239d9cb1da500f90bd91

SHA512
fc36fbde4a407864953443badd75db72a7e7d4c926edb3fe49dedd8ca36d82399649b7a9a6b90741b8983f2f1c780056fbdd8e99d3dce7c5e9a430d566b334f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
5a6117db2e7348e45d0b4ab7d72b7878

SHA1
897688aa1edf57662460ebba8ac5d531c3278553

SHA256
5df898b9346d6045d49f23973f0f029589fd0c673885a3f33dfcead74043ecd1

SHA512
a76b96c72f1da224e579ea1ac3c3183e8bdaba121e04ef4c3d7fc28da878a8f36c2848c20ff2d38ceb09c0f618647ce4387cd4513e8ca4cf1b90d6e1746e0ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
126d4e1322e94dc0a9ff8ed9b1494b11

SHA1
e4468c486ad04da2eb55b9deb0238fc38e256685

SHA256
f556a8dafd926f07fa502406fddf8a038637a1b50512ebc33169c536ece7bd26

SHA512
c88e0791ea0e996dd59d66acf360966b03994804d01cde0911d913b772db31a51cf8628d8d5ff1febd0514763aa0cdb8e80c5015acb34de93177e726ef70b1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
0d4ea7518214052ec22967d946ab7f97

SHA1
9c405d15f8f0f23c9aeda6b0a7a9936f49e5c1e7

SHA256
ea634b6458918e350ecd3a5057eebee9a2d1a6aa6f0d17ddaa32dd3662d85232

SHA512
88658ca6a766407e8d56e72dbc62b927ed70716815d92b28009de6eedb50cc983004dbd69d8da8a421bc87061640476acd0c90e638eb550bebb3258ba15d11ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit