hxxps://partner-hub[.]deliveroo[.]com/welcome/b5435d630b65d3bd0532b7c77337b1c8

Analysis

max time kernel
1200s
max time network
1200s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://partner-hub.deliveroo.com/welcome/b5435d630b65d3bd0532b7c77337b1c8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623975148659171"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 5080	3400	chrome.exe	82
PID 3400 wrote to memory of 5080	3400	chrome.exe	82
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 3964	3400	chrome.exe	86
PID 3400 wrote to memory of 5064	3400	chrome.exe	87
PID 3400 wrote to memory of 5064	3400	chrome.exe	87
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88
PID 3400 wrote to memory of 3656	3400	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://partner-hub.deliveroo.com/welcome/b5435d630b65d3bd0532b7c77337b1c8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadc09ab58,0x7ffadc09ab68,0x7ffadc09ab78
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1904,i,13513029371045191731,9800949455782421451,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
bc130b334d69fe1a1fec65f4b3011528

SHA1
6d2cc48b0fc81defbb5a7436fcbc83ea22a5b846

SHA256
27d4155ac68cdf79f1caf41144fd8da58d2808d930d228f0f444e2cb870bf634

SHA512
f0af6ec5d7b33e64a4ad0cebde4ce96299a73fbaf13d12a4b2abe08bc20122c7f660c867e098d29b7f630cf49f859e8115e14f8e1156c607e13dcc7802302ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
20f34654ef893e1e2b46b7d6ac91d25e

SHA1
0c12efe3fb3600503425e79f60f225697a5935f9

SHA256
37662f4b8654ebf32b7f4ba877c40db362864a7fba20fe4bdf6c0f67ac0d8fc9

SHA512
16964a66e4907d3ea955f72a063b9f2c87f2fa4369de551e67d367e0a9b2e994c3abfe4bbed56183f52f0137373897597518367b8246c25afe9b4f1290d63ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6a5719da754a552bae3675ab6a85756c

SHA1
a938df503d27364e7a8fab9c1d3b3933b5c6190a

SHA256
85e7a856542807e4cdfe9aa28d380333af8424cfc9d69acc863939ce24ab299c

SHA512
359b9668b4d0c413d81449fa4009b8f6ebe1ffb74a55c2a144e48cff1df8ee169a5025352536cf27f180d671e9c522e2cb2b1dcd8cb66181c0e1253f7dca3d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9a4826a58f363b3faf414d0f64d67adc

SHA1
defa93b42d59a9c98a9effd41cf86c5c8e1ef29f

SHA256
e15947696a9cd2be353e11d261f2567bbe5bee1f02c74e4a1e3a4b432fccc239

SHA512
11124512028c67f8920d0baafd4228d717b0db95df8d37336b7c8b3a0a552395b4cc2c36f2318ba7955dce108cf860a03ba1c057a706e4288603aa3e310fd0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b13649198fb10b9a0100c5a8b49554bd

SHA1
12edb9d251ab64c329f16cc7bad8f648f78bad28

SHA256
80e56a335f158fb05f07674aab06a998536b284a7352280b493f151c9ace4701

SHA512
0fa47210676eec2c50910a8a9319e0fe8bbc8b91426476ea09174f44af9b5dd0079dce3412786bd1a32e5ab86b93a55748eab6b2fc32cafbc5ecddb2c4d2903d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d26347131ac2fa89df1858697e958cf

SHA1
a0b04108f3ac4267a2ca79f42b8fcf42489e4373

SHA256
a817d9c04205cbc244e83e7f88973d308066a52799715b63dc6c189345056d61

SHA512
922461cd51e379f50032f22feb60537d0c0cac6dbddd10b9192289e51bdf413dafd632dc177f19d31e7fbc70e02a202ce55436539519f4ee93e838173f020885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce2bd2bb746495f5e4e651778317bbad

SHA1
445aded38a2e16490539b73ec11ce87245b180d0

SHA256
0fddb301fffce09ddf45cc2907e1535c1af2d61b4cf1d46972fbff5fc2e20a21

SHA512
3dfda742b3763188ed98c0c39f8fd5051fc880708e29290f33d92875a5ce580cc5e68649dfbfc4dffd8ffb776ab6b1efef4c624f2073d8da0aede713bd6ce5ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3b08449843faf3d564ddfa3f0c406ef5

SHA1
3b204f41a4641857cbd04bffe731866e61055d4f

SHA256
62e08fef5e68115e033d3a3177cffa239e9b9f61d699099cacbea80b9e31bb18

SHA512
e2837bc5e16ee584e6c3da27a0fc8d5f0c11f1f6aa96fecea7d5fb52220d32ecf87652db8e8364c50f9d555494885e75291faea99e19e0f1383d11e221750645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
12f5cbd951b5348239989b445cd7616a

SHA1
43985478a98540517f392a90fc847250a8e951a3

SHA256
beecd172f4e826efc56d3e61af84e3fdf217284bef622aa232ea9b5127afb0c6

SHA512
1974cb9b86ab48bc3e80ca6b412e7ec7fb8c83ddb65f49c6648401f73191066d53316c1228b86a86306992736a6e709887b4d498fed583502ab89a2d62576d8b

Download Submit