hxxp://roblox[.]com

Resubmissions

01/06/2024, 05:00

240601-fnfxwabd42 1

01/06/2024, 04:57

240601-flgfmaaf4v 8

Analysis

max time kernel
1799s
max time network
1687s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01/06/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616917931989269"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2420	2824	chrome.exe	78
PID 2824 wrote to memory of 2420	2824	chrome.exe	78
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 3820	2824	chrome.exe	79
PID 2824 wrote to memory of 4200	2824	chrome.exe	80
PID 2824 wrote to memory of 4200	2824	chrome.exe	80
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81
PID 2824 wrote to memory of 1832	2824	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1bf4ab58,0x7ffb1bf4ab68,0x7ffb1bf4ab78
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4148 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1776,i,4640056268226901451,7635148803547006666,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cac5322d7c553950a9ba3269304a61f3

SHA1
dbc3281dc56b021d55063d4c3d68b491d8e5de38

SHA256
e15507f115cd81aa0bcffd21cf29b85b051da393f630fd87c024fc560d68d201

SHA512
d503b4942df75773fe857a135216c53e51896e88fb2c2e3c7d508bfc581f67e96d89d9d4e8ac9a3b297f75d60abb4e6c4abc54c59c2b0d99ef75df927e2be0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
39d02397e91d9a717307eadae4f5b2da

SHA1
0f5df198fa62575f798a96d04c641e582cc9e00b

SHA256
7902109c3c48e83c80df73b17d776e5b0c12805babf48ee91e333b45a21814a6

SHA512
a45fbf6838b682e31266300f64afaf9baad3e4e4b04f02e9d7b3a3fcb98b248f698c064c40fe8d92eda13ccc1c7a5541d343d64e3a1d0b53c7499d83dd8b65c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
772ea3f53ddbf832976a024f4e01a0c5

SHA1
313e8fdef54490b871ad844c750c437079f5aeb6

SHA256
3caf876be518ea573e2d2d6ebd1810572791ddbf169e94f1403633bf06e12d44

SHA512
1a7d0834338b5b952ae505933bdfbecf58daef4a6e7937a0acc3d0a0cf74b1bcb309738d3479703b9cf13b941036709a3ce40c51aba6f739b241f8fd4d283019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9a5232d3d9ca7f4582d9d554e3247636

SHA1
d2fdc7b52c2380f18303212d3c2b1fa148f0ea95

SHA256
df538523d3f3ff1433c8722abf836261394a85dcee5dd149c521fb751e99fcfa

SHA512
2373b1cfe23ddc4db3b43df002634524186a8bc9b61073c697a19fc1698d5f2c0d384caaed564c6be77b715e4848b4ce7c28f34d1fe1d8c992afbfcc74b7ace9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2cd28a528d5c32d054c67c379ba5996

SHA1
c6714d1402692076f54a82d1644707df2cd49c92

SHA256
c4189cc9193f6b8a0ffa2367da217b1e91919dedda8d977c8893d730794eff19

SHA512
1bc6784a30c50dc40977dd88327f91b62075746f2a2af12a4b21431462ab4ba62be4ea9b97df3b09e0a839fa92fbf2674661ba6f6ff9382a76c813bd0da58cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74d415627c15e5eeab3504422ac99d56

SHA1
2162accbbde6eecfc20d7c0285e427d015939c46

SHA256
ea85851e1326fc708bfa81ccae0adcd6ef41dfb4d01c03f416996c61990262cc

SHA512
3ef3b899720365eeeb07c214ac36ee7d8de7bdfe4835c933aef3a91aa56e8e45b35e900c073a39742b0553e73cdd818ab98854ec5a50ba1c06e6fd9d054b87af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4866c70243297727c99f4cdd40f73dab

SHA1
101550615b304cd6725e715a3905f6b6ab67c436

SHA256
c78189497363af1b1038b2d0727ed2521a9fd458d6579ad932b27f8dfd632a7a

SHA512
ad9edc2355581c368c703bb7ea95dbf6aee381f8e0b3c1af291dea78ec6c9f8c8636e31d1f162ac4eee862ade4b8d44112539a25f2befec5d130b95945ca404d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
24bbcd3771c7ed49ade55bbc4a278c00

SHA1
6576776297ce1b9c16f93a31e6261558fb8f6194

SHA256
956499cbd92ea5152fb1722a00f7f904680fb56d4f047c15c8984af0c766e598

SHA512
f652b3891a18f2b603ade507561de11dda836c89832ad76ace224098b4389b07804f6b317e893a411c30df038d19e0d1f15d791d75de8af289f46cc99746b04c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
1820f35267793b9afa535697b8dc1483

SHA1
da4d773f64ad2ec7ba09c44f8c4bb6800f347a4c

SHA256
1c5491d318bfcd88630744cab209342a18d38ab9f02f7672f8c1470d16ce9b3e

SHA512
418110d6d76f704842106c7be3396b18fb3a10801fe3317c5ed046864f97368d5a0a255e8aaa1d7c8ddbf078a6e427afbc4c5478a059ee0a6adee0d9d97d8753

Download Submit