hxxps://qptr[.]ru/Li8Z

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/Li8Z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619262265380483"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2592 chrome.exe
2592 chrome.exe
1512 chrome.exe
1512 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2592 chrome.exe
2592 chrome.exe
2592 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2592 wrote to memory of 3028	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 3028	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 2140	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 5064	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 5064	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe
PID 2592 wrote to memory of 1144	2592	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qptr.ru/Li8Z
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff739aab58,0x7fff739aab68,0x7fff739aab78
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2088 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3896 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4172 --field-trial-handle=1856,i,15848736413845239715,1890463051681159060,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6f3dbeb5-b4cb-4352-9d6d-0bffcf9d0cdd.tmp

Filesize
7KB

MD5
4130646f0ea3bb1a424795dba05d846c

SHA1
6a48aad567554a01c52af2500bbd6a0a5c7477e9

SHA256
3f881a5d8d4a4d6109d651cc9dbf9c5b9ea7edef96dc7a9f74d2642463adcb6f

SHA512
67ecb9528d94c6510b4af54349fdb3b5d53a95f67d63926d63f8ad49aedb7926fe65479b009cca924a575b5b1b0c759179b89291a36da14714a4753617f9de26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e97f519c81590ec2cc3e5a1167b7506b

SHA1
6e2f54a4bb0d7939859a23c0d04c5af141fc9203

SHA256
bac0ba8217940c671b313777ae4a152a790b7156f5e25c33b3a4539837e89e10

SHA512
4c6af800a9adabaa9831885a23c8682118956781abb85c7be0bba7ade0613d06735afefd88ee091d3b9094ae0e244d93213cdd1e20091b725a5944197f848816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5ae9ef6a1325a44f807c68f0e47bf97a

SHA1
44afc4c186ef3335b9a20df31b9e367aac18bf34

SHA256
9553c9e9a772be2e0894015f5cc592417e5f73bcf83931e6fa57764aca6619a2

SHA512
7eef141b69d7829bfba0f0d158e32f44c65743854e7f3354918476b1b98d2026d06b4d31e48ba6418dbe291d8ef11d79a31505448e9c4a47f8c726e9dcd7acf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b4fd953b0c252e14262fcdee39da916e

SHA1
e8af008ade816d2af8d657e2d33bdd44933bac89

SHA256
47b3c8aac1e1cb7dcebc799ee8ec5407aa4a85681d294f67857b5b9a69c943e2

SHA512
5a874bc79c1b5edd085b3267e16319679402933b03eeb1e618ed65b7d1cb5af53162c910a8e30d92494cf0bd9ddaf80b0725707f26e1ad42ef8710ddeb6d6f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
79100d23d87fe23aff9013835cbcbb01

SHA1
8398b74dbc1406ceea0cf1721e97b9d300fe3d28

SHA256
cb9249e5f98fba7443cc36b9abc8a8f27102c23fadc69883fffc4dffcac3aaa2

SHA512
ec22995136b61c8e7b97065d285f734b3bbd9d356322dfd46d67360b8aad1d9f20f98033f920e6ab73eaeb35736fef0f68f0e5fcb2ff409966d54c730869768d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d888ca86be43bc5b7202ec40b1a3c78c

SHA1
01e890dcd2de801b5ff59d9ef224f4423b537b19

SHA256
b3ec6baed7b141a4b0ab2d65b8556567f014d83df1247843c310dabdfc1edf28

SHA512
722be4bcedb8391f82e1b1d73017bb84e06ba1f67a9c27d36390c8b0a43150cc286aa0b526480726392350c597c8d3631d0afa200877a50c55bf7cff06eeb8cc

Download Submit
\??\pipe\crashpad_2592_BQYEKHDAYGIWEDCP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit