hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/MadMan[.]exe

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/MadMan.exe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580322965490477"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3364 chrome.exe
3364 chrome.exe
3964 chrome.exe
3964 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3364 chrome.exe
3364 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3364 wrote to memory of 3328	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 3328	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 4352	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 5040	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 5040	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe
PID 3364 wrote to memory of 664	3364	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/MadMan.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc0c9ab58,0x7ffdc0c9ab68,0x7ffdc0c9ab78
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:2
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1808,i,4405911086904291029,13388138862477767348,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a8951f52627b2aa0c4880e64f7aa5129

SHA1
fe98b8ec5dd9c3d5f43890c2f4ca4a48890a27e9

SHA256
2f46d801a42fd0de404f58bd8b35edcf3f04f22b3a0006c7004624bc199a410f

SHA512
4ea111efc9447c16408a5d4d56ab709a8cce7b22c3c546c54da28ae061ab702e652e0dab323390d0fb936904d8b55af85ae97a84587d5f8f58b59829dfbd8abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\84062d3c-9a0f-409f-9506-82a8438f8772.tmp

Filesize
689B

MD5
87c68daa667fba33f3224b5585e2fe5e

SHA1
b6f976014cf02221bb774d8b3fca3202490a7a33

SHA256
9882298e355f509bc8a705ecbc9904798333e422d6461636974a0955523ed2be

SHA512
2fec75cfb15350f376ddc3c11618236aa56c8d001c45514af98d17a2bbb0d97179b63cdbe279ad4f07060be819b1eaf91890d91b93437198bb3d64a276060c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
79a4bb4da2c04ad07802b2900cbdede2

SHA1
34dea6e4f465587e6bc2d1437718991dec9ea153

SHA256
fece137a15e3cdf81f883f2333d6d792fae9b6e572b4594bd79cc2bfb97195a7

SHA512
ab9c68741e0041bd1cfc57c0f76d1220fc55a0a623b1f837bd1167c2309b10723146ff2ffae5139ce908ac2ffe275c93e26c20616ac031fec79b8cc4bb271b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
328f42400fa7f34cd96e17d27c37794b

SHA1
31d3f63d1d473b40a4c2b13d04a6fb76b904ac72

SHA256
7d247354ae032f27c4f63a4545f7dc5c078628eda85b498cf7ce410b314beedb

SHA512
de20e7f456d821556ac10ae60b10856aa8f3b89a84ab5731d4623de5b53dff78fc5f550c570e7013bf90eaf3122ff5ccb4b2b09b7a7d7d7d283cf6b742d33762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ed745206024810de337785ad37766b8

SHA1
fad5732386da4c0e9d4b6b509b46a57f8b68968d

SHA256
ee76dcae90a97eb553da252aeff03704eb92429c7ec596908f6dc63e74c9fa27

SHA512
a04afe210bff1bb880378389c2a2709c85616157d79a73ef10cbeac1236d7b2d54eff6b2a839d598c2829981ff61fd3a568e822f08ba718c042cd59eb0c288c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ec8ed2924b2219d96d5687e6301a3a2

SHA1
3d89a1426cebc03223bdbc672e3cb582bb86084b

SHA256
b02db3d460f4951f18d1f97b9f16bf99cd9725e4322019117d4ce246100378bb

SHA512
c6c397225718943fc789614eacff19c5dc86d5943133ad722f328a2ad193c36e8df88137f43823effbcdc245c991d0838a50f5d5ec6782685f73a65c23b74dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
696cc2cf5c776021144f44dcccaf7ac9

SHA1
40d0cbf0f2b3985296f0e6b86662f039c566611f

SHA256
41e012e3d2c74193deedd7072ff01a50b87b418127e3bd455eabe6aa3c665800

SHA512
3b15a30f711084c1ca3f22624f481256ad113a4353840f7886fbff101f3210cbcb2bd4526b6e42242c11bc28d76c2151d3e015945d5a3d4322c4d9c171b8d8ce

Download Submit
\??\pipe\crashpad_3364_SCYRJNNCZOFQHZSQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit