hxxps://airtable[.]com/appR4R5PnpXjZalrs/shrnnRmpnZtHDA7La

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://airtable.com/appR4R5PnpXjZalrs/shrnnRmpnZtHDA7La

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553763759952479"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 228	1680	chrome.exe	84
PID 1680 wrote to memory of 228	1680	chrome.exe	84
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 4372	1680	chrome.exe	90
PID 1680 wrote to memory of 2780	1680	chrome.exe	91
PID 1680 wrote to memory of 2780	1680	chrome.exe	91
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92
PID 1680 wrote to memory of 3012	1680	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://airtable.com/appR4R5PnpXjZalrs/shrnnRmpnZtHDA7La
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcd78b9758,0x7ffcd78b9768,0x7ffcd78b9778
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4624 --field-trial-handle=1872,i,13440565375819079093,3561805330229776187,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1a97e026ff882fd3f7ad3ccb3b53fc02

SHA1
ec5b337d923d203aa8326cf654821b566ff9f8fa

SHA256
a805414d40a9bdde56a641b21e6d780c5390e7aa80417c22c93243f75eac6d43

SHA512
923011ccc952e8ad804d38c5156db4e377800f1dd09c23ebfa981738d9bebd1f81944f86802bbb1a059ab8d34eb33b6fe7667740b33f0a3925f8c579489fcd26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
82ba2a55668ab5e9a8bf45e05d76c21e

SHA1
959d92cfdabb7f690cd70705f457edf655bd08be

SHA256
cb6dcfed549e40692faaebcab31b852f477a1b2ae540b062d345718106dd04a4

SHA512
bf2d29d09e77617a877b8fb78fbdbf05f738b87744e4a88815af3adec3a015f1cc17f260d72ac412ecc70db47629d5a9521889444163de59b000cf313d7d2532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0437d33a32443d23017b6e60ac2b0b39

SHA1
af362e8c8e357e786a3b7a26a17d8890ccd19020

SHA256
ab985c368df76a5536157719d499ae630596491bbe1b79038935c349923c7d2d

SHA512
d599e596ae75813c1de2a345d25cbadfc7c156135c22f7df5ffdd9f6ba69d33e1a5f19a2e7db91a537fc621af5ab23a6407aff041b6637450e734533a569bb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
125b013ec8d44660018a73edd3bd7d30

SHA1
48533a5a16f679a15578d099bfc1e4956f3cef93

SHA256
ecc109ebb551dbad8c4671e87ad59f1fdde674317c14fc2cd0068940782a4b82

SHA512
2d31bfb8d48f7c3c5f946998baa2224d04b9590425afd6b89d54148f71351755d06f7d14ab3e1919f0a565af5c91552ed715c2f3f7d12bd9cb86822fa2617c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a58c21db80ac48d297fa2ce05b8323e7

SHA1
9fa93884972d5da66dff2a876fdce567925d8c75

SHA256
f2a485c63bbca7be33e0ef320320b9a15d2222c465987b5fc38cf1c00cdce9e1

SHA512
ffa4bb32fa1d888de3ee811415b1a3a202e99611307040855fe97d3278fc2db2af54d3c928705d5098b062d207dd4a037689036007acd474bc5482c747ac98fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
143a1b1e84bc75707e9b233b3b19798f

SHA1
9126fbb540d0e12e2bfb298d0ce8c3503ec44b7b

SHA256
fa3bed9aab1fc207ba886342eae6314ccb2b0c29a550629df5d7b39b280ef395

SHA512
a3db9b3816361f567ed3b8f73d6333f76581ad8f9370801a10116d733cbae1f66fef433dffa34b9b6f8b37c830a825014ee365ce5ac5e0f821056f641ad59129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
35993cc6cea6cb85f7fff6a6c14bea72

SHA1
ae383b72ab2d5a8b0d00a56d64f951906b5cd97b

SHA256
58f6aa1a81730ef54b9f5ac5a25be1b15f250ff4d586a03eee74805943095446

SHA512
1fad7f0f74b295b0aaa7b7571c26bb65c33d01c075888e5eadd9ba6276ab359112fefd0d4cfbe6ec3fe5e84b10060294d9a08259a56097cbaf0ff4757f08167a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae523b7cb45960edae15e5be9ae31b1e

SHA1
b23c51c282f3db2d802b42626159bbde149657c3

SHA256
0ba3a10e45c64edfc550fb5308c51f0a9575f34ced4dd695e69c9fe8581e8c7c

SHA512
4e7a0bfa2214e691d0aaaef74d58f4ee4936bb4f5c573acf513d80f909a1474b96a2a0f1fd02ca10ef490a4962525a9f48229aa1ad545d8073f37e72646b00c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
63KB

MD5
cb2c6c8e99d16b98df4bf4dc22ae52bb

SHA1
e7f585867561f506aa0c04ae0eab9e18e36c6288

SHA256
3375c478014472c565f4c085b332705403c6baae562a74b73de33a8c5f1b2058

SHA512
cbf12e8376c99c29bb8408cc76f07849419a70c5232e625f0705010c421b69e06493b36d12a7a13d91cde21bfd484e251c847f93527e922d25836d481d4f4846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit