hxxps://google[.]com@office[.]com@adobe[.]com@docuauthentications[.]work

Resubmissions

02/10/2023, 13:03

231002-qad68sce85 1

02/10/2023, 12:59

231002-p8k7rsce74 1

02/10/2023, 12:52

231002-p4a61aah61 1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://[email protected]@[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133407247742607914"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 1676	3716	chrome.exe	36
PID 3716 wrote to memory of 1676	3716	chrome.exe	36
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1136	3716	chrome.exe	89
PID 3716 wrote to memory of 1884	3716	chrome.exe	87
PID 3716 wrote to memory of 1884	3716	chrome.exe	87
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88
PID 3716 wrote to memory of 2876	3716	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://[email protected]@[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd692e9758,0x7ffd692e9768,0x7ffd692e9778
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4732 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3704 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3964 --field-trial-handle=1912,i,13072110014299413905,7410742104542921964,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7cec422a-7333-493c-951e-793f8f1f19fb.tmp

Filesize
6KB

MD5
0060d3c4be3a8744902ad6e7e610a693

SHA1
afed755a492e5eb02f04c4ca80184f431212666c

SHA256
a639c7eb8b49cb22886854b36a88eb9614090e2582c3245894663f03d664fba5

SHA512
98436d069e6a98fe3da7bfeca73f69fb789ecb8db1dfeacc6da5d3e9d835bd53e0189ebd792b5c80b7458d8b54d1ae34816255b28cc62f86b5bd8837b7fca0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f009e241d687877ba0047089b4782b38

SHA1
f1372c25b86c6dea8b41f8c3264030fc1ecf03b5

SHA256
dc1f9dd34f836a51144a7981955acae038a77fd62f224b940a446b267ed8b332

SHA512
ea1212ee7c4cc59fd476b376755d4d921af2e134e4bb90e99c8e96c34a294a32c2eb94b6444970c4e07f580b6427c0767c234faffe636ad6dfb63565f1530d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b2cd6143042d09a62de4bcd7c86966f0

SHA1
372ecfb9e9f5c0eb86c354792055c4b9c114aad4

SHA256
eef2bd5ddd45f22e5c96b3163663ad231cfeb1cdff425417cdb7a7014d918310

SHA512
fdda8dd556f4fce285ff9e87625c6d4f6f9b81bdb1a6bdd8ee2c82d45dac1b8a53e1d98c1e65a8e0b278f332a62f82b0e7ab6f5a40d71a20d2c88d026f90e5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a4ec2f826aa473795ca02b379748fcda

SHA1
7a9d2204c9088a9ab49e8110f7afd848dac112ed

SHA256
e6c0782b01e191a4a3c37bea1c916d9bb3ca9e47d8b0f7aa66f0832101a7e32d

SHA512
10305985b98047716ebb671572674ad4a160c595c74ada87b147fe05b41f129df395395798620c694e85525efdecdccbb069baaa11cba328c1d5f57bfffe52ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
900a5217aa28d9d3850859619fd22b71

SHA1
f52de8b08efc30c3fcd2f8d6191e3b2d8a470115

SHA256
04ca940479d456b806280b1be9d62f7324c04e2104f0568b7d5de5fa3a9aa28b

SHA512
ef6fb453d0f9e67a48d44affdae7c57fb2e7a3bfbb1f3c5b5bd5c432009214e2246c8c5f205d07d91d56398cc353c635eae26e8b8788fe113cd188236530bbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
77825df1299a875b7371719596d8876e

SHA1
d165955f56eec3a2d588a5da48af4010bc6b45ec

SHA256
c9607476d7cf9066cd9074b42a3aa705a306b3ad9fd346fbf479fca04bebd8f6

SHA512
342a6caa750c27906e33470d083710cf0b196b281963ce37dfaa053055253e7a59e3d4311a6e153bd41ee72020b57f7e1d3f927a37a117c7628f59dcdacafba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit