hxxps://studio[.]bluebeam[.]com/share/mehyt5iqfpfyfe

Analysis

max time kernel
70s
max time network
70s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
28/06/2024, 14:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://studio.bluebeam.com/share/mehyt5iqfpfyfe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640592177424610"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 796	228	chrome.exe	78
PID 228 wrote to memory of 796	228	chrome.exe	78
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 3044	228	chrome.exe	79
PID 228 wrote to memory of 4016	228	chrome.exe	80
PID 228 wrote to memory of 4016	228	chrome.exe	80
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81
PID 228 wrote to memory of 4936	228	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://studio.bluebeam.com/share/mehyt5iqfpfyfe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c24cab58,0x7ff9c24cab68,0x7ff9c24cab78
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4436 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4396 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4480 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4648 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3224 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3960 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3880 --field-trial-handle=1856,i,13633078534641683699,11772609401187243434,131072 /prefetch:1
  2⤵
  PID:4068

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
95f524ebb1bf23cc34a1e69c62e04bd0

SHA1
7726449119b36582ceac3910fcfdb1469215d7e7

SHA256
96248617be17bc731e0fbd1029a4918423c7395b982ac9c323449b2afd0e91e3

SHA512
1cf20afa5a692f0b22f04d1534f033a163cdbfde3b08dad6a7751bf9a615654f68d6f35b03989e04f2418bdb960253865b80d4167c01f5d9734685e65f4d159b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
cf8337c56d9bab084325a1f3c675abf7

SHA1
30d3f48effce5c65de077a52d5db86c433013ebb

SHA256
1f8bbdb7bcd8790b75bd45033744bb405f083e5f53f99a29cd088c097dc8aa30

SHA512
0721870c7cb2bcb03d588adf04c5ae9f61cc9ddd96616ed25f59440b23fdaa01c59e22bddd10bc397ded33f432b8356d72bc10bb0af8e3cb0552c94370177875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
97b3db5b4a9816734cc285cf2b3f0a7a

SHA1
9e0aa4c3a66db68809db389e0d8fdaa16ec24979

SHA256
695f4aefdbec785651cd2edcdb7adc80c9683e383d9a3945194d5419c461378c

SHA512
3414f1f27398c2b4c73ecde888ca6ace01ff3d454b5007180cf418f624e36002eb3b82c37f4591c1222ce55df4a09833dca02ecb550561654d82e0e9e4466dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
e9ef40038f91a6b1017b97fa1785a940

SHA1
357fcac720375d601538ee2c906948b5af4b8890

SHA256
9a0b5cc1e544905b48d735f2fe0a79757844d55c188fcc729cc5813a1190d40d

SHA512
999536cb52710e80d5a5946bea9d1809d29f929afe7beb82ed2d1ce0d1f08a2d82a5cd2e9d0d487f2d01dfd49bbbbe7f09eaa451f3adf3051de9e7ae9a444179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581fd7.TMP

Filesize
82KB

MD5
1291375462a132003e3f8a565a01108f

SHA1
1f6d7c57aa77e028fa3a0fd16e1e0b4e1df1dc84

SHA256
9198fd56b6a37d1600f3b75f2f617eb5510ddf15463c255d31cdd99b87a1197c

SHA512
6931f84595cf0c034922d082f60cbb86042a371ed11b8164edf6d2307de5fa10a8845b5e835d7b9bfd32ec526c2ebe957f90f345373fef85d7b2f32610a13f38

Download Submit