ace42bc61959dde6abbef1deccb2474f97bc8790f86b853638cf6b9cedf7092c

Resubmissions

26/06/2024, 00:05

240626-adg5asvckn 7

26/06/2024, 00:03

240626-ab6d4svblr 9

Analysis

max time kernel
72s
max time network
77s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
26/06/2024, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updated_executor.rar
Size

3.5MB
MD5

d73111b521e8f8b7cc6596eeff5b1749
SHA1

9cbf4b5ac548c7cd0c5adfd0bb5448dbe03aa590
SHA256

ace42bc61959dde6abbef1deccb2474f97bc8790f86b853638cf6b9cedf7092c
SHA512

c7459453f7c9732135a05a4abdf00a1c12036eae503c9fc90327ad3a77730bd6b6fa349066de7d8f97c295e1429548100b484bd25d27fbc54ba4aafc12c7a9d4
SSDEEP

49152:L5nYy10A2bOJaxwQ28QbgdP/h5NySL3GNq2WLIb/TmJV8lwcOMcmf3HYgMkC2ZDc:hYy1l2VGQ23E33Ny2qjbjedM9PMKZvXw

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638340000739980"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3920	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2328	4908	chrome.exe	84
PID 4908 wrote to memory of 2328	4908	chrome.exe	84
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 1072	4908	chrome.exe	85
PID 4908 wrote to memory of 4972	4908	chrome.exe	86
PID 4908 wrote to memory of 4972	4908	chrome.exe	86
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87
PID 4908 wrote to memory of 2624	4908	chrome.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\updated_executor.rar
1⤵
- Modifies registry class
PID:2432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffaf626ab58,0x7ffaf626ab68,0x7ffaf626ab78
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3476 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4400 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1616 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4012 --field-trial-handle=1796,i,17011265276999647379,2811910948888476257,131072 /prefetch:1
  2⤵
  PID:4140

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
93a75f5f2b99fc71ee5ef339c181c910

SHA1
9c6b23e0217952e1b0e2f9c933f9021c106c400c

SHA256
d29f9d19d27ec3ca4f1fd8ac04f943d8c00b112937d2b910927236f2c69efea7

SHA512
c9ed2ce3a8484971314a8105ec00d1ba9578a7539aa5ce6a82b99f1b358d715d49b444b557a1def075ae4ff7407923f39a0e549490b89644153e709e650f5df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8c9c931871fb2d3c45a359df562807a2

SHA1
5a1be1e3b7a00295af26549434a0f1d4dae539c9

SHA256
21650c8e359f1db769255d519649d36d230efcde6671c58ff83ec70f584fab0e

SHA512
6172261f94e3263762fbe1ca2d09dc896611d24119cdc25b9c07eb685908e68ded1dbcf4a663325be310532a69691f19286d9388f5cee054eea7d4c034e196f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c49e0ed82a8aaeddb7c8912cc4cdfb2d

SHA1
8f52c68046991e2c7c273774b2254e8e03ee1208

SHA256
8a574bccaada3d98823ac3ad9cd055a2ac84b270546cb32b6505d28ba7942c71

SHA512
615240f65e98f6d9394d158c00716bc21fcfb819e040d9930e7eab98e305068834c7d917cdd20eae8411e9bdefcedcee3d3e7997c0563c013073abba69a2f350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
7c8083afa21970b9e150049e2e33a80d

SHA1
1946e420fe88d0606579d15bfab5632a4e798541

SHA256
f2d4b748bbc9b92f81e9bb07451c2b3f70a5a297b8fc97f1b30786314032d95f

SHA512
a41d96256f58d9df29594de6245c1f5c1bdff3bdc8fb943ab59797ec955b879ede722d5f8379c6f14c8477332480dea47e8f26000e593957feb1a76c4102cb42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
23eec247348c89032610b1fbdd38e1aa

SHA1
710da82a958b40b5c2a651e239a0955291cc9c33

SHA256
1191cb05b709471fb2c40554c8404e953683fa9f8c2ee2c5bae7fff556f3af04

SHA512
255a0945290337f7a520601594ac4040ff797544e58853783b1d27278e5263b15c26e9fabf1be02fa988c983c8ce077040ff390c3a721c7d0a510677305575ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
830002592a663dc8b82f766dcd63ad35

SHA1
35cac6bd09fd48a3ac122bcebbfa89b227eec498

SHA256
e7287d2cbea88ab826d30adba547a34115e5f32b289b4d9377f8d61857c9adfa

SHA512
09642b9ccc6d94d1cb936632636f8c2a3a85bfd3173f5f5aef38822bca247f2f81e318f0a8aa40204b6d439b701ecf5d2a25f7a6c830ea278342e13ae6177158

Download Submit