hxxps://tripadvisor[.]us1[.]list-manage[.]com/vcard?u=16966ef3c784132e816333f7a&id=204d1d2ef5

Resubmissions

Analysis

max time kernel
48s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 21:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tripadvisor.us1.list-manage.com/vcard?u=16966ef3c784132e816333f7a&id=204d1d2ef5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620088874750877"	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.vcf	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.vcf\ = "vcf_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\vcf_auto_file\shell\open	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5596	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
672	chrome.exe
672	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5480	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
672	chrome.exe
672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe
5480	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 672 wrote to memory of 1692	672	chrome.exe	90
PID 672 wrote to memory of 1692	672	chrome.exe	90
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4588	672	chrome.exe	91
PID 672 wrote to memory of 4020	672	chrome.exe	92
PID 672 wrote to memory of 4020	672	chrome.exe	92
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93
PID 672 wrote to memory of 1092	672	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tripadvisor.us1.list-manage.com/vcard?u=16966ef3c784132e816333f7a&id=204d1d2ef5
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x40,0x7ffeacddab58,0x7ffeacddab68,0x7ffeacddab78
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1912,i,2944220041425428732,2985600442950686372,131072 /prefetch:8
  2⤵
  PID:4412

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1424,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:8
1⤵
PID:5284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5480
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TAPS_Agency_Audience.vcf
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
4b19e5ad6c48443f75953e7aa2b40f18

SHA1
eefae8cf0a05fd260e519f38963129a7ca10bf90

SHA256
1fa3d5ce2b0006d073626b38762d61aaad26f568220fbdeead973984473255de

SHA512
0519d13dbb983bef8c3473b952320b06e3dca93004cd4dc71dc4d6726dd5960f94b82bcf01284ccfc164ad2ccaa05c5595cb118556ba820bd10822f638f982ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9827dc290ca3667a43a3edda7240094d

SHA1
1ae236e0b089911d712c4cc6d41baa448b51ac39

SHA256
26db3782adbe73b0e35b120a19a5eb4d57a734caee4936e2ff2783c9772bc301

SHA512
ed8740c043536e661136ff1da38c3fa58f48b2f9a3e6a5da46ae687eaf2bdb145097081357fc149930e6a5995f66c3a2f99b6cf55ef238815fc3563712aa2062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
2d1d5c5fe009156d6e78cca38b5ee577

SHA1
7bbc216692a0b6b91a6131491c37e91785c6b2df

SHA256
f783a0968440cc848a1a193a87f61f6b4982bbfe57885c6caa482d6af5275e19

SHA512
24f6d0050cb3f42a164fa1c7765e2052989530f150b81b19ea166b34a216c728584ce2972ed51ccfdac5d38c26f01b727d27e439b606da49e6d6e0dacbf37138

Download Submit
C:\Users\Admin\Downloads\TAPS_Agency_Audience.vcf

Filesize
267B

MD5
71aec5f3d736dad68beb3c2e95613618

SHA1
2ff1823dcbf58aea808a05c1564b4ba321cc3acd

SHA256
70ae9367a5f89bf46b7b94e96f6e5e3df909838d3c004840625787c7a8256b30

SHA512
2b4f158d092e5cb7703265203ecb482437d6f3fc46c8c56a222acf713d3639120da3c19edf560e98f913cd9a2d5cfbdf751bbac59175a077a061a9ed8ba2a823

Download Submit