b387df9103a68318d46075f3bbf72ccc80de8efffe9ef0fd8b4f649a13096e6d

Analysis

max time kernel
1802s
max time network
1699s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FS_10.23.htm
Size

836B
MD5

177aa32c1694c9427cf8f96c6e9f7b3c
SHA1

9c7a676dc0716ff5167312c4ca564c751572a826
SHA256

b387df9103a68318d46075f3bbf72ccc80de8efffe9ef0fd8b4f649a13096e6d
SHA512

4f1483296b88d8afb36b6b6595cfd5457a04262b3b85307f201eaa0a7b22026e899d6cd08606bb77536a3d7e6cbb55a98c5a10510b5803ece108782ab3e1112c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133446380611741396"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3428	chrome.exe
3428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe
Token: SeShutdownPrivilege	3516	chrome.exe
Token: SeCreatePagefilePrivilege	3516	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe
3516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 4972	3516	chrome.exe	71
PID 3516 wrote to memory of 4972	3516	chrome.exe	71
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 908	3516	chrome.exe	88
PID 3516 wrote to memory of 1128	3516	chrome.exe	89
PID 3516 wrote to memory of 1128	3516	chrome.exe	89
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90
PID 3516 wrote to memory of 1324	3516	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\FS_10.23.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffab4149758,0x7ffab4149768,0x7ffab4149778
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:2
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3816 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5272 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:1
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3076 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3808 --field-trial-handle=1812,i,15508119952755045398,8360261597826319152,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4713cbff6e0aebcb735d76321f5da72b

SHA1
5556cc1f35c713634bf7a9e150f9123ee85b1dcf

SHA256
d97eb8089304f7709e4c9648608f7c64c68bd14c18adf0c0424134848361d18a

SHA512
44226a18c79450b0d5a10f60a17cd8b450be333ce644e53b59a639b1cd3ffdef0077e4960dc38425d7cc0bfa7c3d2a14b9acb766913ea2ea7c461a8ced3964af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
298b3ea7be5bf2be84305aae90772df5

SHA1
4f60bd964766fcfa8cb389813f98e522d0d49867

SHA256
770fe852199f7f94f9424e664e5f0ee8eca1e8f4ce3a032cffee17b1f102fba4

SHA512
c6a027a5603afaefcd84f616a54b52679d7b0855f758495e412cea76b27290b40c18d8c0746a32cb03048abff021c930cdfe2e723e82fd059bbe89966f8b753b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ab64b4a4b822d14dc41bf5b1cfc680df

SHA1
0d4646f54fb0098d768f033581e8aee25effa485

SHA256
f81ca949d948962966c67f7456fb5f2e08f4710822cafa762bed31f74a2df205

SHA512
e714952cac2760466e8b844ea5edce2b479487913eb8a8eafca0c01281aecd61e8c849bef93154301fc7a2b09b68709b011ce6c534206707524d83265c125a09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
097a2d7fe98b0c45a64c1000e4778be7

SHA1
06966911b73a82187cc184919a0f3abf984494ff

SHA256
5aa210bd9410a9da3728b8e9aa4c80b53bea2afa9089638c20455e12012c1aa1

SHA512
2cc18bdf9c7302dd5314a04a6b7a5fe0b89744e7340f12d15dacd666c0fc912ebb0464c4b22e7ebcb09304d34f2f0177bb9e2221a0d9ffc78e79903515309ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
96ba8b1637de2bc4e9e84c36d4090755

SHA1
2eedfb60fcab89438f3db8ca5e10b0d0495ec3e6

SHA256
2d55f5d8e7fdba9b07cde89e1f3c08ad06442a8cdadc83d38c84cfd1fdab4e69

SHA512
d608a71d5b237bb3028046d8b74348784c956be637b7700482c59cf2f9063a19b5567c4bbe29fab5f2901f8552c9dc6b112516b46d79706fe3b2761c76cfab33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit