0142336b70c48182aa4eb64e6a65bca0229f848ff0bf3124e2c18edcf134afd2

Analysis

max time kernel
657s
max time network
1687s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/12/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-11-26 12.55.44.png
Size

70KB
MD5

ad5fa9d61df4fa38233473f60702a0b6
SHA1

8865d5c5e3626984a1b0a1945b6352f73a7941a8
SHA256

0142336b70c48182aa4eb64e6a65bca0229f848ff0bf3124e2c18edcf134afd2
SHA512

90c92850ba00fb0d2799f866cb2542963c989345608a44512d71374f826d250d0a401c5b5bbad0d9adfc61dfaf25e7377a87a4ef89a7b2c38c7265408094f0c2
SSDEEP

1536:AxKIlgPKYAyUpgezyqPsmALdOEb5lwhL83qraXim8dbEvQ:dICAylEyqPXAnGhraXim8dbEY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2216	2208	chrome.exe	32
PID 2208 wrote to memory of 2216	2208	chrome.exe	32
PID 2208 wrote to memory of 2216	2208	chrome.exe	32
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2736	2208	chrome.exe	34
PID 2208 wrote to memory of 2832	2208	chrome.exe	35
PID 2208 wrote to memory of 2832	2208	chrome.exe	35
PID 2208 wrote to memory of 2832	2208	chrome.exe	35
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36
PID 2208 wrote to memory of 2564	2208	chrome.exe	36

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-26 12.55.44.png"
1⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7ad9758,0x7fef7ad9768,0x7fef7ad9778
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:2
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1144 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2980 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3676 --field-trial-handle=1468,i,11583846884916251388,6296872688360254860,131072 /prefetch:1
  2⤵
  PID:2460

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
924583df5d8a42bc3b1a36d63fa00487

SHA1
d47465f74a92076d7e558b28257bd529a43946d3

SHA256
b0644c9e940d9d673c835162fc36016c426bb52868540d0376d7fcb22f3e21f5

SHA512
588efb3366e93b34add3d25ef9fb74297c47c9b971602e9bdc3fa4bf976489494604fe61065630eec856b95dd0a8fd6f8e86b356e90cd0229bd8837bc9cc7b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
808a587b5186bf5261f7e8d80c6882d2

SHA1
cffcf74e758581f0509adcecca1c37a583c3fe8a

SHA256
9d07609f7f824ea9635713936266c570abcf21ba46945d82cf7c31e9739c06d7

SHA512
dcc88186396f0f0ba6370af68ed9f384f9584f85ab822fc224dd08bc8f23a642af0e1129ce6d2152728e6af86d8bdf80869375722335d0e4dc8a7cc82120333c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
844955e6cd207f82b4f9bca396eff498

SHA1
509f53685120a58917f115f54921067c0ab22a1b

SHA256
4980aac68c73cf78ae6b1e9eef0bd59943dbafcd3a612e6c01ebf411db0d028b

SHA512
b68040d54c707efe7234532f67de087d01190fff190ce11628d4a105bc5bdc094a6b64b7c888283d96aab89033f04263e8280c89b17455bce5ba2d099f2757d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5ce13a85fae0d8a057abbdc910fd933f

SHA1
053d483eb0844c2d8cddfc593aeea08fd1569af4

SHA256
5c3a11d95cfac09ae6e20369b3740de9bd9fc9b588259e125fe79ceb97124b63

SHA512
20dfa74cb92b80cbaf12a76204964535726704cef8c2da50d8fac132e9a4e0cfe00b0a2959a6410dae41eb2d7a863629a7a6141c022c1e306dbde83616c11203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1a942b7e08959a2d83c6b8acbb5a5755

SHA1
3f3d7d5d04c754ae481c02d4ccbf1de7da77f86f

SHA256
e0029041505731c2ca10ee17b95c983afd1b74e733922aeb8aabdad607da1e62

SHA512
07bbd3b5736e7819826607f73461b784695a2a330b785176454c7ddfa40638b3e1b0e7939c62be3dace01e0f4b7a5ef1b373306a58d9d0a8ec9ef323db1235da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2254a7f86c166a12684a857ba0e414f6

SHA1
2357c57ed86e5d7c5b38ba80ec8f3b0034b353b8

SHA256
d0caf913415de38f1764a20896cd1eff62cc3fb028f969444fbee8a33ee920cb

SHA512
25843d389ed179dc469186be00c387693beb9e4999d5a7002d88d97964253632d198006831ca671b08f43b42c710fc309c20ee1aded6dac1f815b9c78fc9f38c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit