bbe7f3bc15429196cc01935295ff6a7867b2fc501d1896b01afe62fbce2ed314

Analysis

max time kernel
134s
max time network
137s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
31-07-2023 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shape_17.xml
Size

1KB
MD5

4eec7819cf526dc5a0ad47c4551a930a
SHA1

be218f9d9f010eaba1e97ec2b9aae39b913e4d8b
SHA256

df496ff50b4c05b3f18cba321d0e54c6baad4a05e4b68e6bd2c15c563b4ad101
SHA512

bd8497da284d26598bc6b25c2268d9651f6250bf0c26e3c96041fb1e8adc8f896dce19cc4ddffd5dcb68cc0fa2d49db853ed5cfecceefbf8bb6b18145e73054e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{378A6E01-2FD3-11EE-BDE7-CAEF3BAE7C46} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fc177b9287ed4a8181eac127bbbd6900000000020000000000106600000001000020000000a665602e3fc6510dd801d597d4b10f2435dff4c9be0317306f58a42ae288444d000000000e80000000020000200000008d48bfb21602ee7bf942b9bb9263217e8ecd7893c8a96d3538dee7ebac24c4c620000000bfa04d031d4cf9f1cbc1442b954aeebd192ac4076becd1339251df47c61bdf59400000002c00d61e8d9491cc73896ff677347744122c20fea8ebff22bf550a4d9135afdd95783c336adecb9ad55924037042cf06a39df45399734c83f33bdf17a4518cc3	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fc177b9287ed4a8181eac127bbbd6900000000020000000000106600000001000020000000be299c7ce4137c439b2332aaa402d99b89d3b4bf4efa20b25366db7433d3c671000000000e800000000200002000000043bc5dc47260b119ed6c7bedb8a470a9a30622bfeb3f77b7f0bd67b6433cdfcf9000000058a4f950e101dec6971edbcab97e06f4ff02c2271c6a57d88424f53513d3d0a64e2a30a3cbb43bd1f43a4e711ab755da052a4a54576393b628f4a820424dba430bb66eabb318ae9f858881d4048c004b950acabb0ca1d7cf570d4aed69f7e229c07a293c46e79642343c8a9cd11c3d4181ca6852dfbde016c10404f5a6822abffb16cdf75707b282edf4b90e3e5f3608400000005f6e22f46d284bd5eba8718668cbece9d380e9755910a0b808721b459a92733d8b89f1ed7792cbf759685af7d3a6e5734cd7c11bc9f30ccc6c8bb499f04242bb	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397594446"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f7650ce0c3d901	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1656 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1656 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

1656 IEXPLORE.EXE
1656 IEXPLORE.EXE
2524 IEXPLORE.EXE
2524 IEXPLORE.EXE
2524 IEXPLORE.EXE
2524 IEXPLORE.EXE

pid	process
1656	IEXPLORE.EXE

pid	process
1656	IEXPLORE.EXE

pid	process
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

MSOXMLED.EXEiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1856 wrote to memory of 2208	1856	MSOXMLED.EXE	iexplore.exe
PID 1856 wrote to memory of 2208	1856	MSOXMLED.EXE	iexplore.exe
PID 1856 wrote to memory of 2208	1856	MSOXMLED.EXE	iexplore.exe
PID 1856 wrote to memory of 2208	1856	MSOXMLED.EXE	iexplore.exe
PID 2208 wrote to memory of 1656	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 1656	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 1656	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 1656	2208	iexplore.exe	IEXPLORE.EXE
PID 1656 wrote to memory of 2524	1656	IEXPLORE.EXE	IEXPLORE.EXE
PID 1656 wrote to memory of 2524	1656	IEXPLORE.EXE	IEXPLORE.EXE
PID 1656 wrote to memory of 2524	1656	IEXPLORE.EXE	IEXPLORE.EXE
PID 1656 wrote to memory of 2524	1656	IEXPLORE.EXE	IEXPLORE.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_17.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8eeb6383ef8da98391753fdca6d41e2

SHA1
05adee63601e4e5f8ec5f32a5160b2002ade8ce3

SHA256
b41664a355b98823af75091a298f265f349b77784e77fd8a22dd253f10fc6792

SHA512
6ee573f6f04018bff132c343723c214d208c05f13ed7f658479a78ccfb9a7ac623e34cdfd17c381d01d0b9e64ab34dd640531402c8a7e73a0ba39e542a9ff402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
052cf09fb4977b23e864359024422fdc

SHA1
5391d4971d70f0d843c642eafda399b5297a7429

SHA256
beb3e0fa673250213c98479c831024de08912d51cf8821a64d0be5811745535a

SHA512
5701d20153ae5a74540846463f4f10fa1a274358d8e5658eadf41b201b3c17992feb36b79ecb9e6894a60dd4fdcc41ad8114f5d61d2ad72ea9f8bd2d7b879d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e13ff93e4d1fe33e48fd4474ff23cd49

SHA1
b9a98fcf447a517d890d04202a992cea65654911

SHA256
099986457b1fd5046dbca0722d3002b730ae48e82f8674b8da77bfa44cfb996d

SHA512
f398a6d3e4163080deea360882dfbdc77359a1b359821b10125f682f0067fc5b81a71067537a73794f712918c95aba116c804512466becfab8c2d557f7134ed2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e04bc50342f9957b7fe7d8d078d1383a

SHA1
aa158834e1de4765870a1efa23fb13d3df94032c

SHA256
e3cf907b3b3ac5d4248e35fe0aab3fe2950ae2f1e4cc9f0b7453b3fc11e3e525

SHA512
e78e454cc80a05c123c54de74221ce42437302913efc6e84f32174c70969882e44bda3d2e619c086b302cc1eb4c61771decf3ad9d1dd330c9d827fdf7545f321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b836f73cd290f3ddca158e01924997cb

SHA1
ea762bf4363ed5797b2993771097b63c012de3a0

SHA256
d5ef41c1b78cc4ea85dfd45733fbe06c526de911d459141324868f3975581f30

SHA512
b6be8ea9723e9d52bb97f16a04429efd667f28fc20f46c60e3ba5c794eae15c19f7cc3c71f03d0057778209b1723ff65ae2eabb870bb77eb7e4aefe730a2407a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43cd8b2335e5f628dc105a1d40f53cb5

SHA1
31c8c4111a77430099f47d6675d5f2174e440572

SHA256
d252462d5b096db317bfbec58428d38e7bb5ab05ee5a28582b5eeba60709fd4f

SHA512
ae4d04c3777270786658cdf1cf7d0e037573e8ecc1c336f18b13182ddad70a4227a8dd280f31889734d01e961cc995dcfc4b2dc6768ee83de0c11c641441eee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a6cc7c03bf023475a4f6f762525abfa

SHA1
72ebaabb1ca4dd888ae04bd5832a067d447fb719

SHA256
54fad34c69211456593266585ef7273f579e072d6561e6082b66a5d016f1756f

SHA512
1971586ce2254dba8fe2e0449bc093dbd4d7b4103c5dcb21ab2e1e5704f175df72322405e0cdf839dc8e8347e383a372ded34aa2ce7ff0b732c76a0ecd932278

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8704e55ced1a396237840532844caa74

SHA1
d4863fb4114aa38e70ef2f55f7cf63b8ccf3ee3a

SHA256
5820eecd855a2b5c784720b8e91e55073ac62e1c0d3a62b34c5295ef4b44db32

SHA512
b35e024c108e4fbf47945ecc6542e14e4744ec7f48243eae79ba1c35fff2cf548cb63b9518b1962e7489ba10bb176b850101e078a387868a283e9b6bb92e047f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
976343efd228b479dad7964415373b7d

SHA1
ec2bfa46b5b52bd4d2821bae53b0e6b24a710216

SHA256
117c865c13a2757bfd2cc5d1604d01db0838a9caac27ee85ff7c4909ed24019c

SHA512
77423ab3424b0ea3680a309fceb37c7e06bd05c23c524afdf6a5826d1e8c2aef47df405f049a0e365dcb64e354d96fa954cb79f49d0a79a6ec8c1767efff6b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c8c8a222248e620b96d34f25bef67f1

SHA1
95db47ae4719ea1dea4d49f2c7ba4525fc25929f

SHA256
ff1e111500e054b2bf4e87cd264aa95b61abd81752fe515131245caffd4cfbc9

SHA512
46936568da9a64ebb12e3619c88f6762ee8c8d7c523353e9ffdf67da5e534ba5fbc4f77bb4ee0e0e9adfd3476cdef80220acaa0188b4c2529a6764652b86d1e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fe4a1b4a19db5b90d3b9b3bb4c22e85

SHA1
e064228efa625c4e589fa5192352a4289b907955

SHA256
68fb44a2c608b1294f0956d5d7b90a40cb69d45eb34c6eb6e1b0aeb2ebb0efaa

SHA512
de028c87f5f2c0b20f201d517112bbb3a6449e642c2068cf54245ad533fbfb0a26f6786d76c61f12050cc59a4267378e95e7df23ebc43a2088aeb3accb7e48ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9M1KBX1\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab97C0.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar98EB.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D8N7M3KX.txt

Filesize
601B

MD5
f1f1f7d9021bc44fb504ab2488c4cfdd

SHA1
09d159085988f92f4583cec135b008cf86baac81

SHA256
1724b454bb06462efb588aa395cebe6105e2df5d0d2d376f4a4719e881495a90

SHA512
536d12f262563c6eddc1ba8bb081df368216258a0652b80dd1e2d82d0c8431ec0c38decc45c710654011bb76f98456f79bf69dc0554851b8baa6367b0ae7490d

Download Submit