58e6bb9d08fd250c1defb7a7a7247993b4ea349518ba877abb6364de85029e04

Resubmissions

02/09/2024, 16:36

240902-t39qdsvekh 6

Analysis

max time kernel
104s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 16:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

python-3.9.4-amd64.exe
Size

27.0MB
MD5

ebc65aaa142b1d6de450ce241c50e61c
SHA1

7aec64d315525006a44952ea7a046ba67fd2b908
SHA256

58e6bb9d08fd250c1defb7a7a7247993b4ea349518ba877abb6364de85029e04
SHA512

a8618b41b357fd5e53c3af6c287fd79a5038e60852ab05c9a565a915d4cf8b143ed873fd0dff9bba9aaaf95c149836bb5d7ddfaa0dc545c11f055db684930b16
SSDEEP

786432:CqjBUaYNZvFj4bc+evbewowr4+vnh3oPRCP0BXS:1qhNZv2cnvAwr4S5YnZS

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2856	python-3.9.4-amd64.exe

Loads dropped DLL 2 IoCs

pid	Process
2716	python-3.9.4-amd64.exe
2856	python-3.9.4-amd64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.9.4-amd64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.9.4-amd64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 2716 wrote to memory of 2856	2716	python-3.9.4-amd64.exe	30
PID 1136 wrote to memory of 2848	1136	chrome.exe	34
PID 1136 wrote to memory of 2848	1136	chrome.exe	34
PID 1136 wrote to memory of 2848	1136	chrome.exe	34
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 448	1136	chrome.exe	36
PID 1136 wrote to memory of 1420	1136	chrome.exe	37
PID 1136 wrote to memory of 1420	1136	chrome.exe	37
PID 1136 wrote to memory of 1420	1136	chrome.exe	37
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38
PID 1136 wrote to memory of 768	1136	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\python-3.9.4-amd64.exe
"C:\Users\Admin\AppData\Local\Temp\python-3.9.4-amd64.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\Temp\{69645A7F-6666-4AAE-AF0F-9C9908A7DE12}\.cr\python-3.9.4-amd64.exe
  "C:\Windows\Temp\{69645A7F-6666-4AAE-AF0F-9C9908A7DE12}\.cr\python-3.9.4-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.9.4-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2856

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6629758,0x7fef6629768,0x7fef6629778
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:2
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:8
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2100 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2108 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:1
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2688 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1372 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1316,i,17999684538857082130,10479388707575280871,131072 /prefetch:8
  2⤵
  PID:1704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
082d82b75e9813fdb2405f7e2307e91b

SHA1
b5ae209c2b034acda0cd507f4969fe70b85feb84

SHA256
1fb70ca0b36db5717d543311a720dbb6e98c025dd089c4f64ad7626d8d2d1e03

SHA512
37be41c2b19e91f11a787ada6ff5e86fa15b9aeedec1eff6f270ed3319fee7e4725dc9880f929d45234d48f9894b4f501be0ff43ba805ded78f64b43f9736c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
513b27b84596ea4a183ccc787c4ce781

SHA1
c239d700a63d8e7e7a0a66fc83decf356eb1a12c

SHA256
affc86bbbf074701c147cc1d4d398d1fb00f30eee324b9509eabf5e525946eab

SHA512
102ddd917ceb6388b29100eb1cd1c9d9d1974ee6e094d78e98704614f6f2e82207abdb32dc405396e4223e5d290f935d03c3558eff349a8e9778f717a2d2ec10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Windows\Temp\{D692FE8D-85D8-4FD9-B241-B3076BE24F96}\.ba\SideBar.png

Filesize
56KB

MD5
ca62a92ad5b307faeac640cd5eb460ed

SHA1
5edf8b5fc931648f77a2a131e4c733f1d31b548e

SHA256
f3109977125d4a3a3ffa17462cfc31799589f466a51d226d1d1f87df2f267627

SHA512
f7b3001a957f393298b0ff2aa08b400f8639f2f0487a34ac2a0e8d9519765ac92249185ebe45f907bc9d2f8556fdd39095c52f890330a35edf71ae49df32e27a

Download Submit
\Windows\Temp\{69645A7F-6666-4AAE-AF0F-9C9908A7DE12}\.cr\python-3.9.4-amd64.exe

Filesize
841KB

MD5
93316e1ed7d0b84c66e7895a397577de

SHA1
680e30fcac5cc6165844fafc3bd1896a67e98f72

SHA256
27954f2d20e6fafee08b8dd17107be643f6f3ff444aa34c5df053a6bbd064009

SHA512
fc5a21fb56f2777c204fe230ebef5d2dadf3c119627093616bbeb45141a358330b526c5d35596a47f08d34768af1ae771ee9963f8e7dd8e8377c2835d2cb9ca5

Download Submit
\Windows\Temp\{D692FE8D-85D8-4FD9-B241-B3076BE24F96}\.ba\PythonBA.dll

Filesize
600KB

MD5
96b179c4bdaf126aa93a2441144175b6

SHA1
b3b4dec93ae7e984f42dfea152c0c6c169989cab

SHA256
8e9d3d0aeed3d0a92c09d3b062c84f6a3478b16d0c98b556226b2ad6ae7ea121

SHA512
d5449e88b7114267438fa2c19ae505c1d95a57cab351f5090fcbfabeb5369cf9637070bf85f54dcab3b11cf2882ab9111b9264bae4e5942d22fb33e26f3f9729

Download Submit