4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

capcut_capcutpc_0_1.2.6_installer.exe
Size

2.2MB
MD5

c91e097550ea6ccedf592d8b83414e0d
SHA1

021f3f26d86f98af28dc987baad8714f64867207
SHA256

4a9d815f284adda187982e2b24da2beaad860739bc4b4cb1cf26408e7c221dd6
SHA512

916898c9850ddfcd2c11da7421eeffc4d48406d9ad4787a4dc572ec17a81a39edd30733aa8cccde8b31450ff8031e3da68be019a8a0eff50c0a17ed4fa0aa3c9
SSDEEP

49152:uGVKq6wrr98ArcTTuVMZCC8GYCNbFLg3dlXI5x8oaigMv3Dh:uGVLprJ8ArnVMZCUPFcNlXID8en1

Score

4^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

Processes:

capcut_capcutpc_0_1.2.6_installer.exe

pid	process
2340	capcut_capcutpc_0_1.2.6_installer.exe
2340	capcut_capcutpc_0_1.2.6_installer.exe
2340	capcut_capcutpc_0_1.2.6_installer.exe
2340	capcut_capcutpc_0_1.2.6_installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

capcut_capcutpc_0_1.2.6_installer.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language capcut_capcutpc_0_1.2.6_installer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	capcut_capcutpc_0_1.2.6_installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

capcut_capcutpc_0_1.2.6_installer.exechrome.exe

pid process

2340 capcut_capcutpc_0_1.2.6_installer.exe
2752 chrome.exe
2752 chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

capcut_capcutpc_0_1.2.6_installer.exechrome.exe

pid	process
2340	capcut_capcutpc_0_1.2.6_installer.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2752 wrote to memory of 2576	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 2576	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 2576	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1720	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 328	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 328	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 328	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe
PID 2752 wrote to memory of 1380	2752	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\capcut_capcutpc_0_1.2.6_installer.exe
"C:\Users\Admin\AppData\Local\Temp\capcut_capcutpc_0_1.2.6_installer.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e19758,0x7fef6e19768,0x7fef6e19778
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:2
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:8
2⤵
PID:328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:8
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:2
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1140 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:1
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1204,i,4140534198272159946,18323225242259655556,131072 /prefetch:8
2⤵
PID:1868

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f7c7688,0x13f7c7698,0x13f7c76a8
3⤵
PID:2368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\51c17831-5829-454d-9ce2-8f04d90c1a5b.tmp

Filesize
337KB

MD5
4a57f53cb5600b04c096bcf31a2961e5

SHA1
bf539d83017a503bd5e8fab8f905df3d73eeadb5

SHA256
6502ef9718c67e5e6440d0e429d64073d9ddf6edb7911489be572f0467ffdc23

SHA512
1fd064ff2ab75ef29e3d536e7f38df0d9cb9d68660e0bb6b7b1b7e5a2feca8b48d8df9e00c4c35a93dd35bbbc8598676461fbcde2910b2a04c245c6c16e6fb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
\??\pipe\crashpad_2752_TCMVSGVFXLGSQPSC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nst98A8.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
\Users\Admin\AppData\Local\Temp\nst98A8.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nst98A8.tmp\downloader_nsis_plugin.dll

Filesize
1.2MB

MD5
f181413906a465fd0dd68cc4a3d98803

SHA1
5aa28be48047dd0b672ab98d5e7cbd8260486b4b

SHA256
e28ff7b8fc4b1eb2d1f394ce15de2fc031cda58db645038c8c07581c31e79dda

SHA512
8d0116bcbc3938b2ebdddf77dec87e4b6c872382d20b555571b0bc3e4a35f88d16bc450004f875a8271165b71bdbae5d4d474a5bfda4c7787da63f4325009c25

Download Submit
\Users\Admin\AppData\Local\Temp\nst98A8.tmp\shell_downloader.dll

Filesize
2.3MB

MD5
c052c0a2ed833d924b7799625413ac1c

SHA1
bdd08a29f4de283ba0eb3cda4abc26f6e85d4d5e

SHA256
098972cf9ddc9d574130e025a252a99b278de9cc0ae700acfb8c935c24eb1172

SHA512
89e67c29d5d8a401a70a5b572844f24bfde82d5d4259ecc5e6f12be0ddb434995a2e985914fc421973998e3fdc48b133e269e8bb1da513ec66199f01060162f1

Download Submit