d85c5b2a4757ad87ff3e0b0c2d5cbad266493d56487e3919aa01602c33807632

Analysis

max time kernel
38s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7712ianhrbbeo2dws8bjjiv21pffvn7j
Size

16KB
MD5

2802c76d5038bbd9e294ef7df9b5e404
SHA1

40b5dd5a31cbe28400553826d45efa4da3525d51
SHA256

d85c5b2a4757ad87ff3e0b0c2d5cbad266493d56487e3919aa01602c33807632
SHA512

79e38a5d9a6d8ffc0082a41a51a2f621f8a1ea3116b1de427bf6ed72e9195867b2e78cfd3a01aea14a6e83e055513b8832d1336110fe9a98b2f654d047d503af
SSDEEP

384:wx8lJkAVApkZkrjyBuDoP+3+z6GUNlA/4rsk3HYbOw6MpeJu8iEcmHWRmcfmgpz4:wx8lJkAVApkZkrjyBuDK+3+z6G02/cnX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2720	3036	chrome.exe	30
PID 3036 wrote to memory of 2720	3036	chrome.exe	30
PID 3036 wrote to memory of 2720	3036	chrome.exe	30
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2596	3036	chrome.exe	32
PID 3036 wrote to memory of 2640	3036	chrome.exe	34
PID 3036 wrote to memory of 2640	3036	chrome.exe	34
PID 3036 wrote to memory of 2640	3036	chrome.exe	34
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33
PID 3036 wrote to memory of 2344	3036	chrome.exe	33

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\7712ianhrbbeo2dws8bjjiv21pffvn7j
1⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7139758,0x7fef7139768,0x7fef7139778
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:2
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1108 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:2
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3048 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3040
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f4f7688,0x13f4f7698,0x13f4f76a8
    3⤵
    PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3440 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2520 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2696 --field-trial-handle=1204,i,10088443645516469961,2417678087476425198,131072 /prefetch:8
  2⤵
  PID:2444

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
aea63a8cffbbadc83fb5f63c7a8d85d7

SHA1
c122287b5097436481fc7cb8c9b5cd5cae94c227

SHA256
1b5a353398c986f277b189e8e47c6b7fea5392c50dabf40243fcb58b1bfaff92

SHA512
693d281429a83e7b0dc7b8433a3c483ac199805992ec6c6e135508f01af04e7ff109577a667c84e75153eae4efe7cdc874115f0550841be34b2d0c3318fbbf68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0c5aeabd957049bd0a4bd38bfbdbd7f3

SHA1
7ffe79e04d9a25695eab19aadbe19983cc91d6d3

SHA256
8ac6a90d2e7baaa5834a946ec809e9f0fcd934abaa4910026c1ae5bd6edc462b

SHA512
cb6de9362c4e96907627dee1957bcce8209ea05c0d8d86bba6c2173df8bc44e845bb8b902eae99ae37dcd6d25785393b81277b2bb1a089dbc6006fa67a4e7886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e8bb221f365360a117f44797886fd1e3

SHA1
d187618d443997536c4bbb90771dd251f069b038

SHA256
dfc464de2465bb46eb1c61684c3d8b1517d5cbc1856b0e27fef33c2a0632df66

SHA512
c347892b6daaea919a24957c232499817220b9682c3b344efd62fcf809585a639e4105050b8bba2405a344ff1830f7fb6c5add541d3535e6ff26c58aae38952a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c56a344295788f7252982d49ae1dcc0a

SHA1
1a4a61cd1918aabaca6764782e34c80d4b3305c6

SHA256
e4b02098aa86ee8fb5e4ac6e757b235ae4e96afcdaf48e67b70044844215b10c

SHA512
d2a7e930492ddfd6c23c84b7f47de55acd27aab744a8aee242c90ec8aecd3583436d6d4f5803d0dd0d94ab406df3a0d885b22cc9ae5cdf7b9280c30ab37c579f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
4e5e35e4164bf85b44dbbd6848698e9e

SHA1
b3496cc062b4cb7624eb36fe14328a1c7a564147

SHA256
beadce3d8f1f20cb185fc6933ae47f5e1da854387aaa4dae5f1906bfee44665a

SHA512
30694183608de6418594fe4787acd244009ecdceac7d2775ad46908a7916f98835bcaafa978a5a17f6e688a22156658dc12d520f0c9a2cb72b98f31003c22bab

Download Submit