hxxps://smartuq[.]us10[.]list-manage[.]com/track/click?u=3632d752b34210d91c9ff4d8f&id=1e3eead2db&e=8645be4d2b

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/05/2024, 14:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://smartuq.us10.list-manage.com/track/click?u=3632d752b34210d91c9ff4d8f&id=1e3eead2db&e=8645be4d2b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600859384925435"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3376	chrome.exe
3376	chrome.exe
4872	chrome.exe
4872	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 3892	3376	chrome.exe	73
PID 3376 wrote to memory of 3892	3376	chrome.exe	73
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4356	3376	chrome.exe	75
PID 3376 wrote to memory of 4520	3376	chrome.exe	76
PID 3376 wrote to memory of 4520	3376	chrome.exe	76
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77
PID 3376 wrote to memory of 3968	3376	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://smartuq.us10.list-manage.com/track/click?u=3632d752b34210d91c9ff4d8f&id=1e3eead2db&e=8645be4d2b
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff843d19758,0x7ff843d19768,0x7ff843d19778
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=920 --field-trial-handle=1752,i,3960090141267777992,7434130583234944133,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e8f3504e0e613d8a85a271b255a2ae05

SHA1
0e2f05d4bc36fd06336e40e820d505e10ebfa472

SHA256
1412212c50fd77f8b0825f3560ae2b6e89dc0a6e6ca3571f6f85acde16aa1d45

SHA512
2ff6618bd10b814de24e7a081244586ecd61a440241ed1b5ddbd84bb20d6cdec8b3bf7e6f57d1c968d2d4224c72d4c8d82245db7aee4abcc3e9aad909300980d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b42d3c18019b0b4bbbe427022ff9e592

SHA1
f961aa05862e23922d7bdb0386f8111159b5edb2

SHA256
5068403561d9e51792052f0fb85072691d4212a214608d3830b95fa93c54e509

SHA512
2ba8d1572ce49b2e42a51c970ed9b246307b825b6ec982ab0288192228cf4110f9e68c2b70afa5c8e273644250a12c5e52bf02cf0f88b6c2aecdb5cce63ba43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d82422989b8c5624000a8787b71fe3bc

SHA1
418259f09b765b71fd90a9bc773de3bba52191cd

SHA256
93d9e475d5cc86e0c151f479173737e90ae861a24917a7e128c356466edd4cc3

SHA512
53d413437b9dbf64814dd54959c926753c61b64e2ef73451b9fb1bc2da337f3f2020a7042e0e1502896e4724a2cb4f5595a4db844683582aff55ad9000783f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a0317ebba9fbc6aa5363da620ef0694

SHA1
ea74cf94ddad6adfb65355cfd3e031e879ff975e

SHA256
42a8a94e73ce76fcc275021f4c5272e12ae6836b239470dae96670872e298ce9

SHA512
511c7a6d4d98f9f12e814474ed08f5c31758bde7a0ec18ed2055d744520f81b62d16c970f252b43115c3bf6b626e5d683cb1231054775594daa1675214da7a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
361c9ce455fa0b5ee4160ff5bf498799

SHA1
a81370fc78b5c9893a5bea7c06e62d9c187b7878

SHA256
9cc551f6b8a949f61722637bfc57a876995bee7a6418242a24dc6bae61a1f3bc

SHA512
6dae614bc1c3000acc8734296abb24aa10fe59320890a2ab4d492c33ddb94de4873cbe1504e04a7da6227bde12578e9967cd20de19a917c7e94aa35b39fc0c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
45a15619a92142ec514d7ceeed19720e

SHA1
7974c2283b8cb9b7ece7611d4b46550ac337ac54

SHA256
9ac6cba068fe14572101268e42e20c6191521b2274f6c3ba7bbea797d6ca31cd

SHA512
83cf1c3c2f9a00a24e8f1510a8571703a6fbb93b846524e1bd31d17e1158ddef14c80ddfb0f5964d3b0aa1e9503555477a2e44d28375d4e75829a700c650f291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
0b5367b63b423d819fbb07276b3426dc

SHA1
3a4dc5d73a4415a9185926d47fb8f0e2a9debe24

SHA256
6ee6ccb1c6771befa6521cb40bb1993c18ba0b91d959401d6fc43ff01b3a6183

SHA512
6a7d51d4ac6b9547356eb2fd95ad78690c5c7d64ef234f77713b7e6711cbb70a4c5775386ac09e864e7b68a1ddf8e1c080284b104924e51fe778aef594e22a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit