hxxps://make[.]powerautomate[.]com/environments/c4039dd3-d517-ef6f-9976-45ca392e654b/approvals/received/c099c2bf-b6ed-4f3a-bb76-e4b4d2e61e73/requests/466bcb76-0b3b-42d2-900b-6629da142de9?response='Approve'&utm_source=approvals_univ&utm_medium=email&environment=c4039dd3-d517-ef6f-9976-45ca392e654b&loginTenant=0804c951-93a0-405d-80e4-fa87c7551d6a

Analysis

max time kernel
50s
max time network
52s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/04/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://make.powerautomate.com/environments/c4039dd3-d517-ef6f-9976-45ca392e654b/approvals/received/c099c2bf-b6ed-4f3a-bb76-e4b4d2e61e73/requests/466bcb76-0b3b-42d2-900b-6629da142de9?response='Approve'&utm_source=approvals_univ&utm_medium=email&environment=c4039dd3-d517-ef6f-9976-45ca392e654b&loginTenant=0804c951-93a0-405d-80e4-fa87c7551d6a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589634969373734"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 5072	4604	chrome.exe	73
PID 4604 wrote to memory of 5072	4604	chrome.exe	73
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4244	4604	chrome.exe	75
PID 4604 wrote to memory of 4412	4604	chrome.exe	76
PID 4604 wrote to memory of 4412	4604	chrome.exe	76
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77
PID 4604 wrote to memory of 5004	4604	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://make.powerautomate.com/environments/c4039dd3-d517-ef6f-9976-45ca392e654b/approvals/received/c099c2bf-b6ed-4f3a-bb76-e4b4d2e61e73/requests/466bcb76-0b3b-42d2-900b-6629da142de9?response='Approve'&utm_source=approvals_univ&utm_medium=email&environment=c4039dd3-d517-ef6f-9976-45ca392e654b&loginTenant=0804c951-93a0-405d-80e4-fa87c7551d6a
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffae8329758,0x7ffae8329768,0x7ffae8329778
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1860,i,14157053911781621059,12529433466465314624,131072 /prefetch:8
  2⤵
  PID:3368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c5e3be366aa02a0a35a9412159bedac6

SHA1
eb8e40dd4fbd9d1294b9d04cc80425b91754bbf8

SHA256
8c8b8f46077affbff795a023b543438d7f353078a52ea436b0c502736c007daf

SHA512
90994aaee9ed2ac800a5a0e372f59def1d2873f99c2f612aea5150d27a8bd7f358c2e79234fc931c42968213ce2f62874c9fb80ae6a105b64b43d1f927f555d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d2747bc6af3222f7f533e72001918d12

SHA1
34cf8d10a380564bc2b1c5151f21ad86c4efb0b0

SHA256
4ff252aff5fc021f394c35fb9850e4b53690013b167476c7368691eb50c7b420

SHA512
cd41d43a3be27035db53c7b5153e8ae3bd413da84fa7e03b29975cca3b8e9bc16096d4b60fe64dda5f25b58252b42934b4122a4051e5c127986b3ba6b7e6e941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b5c722e9ef43bab503ac102f4b55fb9

SHA1
57c6ea1a603c835e2aec8770640619d08a752e0f

SHA256
1d3b4365b950b3f7590fce7d0375a5b7ae0f2088418ce0e829d59bdcbacfa767

SHA512
ba6f8d92e873e92404d9f21ed14378770ddf91d3a694174c09adde38ffa7867fe358911a396e06b11f23bfac274cad5cbab44a1643165951e2d4ffb59f55a991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
88d7c036cab4fd475647065d0ee36e9c

SHA1
7d169329e660a1c560b0cceb658e56d6e8832282

SHA256
6f41328ffb4128aa24cbee720541fb07693fcb2b9e531ee2d64d24faf9b350bd

SHA512
067b25d369b92ab09d25fe62b6c995dc09e0942ca56ef57cd4e316da413fbdf40b626b645de93f7545acede265715b11fe33ebdf3487a742cea76618af90fb23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1765c4d88edefa8aebd3327352c8757e

SHA1
0b2e366098343d0fc71eba5cce336a52b5765bee

SHA256
af617d83de7e6526110eb15e3515dc294800cf5959817581cac3f46eaaedb381

SHA512
056979beffdee6cd464ec60903fc441fad22d098e7f5bb7d2db5b5888cfc2e71b33e106412d545aa88c5c5ed62ff2d3e88b941475a3f713f4603c0a966772030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
0bb9fc5d9b06a29395e60c7d86d58cfe

SHA1
0f36c134cd8bb78d9c6ddb0edf85882bc5f99833

SHA256
ce29e2a11bcabd3fcfa2faf9f1c450fe150b5f0a27aa527ab14cee3edd80c93a

SHA512
905b28d45051e6648a90eb2746568d404ff8029671ebd0441ee9b39a2e06aecb60c47c249a428086a5fe46c7217240fe06245db2c4d655ad86bc9dd37667f2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
82758687520d88df8c924c4254196424

SHA1
b5273cac96612e9d66a49d0fd70bc8de64762bed

SHA256
4ce1e0c3d6c6af32b7b8d8d5992cbf5e488298fa1eb81c5fe44321a4e904b300

SHA512
7b93e6e8314a27b62d124d53a217329dfcd69b83ce43890741f94e3734fb7e6e17c54e90a608d48810b34b0b4f8e7d4ecffaf4e4a350e98838e2541e217b05dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit