75caaa33ba5171999b148ff000787f35f2aba7875b93af93e8f5b4c410f63e29

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

securedoc_20240125T161036.html
Size

135KB
MD5

5bf3af7a29ff685b6ff6222a8c001361
SHA1

9bd2983cb3f5a1c2f42e88dc91537c9f5b9d7b4e
SHA256

25e7e17815ddf1a1e66b6df982dcc27acd63d7dd19fb0f66c8ac80a58feba063
SHA512

2909bb3e7e0314294a257ff50f306a61b2b833695c759ac51b98fbe22ed25b1000edde6ed390e55c7efb7fc39ad77733022b2658a4683443077ffa4c5ebb149e
SSDEEP

3072:dIl/LQISQGjA4RPe1JvrqIHYONivQpt+cka+k1:a/LQIGgJvrqIHYONivQpt++f1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133507641376640657"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
912	chrome.exe
912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 3824	912	chrome.exe	14
PID 912 wrote to memory of 3824	912	chrome.exe	14
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 2192	912	chrome.exe	25
PID 912 wrote to memory of 3000	912	chrome.exe	23
PID 912 wrote to memory of 3000	912	chrome.exe	23
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20
PID 912 wrote to memory of 4628	912	chrome.exe	20

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb15f99758,0x7ffb15f99768,0x7ffb15f99778
1⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\securedoc_20240125T161036.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=380,i,75000162456975276,12558534446811832534,131072 /prefetch:8
  2⤵
  PID:4248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eca57ab971d930cf40f704f0cb9e25c8

SHA1
427279b54ed12a24bb88f5afc9cbea1e7b15d3fd

SHA256
4baf66e70a842347e0131cf5ae38ccc3e4b06e598031d58c8759109d8a3c6726

SHA512
85ab8cb82e9a8e55d60efe85cd353587936ff67f24291c5a32e52f5f8360d40a83e43ddfda2a4be3bd04a8df9b1026f8279858470f81d6082dcf3f8689b588d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed587a1cd9361e9d8a637f98d8f65d44

SHA1
8751cce0e21e3fc7c91d517a711ee538242c0e0a

SHA256
1c023252e0fc3e7b90e4cb760b7a7ae1fc8cc5a4f8deefbd8b92139adeeb6ab3

SHA512
6eda204bb33e3cf6a832d88166a52dcc60d3288ae886e983ef050a64f132d61aefca554cec9f4bbc3bf3e7d644f5112436c10cd7ad0d0940aa71601cf6abdda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ae303fa8dabd3e3dcac80204332cd007

SHA1
55e51c41cf7db755e799f4ff044ba18ebb222b05

SHA256
95c96bbd327e9eefaac8cfc552070da3bc9eff3b16678d8b4cdd2d3e0021ce91

SHA512
cb1b357d5dfd1421b127c0ddf8b6a5b02ece1c2dba1a27afc118e2f35683a4dcb89edf4f84b81db8dd4e90a94eecc0680039cc62692b73ca7937adbfc539ceb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
c6eeb627eee0451589eedc33ded12555

SHA1
588ddf77ccbcc40d80779a7bb47a3e3e29a3327c

SHA256
e1c712f138ec2a95b294601c594d903506da26f068482452f1793a094124262d

SHA512
4ec4b80cd2507ce053adfd157f1a937f7afb31dcf9e6d4f53b0d112165794330b10b7c9d13a428356d0712796227b5dcc16df8477b8d637ffa45016c22ea65eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
74db8265705fa226bd40f0bbbe786b7f

SHA1
28aef1a54afcb29d2e2026d9028f769eaf7b288d

SHA256
1b6c8bc1b10c21bb640ca1bb881461b396458b0ed889cfa37590e58f8b938b62

SHA512
67bc04a85683671fcc3aab72de6a1a25022206c342972965f0332afe150ca321864dbe431ccc0dcab9b1ab8514f7c610a66861884bd128e12c5d3fc3c18ea8f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
bd796390910e424cce2ce882756e97fc

SHA1
a168c7816707d1e2c634da9738a80d90d473622b

SHA256
f3c8038ca659614c2dc7d4f06aecc325fd97cb94182b60fd84de0e368f75d325

SHA512
c0acca31745e91442d76b8982283c3308b061d4cfa2fd3a1a6bed37f2ebeac22714ec622d7b4a94fbed15a3f294e0a87e899019bc01fae703b6805b0826f7bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3717f865f86bfbe5794e62f1b096ccc

SHA1
be2fda717bb5b0d0a93f6430d0bd0daa0e54c05d

SHA256
95ca559c0c06979c6ea40054d1743ffd907d313e849d18e9bfbdfcf7b3d485c6

SHA512
d40b4a6835001c877ee5e955e053a34b0e39841c330c1c8ab1b32211d458a2928dabc5984d6bd256a0027821f6e82e84f4355daf7e84039560e813a0079116e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06276db67a0bdce2b794f847c39be079

SHA1
1a3e5884a7d06db501fb83a38dc4978a0995c08a

SHA256
c8b597d53ef56c92778bb3070365918bc89f4a3770fdf528d0095908c36e8759

SHA512
0c99b09b3542fb9f36d7a701a135a96c4bd68d878c1e1ad48eafc91f79a48995fb33847e8d3ef1cd2d83a7efa88afc55ee64e08b28d0e9dfc91c1a5b8d541778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
107KB

MD5
19d8a650d07a973b24dbaafa0d1ed343

SHA1
1f164fd555100450d65a92c408ba3deb6c1ae064

SHA256
cccd695de39b653e8bf5107ad4345c16f1c33b23bba89fc913d54c4d79cece92

SHA512
e9e0b76b56652cddf0ec5af3a0ffdc06c1b887db9989120390bfb109e0b5f6f254cde977425229cd584aae0e5fb5576b02d518ef7ba3eb540592cbc3769bf806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit