237020dcdbeed096b073638d5c204f1c47881ad75aa0e19c464429a952833b26

Analysis

max time kernel
149s
max time network
143s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/04/2024, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

vivitar/startup/data/el/tutorial_Macintosh.html
Size

1KB
MD5

fda84f3bd24f4f6e0f88082583e7f7ff
SHA1

64cbd502fc6fbb4c9920c10b02f35bbc54fd48e3
SHA256

d922d1df9d5c1f5b0cb70c9ebf31b78799c88050c7a5cee5029c3b89e63e6d23
SHA512

7403dcf07c9de0101dd0c1cb5d02fc53db76ab296a487e2401d338dd63ca0367ece65a4ff31a95ee4e397c8a1eacaa1d250213b3ff1743bf431ce8569657197e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589127709468139"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe
Token: SeShutdownPrivilege	3104	chrome.exe
Token: SeCreatePagefilePrivilege	3104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe
3104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 4128	3104	chrome.exe	73
PID 3104 wrote to memory of 4128	3104	chrome.exe	73
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 800	3104	chrome.exe	75
PID 3104 wrote to memory of 3824	3104	chrome.exe	76
PID 3104 wrote to memory of 3824	3104	chrome.exe	76
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77
PID 3104 wrote to memory of 948	3104	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\vivitar\startup\data\el\tutorial_Macintosh.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffecc329758,0x7ffecc329768,0x7ffecc329778
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:2
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1860,i,10681381069706067360,3098999329123313954,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b0274da5b77a776eeb1102f227388ec0

SHA1
e3d40fc19c334412e1de073f85bcd83a15188f4a

SHA256
e1bf64e116c5b9f85c3279e2e30d7785a116cb21f42f4d907ab0fc34d3b2d92c

SHA512
2a837e0da682ee117ead39d92f99166b2a4c3236be03d4c2211751f3e7826f0f9400157c0c6bfade6cb2edeafb2d0382eb926a3ed08b760a0def4ca4c4dde504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10338d50840a81f5dd23cd6ad866a609

SHA1
f27c2df452673bcd44eeec482c1bb130d29fda9a

SHA256
2ad7edcd793ae029372ddb8f84b426271d330306825982789e9363a707250110

SHA512
4dbed0111f6e17abc7d866d928988dc208d942feb29bfb146252217a7ae8187b4086d5c8a20caecddf259cd72c95450ef1fe3fc9e98d0966d7b6f1276abf2ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f710542332f9c9e53e891dc9c73a0f6

SHA1
1068ea7dd11196c1af3b137bcc227c29e2ba59cc

SHA256
bcfb163d75b8e79425910ee326090e978128e040669b6a5abbdf285c6b50e16c

SHA512
c3f4ce79ac3a1cea85651fdcaade3940b35d8ab19a3ce59a9cc3c8d60887c87705fc52bc970cbf2d0cc9159ef0f132c50a4a505b742732aeda4f1dd149647582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
be741e3df0b0d9f3ead1de0257aa54dc

SHA1
53c7d1ccf56192223a15c978b4c34c2ff2e52b95

SHA256
a517bb21eb4df16074d9a5cace75c6e27991eb52d2f92b2fd3b4bf07342cff24

SHA512
f603ea194d5333b31aec51860885dd4d3b9e1ac938cbfd3137792dcf5803482e4754d4a0b96fe3a85cfe0c36d61b2fa7f2525374d61baa8944939c5fac7a70f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
a9478cd5e014bc3fcbba8e017d8290fb

SHA1
ad98c114c087e7d9c738c72ece12b1c940db572c

SHA256
f05c36d86f5781cd21e4028c8656202decd340ca2f22b2fdb4390e25471c4f91

SHA512
a8d01eb04d10d67a3a1dda6014178faab8b7a575208c2dc40b51845987634c703afb455aed0852881cbedbf6aa827faeeda94a7767ebf6edf0fa722b06dbc6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
f9642ca743a10825309d773992d8f73a

SHA1
59fc80428e0e01f93c0ae0ace5cfed24e2f1703b

SHA256
dacb1ff52b56cb70a03ca0f3285335c670a82a6c41b202cf9f6ac8422d3f9e4e

SHA512
a9ebfcbda5304e9f607b03be285a1aba37e27622a9bf736264b98e33f7ef1d0379b593aeabe04a4fbb6f2b5e9d49240dd21ab0e741bf16de496a6bc9521a34d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
c3e15ff7875e21e57fdffb53975b35dd

SHA1
e98c270f364e20c4b6f0205aa7d70266ff654af9

SHA256
e237af66aeda04578c2a40f2c6b55d8d7f9218a97530eef5441997b6e4395aca

SHA512
76d6e7c9aac15831f85f0b5e6ba73ef84e4a16a53b0fb919d8676d5caa10aa39648fccbbea53ec6d7cf493878d072b3c456ea9b7d5fc50e9c296a821f1ed9fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit