6a5ef0c115dfdcebd23019378ab454756af2d6482fd3f89979662830d04697c7

Analysis

max time kernel
1799s
max time network
1566s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/05/2024, 22:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

preview (1).webp
Size

83KB
MD5

ebbe9e851d361660f2449f15a65dcf0a
SHA1

fc2f57e7d3300b1c81ad0160edde04c813d732a0
SHA256

6a5ef0c115dfdcebd23019378ab454756af2d6482fd3f89979662830d04697c7
SHA512

47fb5463863c93054c6ec63549530b0b8b1bfa3a1751f87109fb19e299a1c9334a9ddad143948e98ed5b24d7db15e5a2aeb738cc52605587eea838dfe7339524
SSDEEP

1536:5onAK/VMDlpj/JPUmXvFOPJxpXvOrqjoXZAEEriGf2RMUTKTJzpUy:5o/ydUmSSUoXZAsiwM8KTJzKy

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 1260	2428	cmd.exe	29
PID 2428 wrote to memory of 1260	2428	cmd.exe	29
PID 2428 wrote to memory of 1260	2428	cmd.exe	29
PID 1260 wrote to memory of 2648	1260	chrome.exe	30
PID 1260 wrote to memory of 2648	1260	chrome.exe	30
PID 1260 wrote to memory of 2648	1260	chrome.exe	30
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2680	1260	chrome.exe	32
PID 1260 wrote to memory of 2696	1260	chrome.exe	33
PID 1260 wrote to memory of 2696	1260	chrome.exe	33
PID 1260 wrote to memory of 2696	1260	chrome.exe	33
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34
PID 1260 wrote to memory of 2512	1260	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\preview (1).webp"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\preview (1).webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b79758,0x7fef6b79768,0x7fef6b79778
    3⤵
    PID:2648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:2
    3⤵
    PID:2680
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:8
    3⤵
    PID:2696
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:8
    3⤵
    PID:2512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:1
    3⤵
    PID:1040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:1
    3⤵
    PID:284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1140 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:2
    3⤵
    PID:2172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:8
    3⤵
    PID:1636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:8
    3⤵
    PID:772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 --field-trial-handle=1384,i,11027385180038169901,12944466629198264772,131072 /prefetch:8
    3⤵
    PID:976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b9d19af4e71a14e2145bae648901e344

SHA1
c622cb15656ba7ee85938e92c5026bb14c44f076

SHA256
a4fe69aa72e0db2da47313a0a0ca5e146a7b2de2ec7e1ecbcd3b61ff6465a9a3

SHA512
6657dc2561cac4b4fa400a26cc6fca87e87c7df7e9b86bd943062df6e52af592f093a16d56d759f4427b0cb2f36fce32c7130f9cec94abfb70e1b4458c5d5073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a0059e2705b174fa1085ca479171cd4a

SHA1
d47266d23e5b2d30399a1ed8d6f67cfc371d98da

SHA256
3d1937e15b55210130bb1616998a7899ecdf9330ce4418cdcade981c1e944832

SHA512
fb49fd2de69d750e5b1b2017f916c8a3c54fe75f4f70166d3f33e150b4de8401682ec70cccda776c7856c85ed795248e6c722f0cd952ed6ba96f178b21dd6e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
365dfc6f31dd0b3cb531f3392cfb7da8

SHA1
11013d533c3ce255a672716d4c2d1e713e1d340c

SHA256
21bfbdb458ecedf03b3f925846fd37a7b1937d0fabcb018b4be8508a0e7ef715

SHA512
f8e9977745c4fcf3ea7406af703241546f5b82ec7d81b2304ff1ba80872d547656724b72c1d4ad5aff08917858ae92cacff7c58800e49607e41d20606de792be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
39a182d2e79b2134aa7b72dea6681d30

SHA1
496a1254f52d189baffcb933f514aeb402a1f588

SHA256
3e73627a8df19699d44b554f300e2a126defed4bb2eb4cba3b147ac5ccc5e9e5

SHA512
102ab0285f3ee185ef41fda288eb6a73fa2d25de85e3daf533533dbf82f6f03841d58b35f353555fac19c69155942fc4e283896e75766419544ebd4b63a4dc30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
180acaac9403dba5fd19cd1d9c80306a

SHA1
8f5fed40110b0fe61085d33d1de5a17b2e4bbac6

SHA256
4d45d8f8dbe9144239903d7a5e2242ad09fb938faaf4d89cb31bd321213863f6

SHA512
ba0e4a8d8c32ab566ef1cc60a8a2962ae0388f1e6a5b222c6713da4fbee774f6d557d28a1f8d2b9f09730622dcb4a44e4741feb68d92d7b4a5a1b9b7bd908df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cb485d5d-3610-4145-8606-975eededadb4.tmp

Filesize
278KB

MD5
df753990d1a12b278545d9cd1e3dfa87

SHA1
469995719dcaf676bf961490f3fc839b653f60ab

SHA256
13eb312e00affc88016bdf70e0b592772b33b6f11730604e7d336e832fc42ee0

SHA512
9f76e689ea1ff3dd93377115b3ed7736b3669a9edb73595d8d13df7aeda93939ecf685949a27ec1a9a7935807bd43134d3ef5e96bb2f399ae74cea0ab795608e

Download Submit