hxxps://rilsecure[.]com/auth/?Drive%3DUsers%26Auth%3Dsadsadksadsadk%26key=50597041001037718154

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rilsecure.com/auth/?Drive%3DUsers%26Auth%3Dsadsadksadsadk%26key=50597041001037718154

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703354648361282"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 1580	2724	chrome.exe	86
PID 2724 wrote to memory of 1580	2724	chrome.exe	86
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 232	2724	chrome.exe	87
PID 2724 wrote to memory of 1412	2724	chrome.exe	88
PID 2724 wrote to memory of 1412	2724	chrome.exe	88
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89
PID 2724 wrote to memory of 4740	2724	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rilsecure.com/auth/?Drive%3DUsers%26Auth%3Dsadsadksadsadk%26key=50597041001037718154
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe5fbbcc40,0x7ffe5fbbcc4c,0x7ffe5fbbcc58
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5060,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4912,i,3312777784111452306,1345984651781398907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8bd1b4ef42d7467c363d12551549f4ba

SHA1
e8934c4804d96d521a501b41b9093f3bfc1da027

SHA256
f1320564ace6606b2a7cbc267899762de6925cf8252c16237311aa2c0ea43ad5

SHA512
79817695271345848667a929ebee8245400b5d80a15e05576d3f5328ea3e8eaf1bf2c60faea7394a984cee92dedf75a2547b502ed0f9a2258a293ed9a4327bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5e1b46af0a4eb2fd0d01829e1dec4292

SHA1
e2e68c5de661be5dbb0fed8cd2754317249077ba

SHA256
0b92c9518398bc9d43c82b0aa1492ce18e154f7b0f6c7d2a49836004f34f080a

SHA512
a1b4484dc624d01d461779a5e30a0990e82580543887cfc5645b6239dbc961cc64ae864698be9ca62f5ebeb08078fc7fd73b4d452b5037ff2fd69257e1c0616e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2b38aaa8c48d56a5a65caf34c58b962

SHA1
cd6ca812425c85ca65d22ee43900d39123cbcd8c

SHA256
88975052682b479f8e6fbd6883d60df4c4454f2949fb4b19f1e83cb7a4522f5c

SHA512
f8c782d848fff92479dd1ded52a2851e30cb014f93a07341740221921bd34c674d3ee1863c479af430c914bedbd67de5c95a9c99f314b6e04b54f0ac24583ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3d114079f45e902dc8d1cbeeae181c8

SHA1
dc078a43689cb7b04625bbcf1bbe1fbe6acce1db

SHA256
0c355f644ef66bdb8b4742adb5f63748bdd3516c393bab4d5c1c9046078267d6

SHA512
006714c0fe6d046c12d1d4b7c6ac233ee9cc5d7e22783289feb3d7723c4beaa288c83316086b7f71b874246ec044352518f54a66b0efef4aec742df30f826e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eb81d49812593672ebe997b586dd379e

SHA1
59c1e3eb68429b0710c9bc78ce104426d519897a

SHA256
5e581918f3239a85710684b568e13c6a0337147ddc302e66acc7f7241abbed38

SHA512
d8edc1b5eee1a28ac5f83d1424972be23745e69f22f3718b3ca0fb10e0d2fa64717626f29ece7e6c5100fac1ad353b913fac310e2c54e949d4f51943e3074239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
adcd8ee4453229942c3929c176cf68d0

SHA1
b3860d1f5cbc272e6a2e8a57719caac75034ac5b

SHA256
f9ce906c8f8a997dec50099fb051111df5cbaed35436e4c78c01b8322fcca862

SHA512
67ccf88301f5df703a6f81f31c8be03a0b49844cbfd923235c5dd2c40dc6288a5227ac99a62a88256151fd23575eef942c7ab271e0a7ee6ee0cf7fee2cfb6804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
586f0395a46a5aeb0454ea4a84d9c283

SHA1
e946ce19f097ffe55c7caa077e820118d25aa19a

SHA256
ffe8cbfd580b93180da698b4ed68ef3b57f5686e31add612736ad0196e79d1d1

SHA512
16fd07ccb075a19ef5b6dec50291a9b744bd1b9c065e3a2aeda3a49702ea449866ec2317c7def9fda4708b7fbea46b32bc5230050c0370254cf9d201d2750c54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit