hxxps://www[.]youtube[.]com/embed/ate42UwuGes?feature=oembed

Analysis

max time kernel
73s
max time network
72s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
11/10/2022, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/embed/ate42UwuGes?feature=oembed

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{907BD227-494F-11ED-9424-EEEC0CAA4C60} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3112"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2908"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1855443431"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "769"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "585"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1855453406"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3020"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2908"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3020"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "591"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12277"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1993971702"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2902"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "503"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3112"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30989660"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "503"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "372249134"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700b70695cddd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30989660"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "503"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2908"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "500"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "500"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE
Token: 33	1548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1548	AUDIODG.EXE
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE
Token: SeShutdownPrivilege	4848	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	4848	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4576	iexplore.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4576	iexplore.exe
4576	iexplore.exe
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 4848	4576	iexplore.exe	66
PID 4576 wrote to memory of 4848	4576	iexplore.exe	66
PID 4576 wrote to memory of 4848	4576	iexplore.exe	66

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/embed/ate42UwuGes?feature=oembed
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4576 CREDAT:82945 /prefetch:2
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f18bd55f555544f6544ee8a28d04b25a

SHA1
7e6fdd9fa20daebe08845a1d2ce94ccc166bda95

SHA256
e467eb9da3907eecbd83695aaf3fcfbf5dc4a852fd9afac1faa6261e033c4be5

SHA512
0b2163c96a39d67d1b9a1dabc7d70013f8837c598da1ecbc02fac239d0d9c2a8ca53a3fe640c5521ce6169e290a4b5f20ad2d1dddb18993b2c7f643d88bb1ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_1ACD2B4A039DF3260017F7BF28EE7323

Filesize
471B

MD5
0fa37076cf716e45f8c7d4c9d3763ec4

SHA1
b5e15dbbf63afd38dafc5681994078585c2974a6

SHA256
819e659d6a167e928acd75ce791dbe29c4ad44784b47a5beb0376cbfab59937f

SHA512
fbd25f89d66e84812dde04e51426d887d22d8aa1002a9a273ba0a96372f7752accd7ba075e62e3d146e0809358cd31804df97c08db0663cf41827f311d6d8473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
2855eec0b42fdfe80b46180c9d951685

SHA1
da7716438b7a76040aa99908f6e6b38175467c54

SHA256
2ded955db4cac5056e9a647c197c6f555764a04bad37a52f10762d2975906834

SHA512
faec3aea18a5f43dd3048affc00145c15fc11acb62947474c7e9072b0e51b21af872daf13333c721bc3d9e3b69ef4fc4d4742e5411437a1851d5a88490eedb20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_1ACD2B4A039DF3260017F7BF28EE7323

Filesize
414B

MD5
15ac6bb8af825445b7cd63910b5d2c65

SHA1
e2f76b50fb1a42a3cc10c8125dce1f2b73cc4d86

SHA256
e49ead8503a05e372a10c68834d213da747481edba7b5c3ae1925af8f731ad3f

SHA512
bb35171e6acbf9336f43b48a3507472d8ee8ad366b8a1ded0bb101e0c60724c9ea24cb87fc9e14cfe29f84c68f79a990187409c91f7ff0dc2b39666ac36cfbf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
6ee025a383d818e7aa28497d45f68116

SHA1
2a42184e5ea67aa9001665c919435252d8aa5977

SHA256
0d8cef784788884648fa759bd5a3bdac161d911d7cb6e99ff924746b102738b4

SHA512
b36d48031baca7e517800924b4717d699fac380e2f8e82998aa77a812c441d30d621ac70cb8f9827f5c48d138cc95340f0506dae4ba01d130862f4654f68b772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2SX3ZJKA.cookie

Filesize
610B

MD5
e7ae5d36b1b06dc9b0135bcf667daf2b

SHA1
9bcda5e62407bd6620ee96556469eacce7d5cf71

SHA256
790f6bd00cec21b42d81d41809a51d0d0e5a3f30c3f707475fae8c9a45daaae9

SHA512
447b0170c971262f37ff689007578fa6b0b93ec85487baf1a1d06b13c4d5aa7d7bb55553790a04caf14c16d6d778b1f672619e10b204eac6f770d7c225f89475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PHEMRL2V.cookie

Filesize
611B

MD5
e568eb790ec7da7ac285df85ac7b95dc

SHA1
01d745f44e898f29074c1306c8f9b4e9d6b08dd0

SHA256
16de9994e8f70865d6cfffaa560497e70cfe5f1e414a147644855ae2f50ad8a7

SHA512
93cc42809210dc956e887e642a51ef192911884873825c69649c79d640c5b274a3f7c2b33f804dfb911a54bb3db4442769cb990b6f6ee6c6b0169cee317d0a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Y07OTHI6.cookie

Filesize
172B

MD5
ef4ebdb422d0102667908d8e461465c0

SHA1
682dd17a2a9df82a688b4c6919e9505c0b1af01f

SHA256
c9bd90fef9dcd245e64455f4ebcc9cf31b8aabfdde68e3b7abdf4c92c445ff39

SHA512
e54265912dae93c7b915a6f768a52966c2dc88cfd2c2b0ee7229d23025241303a19453fc0190f980aec0bc53fbfc08cd340541ded4686848e63f3f33c55fd673

Download Submit