hxxps://drive[.]google[.]com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?EA2vWfd4Cq

Analysis

max time kernel
68s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?EA2vWfd4Cq

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133667847471748628"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 820	3748	chrome.exe	86
PID 3748 wrote to memory of 820	3748	chrome.exe	86
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 3564	3748	chrome.exe	87
PID 3748 wrote to memory of 1280	3748	chrome.exe	88
PID 3748 wrote to memory of 1280	3748	chrome.exe	88
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89
PID 3748 wrote to memory of 2504	3748	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?EA2vWfd4Cq
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffda4d3cc40,0x7ffda4d3cc4c,0x7ffda4d3cc58
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4032,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,18445499484382285843,9999931929779659228,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:1272

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
86991b7d913995d2e10b27c88e39f24f

SHA1
469ac0d04f74e6ecfc6cfc8ae5df2331d4941768

SHA256
67359de84edf08332d71b42d0e64bc3f756cd778afab31ba6cb3e8fe6433f000

SHA512
aadb8cbf01cf1c0c28a927f1f830773af997e3c3abeb41394e0b69ee0cd3758809abff0c0e10ee53cb6301e1c8c4d2011612f3e08709a53444a353e5807219eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a80a15d94b602203db79ab21f199ac54

SHA1
fa905beba7b56e637e8ab709579a8a91e66133f6

SHA256
8e5fb05a0e6165bcf032074d6f78d0c4d0da250505a4a061c03520abc11470ce

SHA512
25e31e98b36cc32a140cf2e78dba7e04beace85df49f7d6be5db97aba18e9400718edd1739636b77518d3158f9645d6267cd703b3caffe2ac96501b1b350f7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
4a13c4d97b443e11935d33627f691047

SHA1
6b7ef8409963f0286fd08ca5689c73ccc04440f3

SHA256
c7baaa49e63f7667a4ac333ca7da16180b392fc6db042eb5049ecd9b37167cbd

SHA512
263da18def17b458aad4b225ed33b271a41e3089284686f3adbfc342128647428d99738b9474f5735534390ad393eb0f796e92c2c3ce42b6e3e55f5a80026f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d604bc00c0705d2b8827ce34b23eb901

SHA1
6d97586fa64ebf45ca5ef5a9016b018da023f727

SHA256
50fb778e7539fdec0c0490db23e174d2e63b63a6db2437ee285003fb05b1813a

SHA512
7089d473496f7f6e86bd4e5bd987cec0bdb864f9ece1aa5bfe526c20ebad2e90f0c8cec7b846e29fd00573433f9c8e4402163faf8308cf7b9b5ee82cf6b16f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90b6798480b5711ce01dd6ac0ed3f14e

SHA1
b8fb10ecfc76fb805a4878a018d3de7ddfbe0a99

SHA256
2ac134e1950bce6d15f6cb3780b1b9a9e7b22c60ac5b71407440c607e8f77b27

SHA512
b91c53e851ac87327080f2a71f1fbc859ea1baa78d122eec085bb23d2455fcd06e6d4eaaf31027dea4273a80ffcb580324fad71c557a0c5da166e27e21ef136b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c775c3727a2e457478a7044b5e895cd4

SHA1
56d5095c5271e057581f561e011ca141dd9b4161

SHA256
93abdc4c5811f7eda82732e1a71bb884a0fcc819c66ab3b625b404ba175f043b

SHA512
fb76edfba1e06a3aa3ba0259c6be0061deb3a9165b0232f9bb2053a5810e17202f72eb91cffc082281974397ad3dd4227609a04073f63873fb984490753b4e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cfd4e517-0c76-41f8-829e-9abee83b6652.tmp

Filesize
9KB

MD5
4c91f6d513e7c9052bcb0a1d1b5c988a

SHA1
6af628b3fedeb2d1f60f367ce4e0d703a6a6f60f

SHA256
d2f1f5971fc323eaba5c61aadcfa2e5f0cc6d7ec0cc80ff3f6a2f65306e10df5

SHA512
66b7ecca2c15e5eb4d4e1f3f246c723f2ad4553a345d79eb4564e43a1f5819f7802a433fdc45d5024037488921c0247987ed337a33e774ccb7f3cf271c7e2244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
1a01b79266c418f225dc10a9320ffd31

SHA1
7b4bdaca7f53a4acdd2b24c27083ce808fc94ea9

SHA256
1707f60a8a95fe6ab59b2e74c2c42f7470c2de16220db206467d4d956b0f9d2e

SHA512
e55ae945e922596692f5d96cc46c26b4a05c8855d216703a5c96b8ed02b97994ce6b88f65445aa0bd1607b6c9524a8ef7a32cd7840b020dd465148ad98933410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
8090dfe72d39ffc9b3a8562d3271dc80

SHA1
0ba6211272115f25bd22343bbcca5918742b12b1

SHA256
6d74d36f719649723893fe1e4d087d9f26f3bba99308fa581c39cb784c052c16

SHA512
9a66b272d25d9c30979886288a41b3c1cb3121bda835d53f23787f13efc549150d1e24c233ac883098d94ef84ec8d3db2911f7c07e86389e9332b88c3be73630

Download Submit