hxxps://is[.]gd/oOxidO

Analysis

max time kernel
44s
max time network
35s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22/12/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/oOxidO

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133793746573922594"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 4496	3884	chrome.exe	81
PID 3884 wrote to memory of 4496	3884	chrome.exe	81
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 1124	3884	chrome.exe	82
PID 3884 wrote to memory of 2640	3884	chrome.exe	83
PID 3884 wrote to memory of 2640	3884	chrome.exe	83
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84
PID 3884 wrote to memory of 2396	3884	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/oOxidO
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffef5ffcc40,0x7ffef5ffcc4c,0x7ffef5ffcc58
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4360,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3416,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3984,i,972184022746192110,2998250361627382771,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3644

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7e8323e8504ab7d74ca630223352f221

SHA1
6aa79031a12057cddec05076a70fe8057c5c2aa2

SHA256
8e2f36138595cb739ec7f49a95ab58942454052ff48667301580d134e44ecd13

SHA512
14f830d115582f5bdbc00cc74316d48f6fb9949c2332f26388f736c296cd087d2e07dada72a0c2419917396e4bdc7b7d6912e29b59542608620f458fd84a28e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d1ecf2c46698b9d1dcc3a50108e0da5

SHA1
aa53c997373a0da0411054b4a5242770710f7911

SHA256
0320c68945eb75e3221a2443bacb55908fc3d0d4df5eb8209b5579f80baf7a82

SHA512
e5c956a6118c090572384a09bdc7540d87686b66e8a673c5e7d6c77a45a579949e0afdb84464f28affaad3107f98650044d0b25c3dd91ae594024610c5622377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b8c849db4bedcd3b5b625f36a1ac8bef

SHA1
b691bb41714ab12487e82aea2429b1988eefd4bb

SHA256
d7a4ab8a85436c48d22a531c9ac9a764eeff22ec7285a6f8c74cab09bc709756

SHA512
ceadca14c58b042fe7a3ab74ab9f2909e55db0c0490a94233f5589add51012369442f4f5669bff733c8217b12245598593350e8ca95f45eadca039acc744483c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f74e843448ba6ce2dd9762b950ea15d4

SHA1
d28e4f6ab00449d79f4da1484f757251fd1d8c05

SHA256
5286012b5282eb8854d3692760e893b7277f509b88b0d8320318eda40d7f53e9

SHA512
6e2f9cd979fc9d7fac9efd9a844b7c4d4eb8fa8ec7083db75288e216880f60e7a903c2a83a7f9aab71991d391cd56d766d968d3a539a9675fa32c0c53fb7009d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a418f91b15940375912347af73d33761

SHA1
f698329050f084e3cf535eff6d732660a4125b11

SHA256
12a66a5106100f467394762b551d30836aab7ccfc36cb8ac52a2eb0c07d02a30

SHA512
ddd08e0ff392188f67afb044eeae7846764fab9c44c6d2995f3c8860c1b2855da4064c429735e4bd708d6364d238848b6766476246ba391b106f557e05094abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1cb742f5ba5b30d8753cc95db7a22982

SHA1
4973f71184d010a09c273575d35b0224059a752c

SHA256
0d4ae91979414a5092312b3b8eef085a541fccfa5d648eae3e7e22c7ba7b45ba

SHA512
0e9665a4b03a4cce102bd87d9b96537fedf26f81d50284102825a0d5ee99589efc5fbcf03135e3af12f29b91761e728c7edd793a93c58be67ce2359db4ba40ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ebf5b3ad3b52361ff80ce19c134af7eb

SHA1
ca7c56c4ead23316381333203246657e4f341833

SHA256
0f36aca5ab6f93b3fd8e8363929cb6815e42dab422a89fc4f602563e74f108e0

SHA512
ec300d674e432249da568234b4ec41bf15481af1fbb8ac11e9152bb77b2bced0470a982ea08ac7a85602a27f80db3113399319a8d0765bf6d7e1ed25d44734e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2c50c9ec7c6b71336601b31e1972357d

SHA1
8cddfccc16330a746529f907675e2925c95da781

SHA256
9acec06eabf372eb36ca2616ccb1f4384b817e97ef667476225fb0bf0735a970

SHA512
e3658f3807168fab1d1c770d77f9233cce3218f50e2270c6535cb964ce54c555966a241ad129d7a15ef800386dc133da8b1af6f303d98b21b325c23af3d5894e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
da4cc0ba7bf8b3b045029d3ab8634933

SHA1
a30e13a1e0e00efcfc0b8134f9f707c1da9bdfa7

SHA256
b8c01a806314be66e0926aa31d3c32b24335f511274c31d4fc43cf608ce68714

SHA512
25322bb5a23cff927be9809b317c09ef1c42bb377f2f5524eb8f5084d52f92c3a3ee767020373877b449813706f904b8846f301ae047011b91f9b2b56b532699

Download Submit