hxxp://[https[//]www[.]roblox[.]com/users/3025021853/profile](hxxps://shorturl[.]win/e/6dyqN_nDbkF7)

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-08-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://[https//www.roblox.com/users/3025021853/profile](https://shorturl.win/e/6dyqN_nDbkF7)

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670216016524901"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
2332	chrome.exe
2332	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 4552	4208	chrome.exe	73
PID 4208 wrote to memory of 4552	4208	chrome.exe	73
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4252	4208	chrome.exe	75
PID 4208 wrote to memory of 4780	4208	chrome.exe	76
PID 4208 wrote to memory of 4780	4208	chrome.exe	76
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77
PID 4208 wrote to memory of 3004	4208	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://[https//www.roblox.com/users/3025021853/profile](https://shorturl.win/e/6dyqN_nDbkF7)
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff844239758,0x7ff844239768,0x7ff844239778
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3572 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=2036,i,17071070008952773119,13947462181984936987,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\13605166-388e-4ee0-bdd6-e8ac21e5406b.tmp

Filesize
136KB

MD5
09221d7d7ea569b1411edb3e22183bb2

SHA1
9552fa51e7810fb90662455b435761c0b9258907

SHA256
a117654d3c9b290d370e9a4205f549b8412e6c58f7bac55888d557d5c03d8209

SHA512
e361f485edd0eac3f902777bef8b0073fc9e41d40eadaa3a41ca3c7890ff843873ccac2343896390ac1e1862f5993c1c3533c1b6c5b38ed488418114fc048de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
17415bce50afefb48abe2558b0c58859

SHA1
9ccf24459f6cec8b3bdf6478ed4ffbcb435b4779

SHA256
3d71f72236ca03ecf0b9610c88b14f0028396da1398cde57d1d73ac0c53b1a45

SHA512
3ec700163dd1758e3466c2840ecb1bb4927d9cf7dc8b76afd10a529a597ec5d1fd676e0fa16802ac3f84f7853a74074eb09b298a758010ff3c3bd3057f7de535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1f8e388dc0f28bab0509541af94aa406

SHA1
64f1e8260be98085e714a8c8a6749d2ea839a097

SHA256
8f7cab786732128011b3f95fe7aa286b3e69869456a8c3a92c3d4b6e9e60f021

SHA512
ce2eed0e67a61bac19dbbb056d53d0069357ebeaea0d4f7251e54945ae55e240769a643c57db9d5cf94cf0d24a9bd54fc479984f23e37765e0ace3be1bbf71ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
633B

MD5
fb734eb4450bc2e044eae2329072bf0c

SHA1
3d0d56df8f2c6e79f44faf89816799fbb819c5bd

SHA256
eca34b95e0c2da2ae9708071594161c3925c54e05f53faaaca9f1e85e2c7364f

SHA512
dc5eb5baf3e5d7a684eec2d6972e60afab431f6f8e728ec5b1e1b535085665892ee342ef7c820dc57f014da6f44521847cebfb0fa2dfe4a811ff06fb8671b29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
802141d0ecfe0c3e63df3dab4ef5324d

SHA1
7d3b0fba826e50c2654463c4025cb2c6d7014643

SHA256
5c0487edbe4984645fb3251ddca7842bf64f16f62449b57d368868aeaa01a4d4

SHA512
79f2731a8ce30fdc4ba36e9700469bcfbf96362b418014ce62e5915f01068091dd1b7c96e4dcf314581df3faf18061ace03a55ab3cf2003a7d4ea18493a3c021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
862dd58b1b9f4fc3aa187f397f42c955

SHA1
c0454a9e2798944a79f3d0c83e320b3012b1e791

SHA256
3171f731c1d0247cad07c738f0147cde2085903d134c776615acd539641b2e2c

SHA512
1b914a86e934326ccb69f42f0697022a008bd5304982fc4288a8165607f59b4e233c3804c3f006e47fe4bf3e860805126afbe70b8f9576b0251e0984bb2817aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
36b1b4dc9f77ac8e2eeee69870cd050f

SHA1
388cdcc00de0304e6835b010297c51c9922db355

SHA256
36dc2b92461b3c415b43576d34aba694775090663f483db52b376bee578ae40d

SHA512
d0a306e36a7a1fb19c7fc82f7c7e293c7321d5d3108efbab09fa41e0ee5467fafb1f70cd2b7e958b745c76d8a97355e1f1cb1ee6df44f238624a226790d163f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b365fd69b427fcbe2d0aca4898205805

SHA1
9e2d8f86ea328667473cdc9021e97d6eceb2b7ac

SHA256
6e73f71c16b9f6497f943548b09d6c088291fd975f45524321f9eab82029d1d6

SHA512
1f429c60de396dada99a6b24248d7f1bdb2da44e5758f171fa4cec70da0a97a5d78f202f59bc7658945be09cf5f2345f22cde981198eafc4b211411c28f02538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit