hxxps://storage[.]googleapis[.]com/ana_makita/makitgetbymej_markred[.]html

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://storage.googleapis.com/ana_makita/makitgetbymej_markred.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638090787806904"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4588	4960	chrome.exe	92
PID 4960 wrote to memory of 4588	4960	chrome.exe	92
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 2748	4960	chrome.exe	93
PID 4960 wrote to memory of 3524	4960	chrome.exe	94
PID 4960 wrote to memory of 3524	4960	chrome.exe	94
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95
PID 4960 wrote to memory of 3256	4960	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://storage.googleapis.com/ana_makita/makitgetbymej_markred.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffff4a3ab58,0x7ffff4a3ab68,0x7ffff4a3ab78
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4516 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4644 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4252 --field-trial-handle=1904,i,1289690181777908839,14972374190413459207,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4420,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:8
1⤵
PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6f767cb9f4d55e369ec63b9a437de678

SHA1
072f88ae5e11616220152019151ee744c821b36e

SHA256
7f3b5cd8eccc377b38ee8c803a3529d03c3e9a3a2022d6dd0a66dd9569ca67e3

SHA512
0e9c2cc96228309bd2682e025eaa28e75c10a727c256d2d6d49cd8c1b54b8a50f2b5da50d56545635021f2f9ffb327c0f02a9e374b9726d05c093f363e1000f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fc3021306bf62225879fd0aa50d9a4d0

SHA1
f2227ba51142c2b0f60b1cd2756adb30f8a34174

SHA256
807fe7e78c9089c26c24592c91138696997e8f7c263581eb2056b067d17e935d

SHA512
1c5e5c92ff0df24654d82d3e46acf15852927d014f002cafc256b3b40c422be6e09ae2d467ab45b1c97b3da10ee53385fcb0d491370f1c9e7b7d68eedbc632e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
92373fbed1cd25e933803c0d901c9c33

SHA1
9bb0981ad6c3d0b522fb01a4affb9e6e89ab815f

SHA256
71be3f93c81ccffd38faca075725142bc52cec73b46f4f90b0449111cd6b901f

SHA512
831e95a6637d7dcb43455a4f6b30f25d0a082e7270cbde6ffa4b1d57dbb6e47094c554d8ff60eb159d9ddd319abf407c84b02b12efc06d32bf6eadeaa4cc7be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
acda20b207cd942477792b688abe2df6

SHA1
013993bd4b048fa905397b88199b764b7060e5cf

SHA256
01777b77f412c0b61a8aa638d5727ae58f8ce21b142b6fef208ea99392fa8bd8

SHA512
061d4c9b9f3c9e35524426a8054890a0581bdf45d9daea2e350dda0c30cc7c44b71d50d80308b558c29ed5e8d1999551c1964b0983f8e695e25926babcee5afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
d006994c178dafcdeee4947391923404

SHA1
1d67d7e0ce9af8bc42e42d7def6e63c28688b328

SHA256
dbdebc0597380141cf68c6e69a8b018cda426b30867af0b49bfd9bca0aee51ec

SHA512
a716a9adb1b05295715fd956690df5a6c5e3665024c305252c5e09d17433bb7f11914c7abd501357df0ca3f7b7e80b5440261390376935cee949d9c64d0b014f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8f4b0913302bce266e40b2eddfb6c02c

SHA1
4a6271b123cde72442ad29608325c6194de98931

SHA256
00e612c27b095803faa8653764a12f94ff898c7610b5d6bfcee80e48bd0b66b8

SHA512
096417de2b518a68611cd7939548c519bdc1460b6803a37b4a6ef2aa4ff637616b72bacfd0141bdc1b0cb5277b10b8d292d5943cfd4d419d881a8694988ebdf0

Download Submit