hxxps://smiths-hynes-law-firm-llc-dwt[.]blogspot[.]com/?845293&m=1

Analysis

max time kernel
300s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 20:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://smiths-hynes-law-firm-llc-dwt.blogspot.com/?845293&m=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506020539457284"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 3712	3328	chrome.exe	85
PID 3328 wrote to memory of 3712	3328	chrome.exe	85
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 4364	3328	chrome.exe	89
PID 3328 wrote to memory of 1628	3328	chrome.exe	90
PID 3328 wrote to memory of 1628	3328	chrome.exe	90
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91
PID 3328 wrote to memory of 4444	3328	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://smiths-hynes-law-firm-llc-dwt.blogspot.com/?845293&m=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdfb19758,0x7ffcdfb19768,0x7ffcdfb19778
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3384 --field-trial-handle=1884,i,75214323177833654,5411676691928522244,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
111KB

MD5
907a3e02e598b7ff0573cb303c4c5bc1

SHA1
d5a11ea3e1ef67911357c738df1bf6665e05e8fa

SHA256
f1ba08fe21d2b585974b5459d7ce1b67a81a838dbc8c89d3723e5c7758185b76

SHA512
6301170298a3449237499e851304f2feb7594ee2f6681d5cdb5aaa7a17850d2b9644d919f09af876a4745a90afa5c062102d27203532ed763ab1cbfb898fc6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
731dc5eacba2c0bd5d401625eb995abe

SHA1
c572574819e451860e256f0bb2feed8d80b86013

SHA256
e721e00fc3a5aa780aebb27bfd1db836cb6642e0f6265dae8881a2875522ff31

SHA512
6b493c88d75dd447be0d9b61ab38f37f9f2a32802efe0263878d0995d69850e0852eb8b0a888fbf8ea442281bf67100c343b10405dc6b4ac378c31cb2fea19a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2a04d38bf03a80d28788f11b00cdc69d

SHA1
87fe95485df7298ee146516b1ac9566cf5cbe967

SHA256
1ad6fa4e72cd82248e23f6440ee63c4cf16a7625478287437d65d4ca7c25690a

SHA512
6f3c9625a94f1bada74c95c75751c12f884500b6e18da90905abb0167fc86f5c94074f3a1d45fe4cf9b7917d494b836f29ba7031725d99fa50ffbf8b708cf326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
66341b2181904b4f1bf579d422388933

SHA1
30ced74b395c37cbab84bdab730c60b274fe67fe

SHA256
b3cc71242db86b5a21223fc2c892f7cc49be2ed2ba9c44671fa56f62ae250872

SHA512
1093d87624d70187e92f487e673b85fb0e56dff08f8c90fde5b4b3c148516cebefc2a6b87840da3019369be6e9bde9f1492b96a29babdf29edabe9107a57ac76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
27e3fbfba023e8ef36b1da714be20ac7

SHA1
8d7e17d77889c34846fde86d3f031063b9028ace

SHA256
ebc5a79a085f86f1b9daa175cf30bcad123e59f8e89b4d7c49ade7cf3fdfa29b

SHA512
de8305a272f48035a1dc7e6e544c647c2beae802f96ac8cf8d01d56ce2ea934a33ae6e300cf0e234e3c95e9992e097ff84117c3b31fc7cb8f75714000686aa40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b26de1ecdf5a74bfa85e81ab320c581

SHA1
f07353072952225eea239740d6a6dd4fcb81f108

SHA256
5e974c70dbf9bfa1f53c76ffa57cbd82f5cb253e5793f4fcc79ccac68d1b5e8f

SHA512
cb8298a5c6940aa0ffd1f8bd9328defacd7206a5e98ac43bd5f4322c3fc9d7a5b985726afd871dfcd45903d8629b0eae81d05102bab67f19a35b3aa5997c37ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3090503eda12df0202397f9d1879b400

SHA1
c92f5ab354fab4c1e9b29ca00164c3eec0a28440

SHA256
2c6a6db094ad5e40c8376539c29a3ddde8ff0050b29b9dfa354b55a16122286b

SHA512
3ff85bd2c9bd7b457dad862a6a23ccf745d605087c7bfd4201cc8a8e9ef1e6eaebd7d96e546675d1012d263327822b813624fe98d26dc0946872b21dd9ef4db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
04390f7d51cdb991f7a457f8025d4f55

SHA1
ecc79ebacb6e329bce485f10c2fb7aaf7dfac09f

SHA256
a6c753c32c9107df4043f54b16f823e4f44b471a557765bec754a67b4e92cf09

SHA512
bbad2c7caa426a4362caf71eab471ef606e3f2333834f2bf280b05dd3ad43f393d1f4c5de1c6937bd65b52d36eb13b42d91965da8df5adfdff5fb5adba3d2b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b04bde0fde1bc02be354085ca249bc89

SHA1
65ca1d0a457fa081c8815b420bcc0c634681e9df

SHA256
7eac6d6edb7d6b5d8caff8350c457d958a1ca12a08af3780618123c57d0fd330

SHA512
0e243d6b6efc78f706da64b60ef839d2db790bd4c5ad197b9c49e2258f749077539aa29d1be8bf9c64a28bab3d544d25f5e5950ced4ac275cb64ffa2607cfa25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit