hxxp://larandeteknik[.]se

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://larandeteknik.se

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625835142750672"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4228	4036	chrome.exe	82
PID 4036 wrote to memory of 4228	4036	chrome.exe	82
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 3844	4036	chrome.exe	83
PID 4036 wrote to memory of 2000	4036	chrome.exe	84
PID 4036 wrote to memory of 2000	4036	chrome.exe	84
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85
PID 4036 wrote to memory of 1852	4036	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://larandeteknik.se
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe48bdab58,0x7ffe48bdab68,0x7ffe48bdab78
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4584 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4500 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 --field-trial-handle=1884,i,15545894732649010873,9700388618650601434,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9c3c3da2e1a2683cffc142d7d2bc5bef

SHA1
1fd5e04c4cbdfd246dbde2b3092e45b148f1cef4

SHA256
9c8b110c273abb2ea5a643196f917f699e6bdddce163c7a8aff81c1bd26b9382

SHA512
5f75f8ecc71b69b5eaac82029f2761bcf45265ccec983ec1056bdb94177da63489495835d3d6e0569407cba5e1dedac2f86b6710ecf51d1c8760d7d2ca58cfba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
694377e10c0d6fe5ad501560cf344c84

SHA1
642d253e3ae0fac096a612abeaba6526275f7062

SHA256
8df803bb87bb8c91cee25f99e142ea391d397848a7c708fd3a82149cca35904f

SHA512
0ee7cd55f1165dee30e8c93986914a174cb521b7fad13a82d7de911b6507163d2f8e18a1a9bcc7ee7942b0f13910061a46ea80d907141aefd2f5eb3e0c7d45f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f4fb5b90b66db19035c6885881fd079

SHA1
05f9c57553f7b9aa732c49b5b6e86a65ee68ef5f

SHA256
117ea101e661ae4634b3bce5777df5ce8a1ac5ad2af8fa07a426bf80780a3614

SHA512
a275d773db844a20ada17a23ca65b5f0c37e844e6badb7b4f0329982f2c7f18d5d8bed9a77a61b81bcedd0dacd15a63581d86fc1d170afe6c538e11e9137bbf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c7df7ec868a1fa91c25cd12f0925a17

SHA1
02d0c63c0fa679a664dbf6ac794b36244ed7e11f

SHA256
6798236193c99998d0c9383474b498a765b96626058fe9c5bd79bafa47b6b906

SHA512
1f06a3e13f3d90692959ea98397d0e34a5e2fd8d445fc1c3fae091091076b46f5df3628bd883d1a1c74b71b7f949a16c65c5607f8350cecceeb1835f35dce1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
216dd3adeabce484ab73d41ad991623b

SHA1
4e67c78871539f6892eccc4b185529521a9d4b51

SHA256
a3faa03ec55930b10369cec3a33aab33d16a33a7fa76d83241ff8f2814781134

SHA512
f8fa91b0803c27d4ef10f56f096d9fa8514553975702e14b21f2abf93609b86ef3e2805284e58e4602def071054db5ae8c58958b00234154011b43f2aaeed79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09ce7578c2e16c1bb21d09b78ffdc92a

SHA1
e1cd0c6c4e392cfd90374f9d8ddef3292f88fe68

SHA256
3950037558871525b0d94c84c04607dc0034cf9880c6c001094bce1c27a6af91

SHA512
82306cfee99ab1aca01a75f96b2afecf5c70765d92901488b1e3124aa220aee6fd743f04616ef07fbbafc58987bb2d9c660cdbcfb3151763b6efa8c3ccbb501b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dd616d9bb4436abf86dba370b704b9c7

SHA1
e7a80f90d2313cd19ee1e479805be150ac47235a

SHA256
81103a46504a3d11fb731471fca1445d8fd1c3d2a701287870c5ce9b0447e7ed

SHA512
632b89a91085933184dc3da58fd344cba1bd965d6735bc7a8579a67644ed5802116d7cdda64f638376da593bdc99fa16e8b8f54b42750fb10947711972666dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e8ce23dc-f7a4-4b14-aaab-da0b176c44f3.tmp

Filesize
130KB

MD5
567f6c11d6d4b191e711f9ba984df28b

SHA1
68d3f4b9856e74cf7bcb355cfe39f40d19f26f8a

SHA256
96d25ae60c220524f22846a0dcf0f32fbbd85bf81729889bf36d8be0985fab97

SHA512
31fd587763b5a3c91cf91df79a79c26b67f358de2a3d61023f36aa245fba6fe4ff7530def162d621e011d3c64702b2a7b69f7b50108124dc94c881782fbde462

Download Submit