hxxp://tap-rt-prod1-t[.]campaign[.]adobe[.]com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=1e3[.]puzosr3[.]ru/mBqZn9ozsy/#Aroman[.]tsibulevskiy@dentons[.]com

Analysis

max time kernel
299s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=1e3.puzosr3.ru/mBqZn9ozsy/#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506860638642454"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4820	1432	chrome.exe	16
PID 1432 wrote to memory of 4820	1432	chrome.exe	16
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4456	1432	chrome.exe	36
PID 1432 wrote to memory of 4556	1432	chrome.exe	34
PID 1432 wrote to memory of 4556	1432	chrome.exe	34
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33
PID 1432 wrote to memory of 872	1432	chrome.exe	33

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe70f69758,0x7ffe70f69768,0x7ffe70f69778
1⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=1e3.puzosr3.ru/mBqZn9ozsy/#[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5108 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4960 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2912 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3800 --field-trial-handle=1876,i,9100685280277805687,16147915552768858568,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
822d8677d718bacebf08e42f2f6d903a

SHA1
f1edaa7bbf6367372a565d23d19e3dc496775830

SHA256
75b6d4ca6034b5409473c93f81313bb6e690d2ee3ee7d9b4ccbb1b22262ebc68

SHA512
36974ebe40f87940f0681c87bea81e53ff0428c01f41e6d81aed29e64994f4633626b1fbeff6ce8277117b28bc8416167b3a463d404e507cd328c27676e9bdd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3e36a7cda7436c5bce5a83587cb1e5b4

SHA1
9598317821dc5f4080c6c98e17981801063fae20

SHA256
85fe49fb9830ec21092ee0239645cc90e1c25f35a4aafb0dda703ffb1dd8a627

SHA512
99541ec6b130ed226c5bf78219b1709a65742f6e12c170303a09b7719d1fe1dde36053d98272cb9136cd91004214e94335485b86d73176ebcb7e30bcf081bce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b84706c978f1435c18223f54e705116c

SHA1
17977d7d248fbc6481bdd6c08180f2fb79a7913c

SHA256
603b8dcfd54bef57aa34b20b094886251441ac9b23bd36a50e6b9c66788f945d

SHA512
ff6aa4dfcff9a4f46b7cddb7d72dea607d7e37316d4533ba88e0f148dac317e41540b35c0bf8f7d02412c7c0f051489e1285b245dd410b6c10a22d05653ffd97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
063f79a6d19ceb6bf771e0ff51979b3d

SHA1
d18628afef2767a03ecf13e77d84f2d7bd6c1304

SHA256
afb5b74875ba5aaab7fd4d6ada6bc7fa8ab34fa6140cceb73541c8d239a5acd4

SHA512
0cc28da54f662eab4a8331de6091be925c0b78f81f26ff08c63df20664fefa5f28a7dac94292cd04e41d4c0c9db4caa9704b66c00cd953f284a06b2e81556c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c1cfda5d521825fcbda3210362fc31c

SHA1
d055d2741774c95c7c1df5f8d3df4dfd09150b9f

SHA256
2b8c5d782dc85c80c30abe54c1f489a34e36ef587f6ac714515f1c257c58a7ec

SHA512
c94eb4c92ff2f98268e7a4063338f2e11bbe79e3c90dca0c10122ac52f1a1205995bc7f952308a8df1edc7f4766641df6c7e5392ab5525a38d2a3e76cff5d0a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a2fd7f6509eb9701a8906313ae79d13d

SHA1
84a7f91ea8e0afede0399131f7885be5d4de4db3

SHA256
81397b25555298ad5c0a3987154baafd1d72a01f4dd8a2cd019e5731565a6619

SHA512
7dd281220ab2678d3f645e2c0e22d04264923ad324f5ad35ca8878280458393e0c9cfe2a382c6fd5b1b63262e79bc58ed3cc0997378a98da46b71ec6b7657107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit