hxxp://u[.]to/wPGzIA

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://u.to/wPGzIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619133366276153"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

5064 chrome.exe
5064 chrome.exe
4820 chrome.exe
4820 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

5064 chrome.exe
5064 chrome.exe
5064 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5064 wrote to memory of 996	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 996	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 4952	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 1332	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 1332	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe
PID 5064 wrote to memory of 2248	5064	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://u.to/wPGzIA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffef810ab58,0x7ffef810ab68,0x7ffef810ab78
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1896,i,10042677750436571020,13532853204868184424,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3980cc96f3596878fba3a8609964426c

SHA1
7f65aae7597024e4b04a34b1ed487c8d8d6018eb

SHA256
dd6542495eb52230b05fa51511f4b12c920b407a200e5bf3e0ac0bae6ddcab7f

SHA512
452c5a24aa9f3120933095a35d8e4aa17fd6e0414c07126358e29137a051786472013019eccfb309e04bf06da1ff23356829db2298a20da21b96357067174801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20592fc796c8388a3c93cfc13bead620

SHA1
1ea0f1a2f0f8e17dbd553886a435e79175874894

SHA256
caaf23cf88daaa4dff23f6b993b09653789581ae8e34d59feb8ab6c2b1d22adc

SHA512
444c28952437167230c5e6c718249e7437fb171d6dd5b77c0bb396593b1bf94dd63057f02e09651caf98913398217c4bdb42ba59ecce40a631e3604760bdb7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
212ad83e065cb93d07d0a40d343400ae

SHA1
aa36a1fe493fe97d44afbcfa6f1f242467d49743

SHA256
b550dc481d296fa9ecba65c9b6afc20e32b69adb186f38dce77e515d1e3a75cb

SHA512
d6a7063f4d68d6539de886110c480591105a2ddabb58eac4a0cc981a7346d2c32cb15c9e6f4dc48ec3ae65cd3f7ffd4a9b3ce53731449b98bf5b2277ada7806e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
87042b3829da81dbabe94ebd0f0b054f

SHA1
e3a4a9b673b62f86c40273247e6532f457db2ea5

SHA256
4ff0c42f22df80d893726ba8d6dc1993ba55484f9eb03e0972c44444c95fb68c

SHA512
ace29b9e181f44aa4d2c1d3480da6e009daa3847f101000f9dbd016fb164a38d12bcb460a8d9d458721219677b039573ed09f5687bc9a34828eec2296eb91917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
901f125a18e675c1746eafbb8b3aa1b3

SHA1
f701e6e601d03aa74217bc85de228423dc76da4e

SHA256
15974f2d6fa778ff7cd153da3a9133e806f3c552c8cb3caf50a0ecfaa6edc0f7

SHA512
898c904fe3ec2a5d6ef809f307b6cf33f4e1d5ef5791c6edec6b6f59edd205e932cb7dd731ddbc000d2551f6d0e21358d9e4850ba5a9544501a9ad584f115ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
672d03ed929aebbdb9710a1c8cefa0c4

SHA1
dafe8480984fb9fc63d9a061518111a65a137ab5

SHA256
ed42e3364a8c24ae0cb52f7d5744651091554d4647b277de7cdf9305d799e4f5

SHA512
5a39f227ab1d87ec20c4479ad2eaa1d8226b61f3b6ab4b6c9f578c4127561e324f49ee2f9ddf7b2e3c90f89ce66646aac86de421947dbb57c8ab8aa5bdde7818

Download Submit
\??\pipe\crashpad_5064_LFUEPZSEFLJQQIHO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit