6e517782e2e25b874ddf2861144e814309235517cf517890efff1a183c014b21

Analysis

max time kernel
74s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 20:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.1MB
MD5

86738dd73219b83320ba19af11c97e11
SHA1

a18ae0b3abf1aabece29993b227eef15f8e055e1
SHA256

6e517782e2e25b874ddf2861144e814309235517cf517890efff1a183c014b21
SHA512

45150d8ddc155c52fde993b308d79bd5fb57c835339de9bee7e98a7a035a79ac947d8ecab8bbd2873b4ba75b3a6a5956769a234c929c183b7fdf1284ce08e3ae
SSDEEP

24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8auA2+b+HdiJUX:1TvC/MTQYxsWR7auA2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2988	chrome.exe
2988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2232	file.exe
2232	file.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2232	file.exe
2232	file.exe
2988	chrome.exe
2988	chrome.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2232	file.exe
2232	file.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe
2232	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2988	2232	file.exe	28
PID 2232 wrote to memory of 2988	2232	file.exe	28
PID 2232 wrote to memory of 2988	2232	file.exe	28
PID 2232 wrote to memory of 2988	2232	file.exe	28
PID 2988 wrote to memory of 2100	2988	chrome.exe	29
PID 2988 wrote to memory of 2100	2988	chrome.exe	29
PID 2988 wrote to memory of 2100	2988	chrome.exe	29
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2468	2988	chrome.exe	31
PID 2988 wrote to memory of 2464	2988	chrome.exe	32
PID 2988 wrote to memory of 2464	2988	chrome.exe	32
PID 2988 wrote to memory of 2464	2988	chrome.exe	32
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33
PID 2988 wrote to memory of 2604	2988	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bb9758,0x7fef6bb9768,0x7fef6bb9778
    3⤵
    PID:2100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:2
    3⤵
    PID:2468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:8
    3⤵
    PID:2464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:8
    3⤵
    PID:2604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:1
    3⤵
    PID:2764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1572 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:2
    3⤵
    PID:812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:1
    3⤵
    PID:384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1184,i,16247022335383201359,6775829636757123366,131072 /prefetch:8
    3⤵
    PID:2160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
b8bc03940dfc8ceb0e414209b33fb08a

SHA1
41f634b4a34310e3cde61aeef503fbca6b05669f

SHA256
35ce0428a09a7f687c2eb66df3931aef3359aa35962f53b0c82c3f124f20329f

SHA512
d2782755d8c48d5a6bdea29d53ae13d20451210f17def25027d643035999a2ef602a13683b0078b4e17989a995b7bd6aedf2194b746b413b45531c6f16d00eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
46b193a4708b487eeb38aeb1478fa338

SHA1
a456c6fad879e09b1f3c35335f8d0c96293efc0f

SHA256
00cd3dccc23dc2a29f180235b71d4997691c819fc0b1377e692e21f8971ab1db

SHA512
a021edb6a0ab03b2d41cab60e371c89fffeb85210c9eb1d5a8f115f90b76763e734aba1dbe232ce76d59480e1b8f4548228bc8b866e56cfb7c0676893ce04c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
99e79cd79a163e14c149540cb0ffdb2c

SHA1
f97095153d306f383a884b0809ac4a8659bcaf1e

SHA256
e80f6bfa696cca0b503ec901ffd7dd2c8c81407db7ed28655422f5a7211edf3d

SHA512
a5ade43da3e1b8f176d8ac36c15a627389f61be86f2470a10ed2647c5d5f7d535d44a2041a2a03b2ef9f49dd679caa0ed6fe3539c9141bade2c2c90a5881f65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
68c5f827ee71510595c69dcb231d1664

SHA1
6c6dbebc4a3b7145d121b08ad03084af4d57c4e4

SHA256
8a2646cc0dc5615729209021d774295345be09ae7c76d630dfb7d347ee3eb487

SHA512
7d37f414b0753bfc88f6de0ffd0f5310fa7e08787203914377bbc98e531c0fc0564b29adeca1a8f8d4551aed74790c80717ef2758e5b0deea17d2b643aa786f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03abed3ae6a00fcb117dcd826e15bc21

SHA1
1ba18bb5e722f4acba9388a771b3567edec2d7d9

SHA256
f71170ea6b7ea3cb760b7e9ed351370a0a15de53ce3d32a013333b2f4101f2d1

SHA512
7fc4036c9a30c5ea724aab3d1b4f5793ba1a7acb880fb0789ae385d97a196a6f28cff4346da98eb18b2a88360d2a349e23000798821cc28a15af643091f39c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a7f5970ad828ce7afea4301f211f526a

SHA1
894dc21c31cad3f447514631e1fd64dca6a79b1f

SHA256
da8134f144220448c770c4b641faea77ed55dbe0f90cb06971636175421b5ce2

SHA512
39ddaaa8d750038118fe3077512598f6a1f80c75bc6e98c03f0c1f9d9d1b14ebbbc74934f57479696f8e020153c76d057591be62761c1f54b27c005632d07f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit