hxxps://intranet[.]tbpc-corp[.]com/NewPass[.]asp?acc=dfb1e6036ebf59f55bedddd715039002&ee=73823849085

Analysis

max time kernel
300s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 08:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://intranet.tbpc-corp.com/NewPass.asp?acc=dfb1e6036ebf59f55bedddd715039002&ee=73823849085

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133433018580261840"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 3432	3860	chrome.exe	86
PID 3860 wrote to memory of 3432	3860	chrome.exe	86
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 1632	3860	chrome.exe	88
PID 3860 wrote to memory of 3604	3860	chrome.exe	90
PID 3860 wrote to memory of 3604	3860	chrome.exe	90
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89
PID 3860 wrote to memory of 640	3860	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://intranet.tbpc-corp.com/NewPass.asp?acc=dfb1e6036ebf59f55bedddd715039002&ee=73823849085
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe9d29758,0x7ffbe9d29768,0x7ffbe9d29778
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5164 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1876,i,1377680087730247231,7516470057364299358,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
194c4255d765a1f41b23e4287cfb361b

SHA1
69f7434c597537275889abbed21de9305bfafc17

SHA256
750e753e2b57d6e32b53ddb8c35d01eaad503e876c68198bc427e407900ccd63

SHA512
b4a09e31d58d424f31b46df091803295b44c45f1d3692da8d8ab44ba531e1b1630effaeac296b8ee7db582b5fd6824673a4372447067dbadacf3eacf4943e1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f5c5e2d0bd9ec1daab21b387abd50457

SHA1
625efe2b4f4fbb93cf9b30500d6671e7323f3f14

SHA256
4eff1580a47a6081a0cda60b416a6f1f41cad48cc44da8378dadc39f03cc409c

SHA512
ef66e987f730fa2569869ed43715c5d9f86cfce8ac3fdf1dd2a04f847ee3c3921044fd7069b52a823349ff32051320743909be86612cae8165983f48840f0adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
548a48a1eaccf3101f0de8fb833df278

SHA1
7647406df7c2bb396bba8b691cc598fb5bd2e0df

SHA256
e3d2f6ab8cb9c4c80170087e66a76c89bf55045e85a85e1ecc5e65e1d553cfae

SHA512
cef1a6ea853931cba91db46d881bbc3e5001b1562b635a7296e8f897ce3358d394cbe51c1587b23d0c5a0bcacfcfb6f8de4fc19c1169e4d2b80b6d456d7b9f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd57401f3fbd0abdb0c7037c48d347f0

SHA1
df8a091917021149c4ab106e377dcf58199b19e0

SHA256
6360d3dc6bbd62b0b5cf6fdb58c5a8d9d857f835f7872c62bfd9bc1f67c5ef1c

SHA512
049e117a4654ba6d2f538ea8505be14ad31de052a6c7a7f3b15456603f599dfdfd3bfee08105ff16a462943ee95643b24cb5aa2933e70d9ac64b57ce3bea6362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0996e798f57f281a6b424c6f3ce4c010

SHA1
bcb777e836b9ed4d059934b851f0bf8fc95c0f89

SHA256
067b734cfd3f21664e2659ca0085ef3e9ff36cacc7d37544c637540dcffda909

SHA512
8e2b596975f93f17f3223ada37a2182aab82c53ef931d28787910424f5c2c5ebf519b10252afc1dffb448c689d3c2cfc85a7b1e5b103e5bafc1ffd80d6f87073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3dfd3a9d4dd88498298307f24d8f4855

SHA1
2fe92647a9288d8cdc592fd2c9bd75131833f677

SHA256
c91559c402200fc740f3ccf63395f260b1832c732a0d484334e0fc160733132f

SHA512
4cc8baac017c56d420f6a8b03c0a5e4b979a5038dcb7cc89893a74d21efbb26aece76e3e2c9afd3deb89c551d459b4e6e7d2d01a4ec57f8ced7f84800e50417c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
e978083b2ea01700fa0523dcd0ba528b

SHA1
82ce3fdf3dcb9a1b5246b081528fce6854453483

SHA256
4dc13b2300b2fc3ec2d00b7d6a0af36e7af9d960e46349fd7d408db80b6ec7cc

SHA512
476d0d8b200dba4a336d11b0eadbeaebe495485011b08d878e65793308d0e86e1c1c11fd11e4d894e37c2458289bdc8bb63d0a4f180791e9ee7ac4904152c5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit