hxxp://78[.]128[.]127[.]242

Analysis

max time kernel
600s
max time network
489s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://78.128.127.242

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133450978317275900"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3852	chrome.exe
3852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 2880	3696	chrome.exe	68
PID 3696 wrote to memory of 2880	3696	chrome.exe	68
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 3268	3696	chrome.exe	90
PID 3696 wrote to memory of 4252	3696	chrome.exe	91
PID 3696 wrote to memory of 4252	3696	chrome.exe	91
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92
PID 3696 wrote to memory of 4680	3696	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://78.128.127.242
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd5709758,0x7ffcd5709768,0x7ffcd5709778
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:2
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3912 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2972 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3924 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2284 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1760 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4632 --field-trial-handle=1872,i,16846980150042874415,13072297482147943753,131072 /prefetch:1
  2⤵
  PID:5004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3479ec3535bbffb12569a5bc09f64f36

SHA1
8f14767c75cf8f92248eb357e7966174d2195c22

SHA256
ca174b31e694a8d2e3bd9479201ade6a1516b02aa84f23907d7875adac715ad8

SHA512
fd06a71c84cc012deff7b8290d2feceb3a9c06d4db7439d64b9df30cf378246f0d29451de816b8024ea181f1d1e87ca8974650a0b9e57b7146fbaecbc2aa3fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2381b454edb7fdd05ab4f19f71953359

SHA1
4c644d5ad28a2a8435492e48e7f0d70e490c6789

SHA256
081e8697e8bd975e66ed16fb7febb9fcc92ef272e0231c27a2a691a5963bbdb8

SHA512
b05b9f9e3b00e8cd4fd573fc4c25ce57e609ddee4ce94d9df51df2f34b42bd8895e8855202a1ede8a2172bac8ba5879a9b19f540122cf4aeabecf4f903369627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3b30a5b65dd7ca90a1d3f2e9675828d

SHA1
bed69c105788dc601078d8ce196fb42226d73191

SHA256
d1b90bc2a0a8706bcdd3834b0778309f61d3b82259c733a7314d7020b9688a90

SHA512
28ce1464eabf3eb56e5b1f89259a25ff5d720a91986b642eabf0466765d8710873c00d0532a3e20ce41ae4347b9ae4add0879d50dfa6dd7b4440254bac96e7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
2d3bf36b76771c4adaa7febfe34b5aa9

SHA1
b079581cf2e041018c53f8228565d4e502ed0d02

SHA256
a79f6795ddb6ac303e2a5768aa4616bf82e55a3f933fcf694bba4bcbedbc8049

SHA512
be5718c2e2ec58c7bb5e08472907989347f9b4a82c1cbff88effe87175cd275a722ebb43bff90a5aebe1bd466f7556d2649dcc741602dec68b3493fe4883a8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit