hxxps://cl[.]gy/ZTtsa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cl.gy/ZTtsa

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

41 api.ipify.org
48 api.ipify.org

flow	ioc
41	api.ipify.org
48	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645693083881645"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

880 chrome.exe
880 chrome.exe
4264 chrome.exe
4264 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

880 chrome.exe
880 chrome.exe
880 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 880 wrote to memory of 4532	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4532	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 808	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 5000	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 5000	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 4148	880	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cl.gy/ZTtsa
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c8fab58,0x7ffa5c8fab68,0x7ffa5c8fab78
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:2
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:8
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:1
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:1
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:8
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:8
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1896,i,8882078291374879823,11048215409184726557,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4264

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1580

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
533eebe30dbe97da08a9ebfc458c2148

SHA1
180c7769e1187e25c9f12317349999a7ee758403

SHA256
9f67201cba457a2318627f7b39be36756b84117d115c27a86433c74bd59ad28e

SHA512
6d5569a2eb7a66fe03c05bad0c225d2abfaf15ddfcd50a0b97898d76080904202af35dd8a2e93e298d40cc53f8b80fcb61121e98c79914e44adfc1c7f9b2178d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9b9be70ef7be68c765f67cd0c410e1f3

SHA1
cbec122e7c71eae18c568d0e75b534d2e0c103b3

SHA256
a496d481e275ca49d907d627a0c5f9505c14a652fcd42f7da4c441042a880dac

SHA512
a503717f864e1c5e84eabe8aff33b0006ad8374c392b1727cb6e3aa8e5652e9b23c023624b7805992c31e46a506033177ceab97ac84377134e71088733a31a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
2d558ecf7552d86d375b906301a5f9dc

SHA1
eed2f4b0b6bf23dabeabde9ed21801c963a2c306

SHA256
3ef1d01f2e5ca080911223e5ff0ab461529d7d51a1c96a00be02105457bc4101

SHA512
71d6351ae3f24427c402c20f504bd735313d745258e54d4f45693ce22e5f48c3f1723e54012ea780c988c2fd3cc30d4dfeac23c88c15213d6f44eec9e25d6bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
691B

MD5
fa0c0edd630d3f2155f8cf048e7a9865

SHA1
9f2f1b609b64cd05603a753ea24bdb9b50c7d536

SHA256
65c6034cc056bde127b94ceaa1e276d7abf14f0a13984a13da9f7cbd7e11d962

SHA512
e4a160ce8a4f10710193058c6acc895a08ad6f7d969876c7e789399da22ae3c6da16e07c4ff755f2c7850bf7391c450e2b59834ef19bb79c01648876a8a61e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
deec4a69e2f525005e84b0a38ab5e603

SHA1
af91416fc9ffc708807c6faabdbee12c14195add

SHA256
ecd246992a80800309260ec294cf7d45711a2760e1d7fb8426e789f5ba250a95

SHA512
c1be6710593547e91a5183658afcc1e6ac092617e7b075c9bef055fae5aec23e149ea4b8b6d3e6934716fedfff81af9edd8473dc512bc571e9d0d6381c12db8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
156143a2839d805b713d25f294140d5c

SHA1
b03da106006fca303d717bef173a3cc83c7caf4c

SHA256
376a5928e2209006ee7ef90a2490d27e22144fe1020748d7edd5340217781359

SHA512
4161726efd20cf0506d4f8efacbdd9a90317bcf6a36653e4f566b0ad836505309fe889f9361444594c0f715aa7d0576924e135a02f8bbe9a687fcaf9e2d2193e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
9af3e3225ef39901b9944ddb35fb84b9

SHA1
59086b3d757c567645955ffc8f3d2207eaf0baf9

SHA256
f4f26c420ecd2514fda8e4fa2f1b25f1500cb4034c42390d8a437e2028890df4

SHA512
844ed0532aa0e1cb7d149bce9cbea63349c0c5973479d74a1ee7a75ce765bb74c8cdb64fe24d5d687782df34e5e6caaa9ee99f01ddac669ad1364aae3771be10

Download Submit
\??\pipe\crashpad_880_EURCAAQYGTXKJPHU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit