hxxps://a2u63[.]r[.]ag[.]d[.]sendibm3[.]com/mk/cl/f/sh/SMK1E8tHeGtwrHvUU7XBBnfbuSZR/utu0lxqHFkaG

Analysis

max time kernel
66s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://a2u63.r.ag.d.sendibm3.com/mk/cl/f/sh/SMK1E8tHeGtwrHvUU7XBBnfbuSZR/utu0lxqHFkaG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655401647175243"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 1880	4624	chrome.exe	82
PID 4624 wrote to memory of 1880	4624	chrome.exe	82
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 2368	4624	chrome.exe	83
PID 4624 wrote to memory of 4044	4624	chrome.exe	84
PID 4624 wrote to memory of 4044	4624	chrome.exe	84
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85
PID 4624 wrote to memory of 1748	4624	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://a2u63.r.ag.d.sendibm3.com/mk/cl/f/sh/SMK1E8tHeGtwrHvUU7XBBnfbuSZR/utu0lxqHFkaG
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa5519cc40,0x7ffa5519cc4c,0x7ffa5519cc58
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4524,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3236,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,5814664753796631404,44610033187142302,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:2248

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
147KB

MD5
14e38e0760463139441d7738b13eb1fa

SHA1
eea010af5a1a6721eeebf1abf524c84dd45f8ed4

SHA256
ffb5bc59820dcd37f795e6a49ce0579c883d9d748d21fb1a36332aff666c6991

SHA512
e0d50750d129150bbc7f09267070300932ab39e4a60c407bd84e6526e6b807f8a45d9269f8529108ed3bc4200bb0cd86deefeaad0b57b67f4f7c45179513584f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
643b6fad7963a2ae82403de7d5d6c2a4

SHA1
af29c762322718d4cf055c2c22c920154f807045

SHA256
a4da39d839ebb3181cc1a3ec1aae57a85bb9c21cf8f2ddaebe24a0cd5ac5749c

SHA512
5d2106089edd4b560024ce971ed0d163eb28c8a60394f0566129c4c6fa484a668b7c3c0d8f71a8eb5d760d62ac44e6e8027fee5f22b9b877afa99b1f13547426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
86a4ce727b9875e1a6a537612120ff27

SHA1
a5eb68875d81a84bd78371792105af90ff9b7171

SHA256
adc8617f75d1b6a841a953ce0e0162e21fd18849a9c84671953efc050ada9e10

SHA512
3f94ecd67e283b0d04f43ea9e8ae8b70758054937edbe1c03132b60aa7a7e1fdd3c50cabaeb1f471c21a5732d70e37e2d7a11984082f4ec1d6bc4fbee968efaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eaa42f5bd5d248fdb6ee56782c6eac7f

SHA1
3174f2882e700ffc7e8a764f2f6d0d133640bd57

SHA256
e328c7c6942a29b5dcc112aa881e05a1ac7b7a8e44d6680a018410fdb920d1c7

SHA512
f3b8750ca92bd053dd2a612eba487f85de66a551f6a1dde4261b15cea91a182979974a149ea69473020c610ab632f290d2f4206ab77a94507ac3beef8aea8dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f68d4004498a679148bf8540ae745c35

SHA1
7f995ac66fdb73805d4a8448bb704fd73b4ac54c

SHA256
5702be9245c0ea81adc14fb7bb62bd77cc3b1d3efe9ec3853e98d4f882cd6a05

SHA512
288d2de3d9689a62b4467c3f3f97f6ac80aa42fed15ef77a768ac7dc74710541c382f8d90fc432e691b82c1d69bd76506c1de87cb33665f441d8fc259cd02425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f74aa877b7b31a5a878adbffa6853713

SHA1
e5f53c3dd3ea719d333759771a23ac16ef840326

SHA256
e9ce79a9eb8f7db74b77e5acbfff14e48af2db4da372679669eab6f4449cf97f

SHA512
53947d1d2af1640c7f29143a59f1641fd1fe2e80548e4ac1ad252505199ee9f9a59f32904c42e41bc38268bfaa65ffeceac269263b02ac643af3020903b54e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
5057fe5e4bd5fa27a847443a29989aca

SHA1
ec747797e603cf2b9d771577557b139eed16e5dc

SHA256
df9ea7d4b9f800b5070e3d619ca319af61748d8f7349212da1f1cb5a7c4e0b59

SHA512
678cfeb4be997430bad03495b40b08c10f46915fc99015d31ca8044eaa9c4110328489feb35d69f194d7f195648bc1594eaac8cdcbb6d850e4a0473760b08619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
296923e4186843c6ae0055368d7b399f

SHA1
bd36238060ce7915082ff2e1fb88cb943010254b

SHA256
588b8039971d504042233ecf71efae8d49757e5d6bf62bb2e5f99637097da8cf

SHA512
aff598cb23f5c6ba031b3b5a22341e084f572d4e0a95956d99bc0704cf0d06e80c1a76c3dab92d6e97799ea9cf7f5baddbae9d63dc5f7a1b44dd45da84f24478

Download Submit