hxxps://drive[.]google[.]com/file/d/1g1qmlwDxGo0HP3x-pKGwF7CLLfIgOeV9/view?usp=drive_web

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1g1qmlwDxGo0HP3x-pKGwF7CLLfIgOeV9/view?usp=drive_web

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649799432924984"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
988	chrome.exe
988	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
988	chrome.exe
988	chrome.exe
988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe
Token: SeShutdownPrivilege	988	chrome.exe
Token: SeCreatePagefilePrivilege	988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe
988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 2844	988	chrome.exe	82
PID 988 wrote to memory of 2844	988	chrome.exe	82
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 2072	988	chrome.exe	84
PID 988 wrote to memory of 4116	988	chrome.exe	85
PID 988 wrote to memory of 4116	988	chrome.exe	85
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86
PID 988 wrote to memory of 2980	988	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1g1qmlwDxGo0HP3x-pKGwF7CLLfIgOeV9/view?usp=drive_web
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb9e6ab58,0x7fffb9e6ab68,0x7fffb9e6ab78
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3536 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1900,i,16411041752794602945,2218578916110387867,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
28KB

MD5
7f5a5d45ee4ea0bd1ccf5178c63f43c0

SHA1
71cafbec33de805f8c65c04ab40a7fc072420df1

SHA256
e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a

SHA512
11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
763bd3df15b350d0dfd8481d278288b1

SHA1
b3e50ba702c755584f31b6bdb19af9396e58dc6e

SHA256
abb142a8c3ba83b104180af894779d651ba26a19cb0e8507e7d9967343aa7d48

SHA512
0e48fa026170326ff82a840a4faa3a3c3d1943ad69b6190852d768662d630cdc6556b2631cc714b18cc81131aedf98a8763679db7a6bbdcd78a92dd04b381e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d8f3efb8cf080efdc5a40c78f12cb4f

SHA1
27a92e19a943e0aae455b6030bd843e3810bad1e

SHA256
bab2aa519280a43096acfea254c31f22cf0293625092d10eea861795244ca4f5

SHA512
66c3255678203f81a80f3a0ee5e5298c9c38fe8be307b9c9615186dfcf229cf8288c9ca699ed3e9b8455f6d4668431709b79e688ee5c2136bd1f49b032d7f3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
90aa91e769727830308108462b6fd280

SHA1
a1874a4b00b5882a83b322e0b43cb009dcee77eb

SHA256
67acd5dbf8e78674e9eb4eedbad208f33f3ecd8319f732c25a87b5daca018076

SHA512
bbd00b8056931b8fae69b354f2d5521d4a1b8559e93610869c42aa13b64be885ac796b72c2b6c4300649c2e62fc0f6d0eb74646128b2c109e425eab99a37e822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54a1373874b9e689db2c2e9f3ffe39b2

SHA1
3b03a98efa3e5f4058c057886d86a53300003e37

SHA256
4c8a026de061b31950e6304e77b53e6a6071cc15639e9320eec5087f3ddf3523

SHA512
b53bfc9c3731056129fc69804b8efe0ab4a8f20433d629eb23cef324b6d42e81e69863709e3ac69f2877a8f3ea13473ea50265f97f9adaeb9b80da3cea554d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1da1637656776f7473e3a61f7e624edc

SHA1
e50564c6d05fa07338c8a49f35a98dd6e219eb72

SHA256
4e970e29a0ecb114cdbecf2dd39fa54375a1e7eefba3ae0bacad6f6b897466ad

SHA512
344bd88b0df628ed4252cc5122addc07c687db5f4a34215527e2c27f57248397f06f953226ea5ab825bcda3dac7a431714115bede1cb42151345537d43df49c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2d3f89cdffb3497aa797346f80a5ab88

SHA1
4564b96afd1f10949199c2abd8e2ed82544cf3b9

SHA256
47ca138f961a7a00f524781ba67eca44187d60f581aff428536a45cbdcb9af6f

SHA512
695c5d0a8ca4145884b8d72381f1276b2a3d4b2ef4081cc381cdfc420a1b0d80ff5ddeecc9996c4493d0d2082f9c3a959cd93661ad1532d231533286db6c3a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a3a348ff7afb051cd9762a7abd9ac6d

SHA1
f27b3e910e61a47cfafa128c3652e8d90549c97b

SHA256
a60c2848fe1d98667819afd0477180bf59d26797f67ca17d1a6e8be811d7d565

SHA512
16c4836df027e831953bf925a98d188c767b078597d38ecc625915829868f671b13365c0af65e97b4f13aa85470e425300a4b029f4f9586e6561817825e1c1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
f88c78559117bc525a3727d0db2f0091

SHA1
e2d235afb0723f1af6077dc96f429a25253685f9

SHA256
ff81b7ea7850724a7b994d07c2b27542ec40c60aa8e7ac2b387e2a2f39cb864d

SHA512
19897e7066f283e779fb51ac1b09704dae5fa651fc74dbac93c4df894f9a19537c4746e25898f668faa676fb67b6a2453c0636d7921778584d2940ce5007d4c4

Download Submit