5dd8a02a0d54e2390aa3a703e8776c94e23eba9128edac3b8a4c41a454abebab

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
07-08-2023 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

assign_labels_local.html
Size

1KB
MD5

b152537ba127d8460bb68e6c654440b1
SHA1

ce3cc1561c9791352d6483b814eea034f3744625
SHA256

2d019088a023dc89232b03863c4a587ef10b9a7d70859db05b6faa754f366c2b
SHA512

d31c69b08d80b740f010e0e911e2abf851f897d4068d99cf5a3e9ec05adff8b47db880996f7ee9a7bb00f37468bb133c2367207069d54baf54872573985a960a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397601958"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd82794000000000200000000001066000000010000200000001654e5ffca51f3212595385160b5c9c34b22f8f238cdda0ae29e36cdc54d0070000000000e80000000020000200000002e11a58013b7a3cfebf29c1538be8c8c1cbe631ef4a26527609cc7a1bf527471900000009c31da6f2e3baf652038b53810988cd9f7e8faa2de75a7e39265bdf368f775d0f9f9358cbb52ba1458953f56692942b17c16022cab150d3dd679082b406efa610b462f3f0c9a6490a0d2e9488e9ae7cb2946620743ce705698aa6a8333061c36add8010909d86ab2413fa9529ec6e4651738df46a494400fac43237d8610d14a8d7f7c76528a19ec28ab123731227fbd400000001bbe8cf60c18834b2c1925c6781bd36be8c66fbe7729c9249e73ea8a8f8a55b7796e82a2e579fe852e8525726fdb64815684d0fb99c9d99ab14ead5643a9e6fa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC3E6A31-3560-11EE-907E-FA28F6AD3DBC} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000f6930a6c47d06419e72661fd6dd8c01f7934f4ea51b92a076c447ca66be8959f000000000e8000000002000020000000e32eb2db22689f73bdcb940272110bbdf8127c897b3743b3a760d9fd4255cbb720000000956f08f8c3cc89470ea63ffe4be42b4c6c49ebfc3f0131eb396409c92acf13b840000000c0306f3befc2dffec4aabe8d674a1d54b7130bc1ca8d48b5a0af18025206951ff0b57e24707fb3a11d5a12adef477c9e656d2374de9d1033ba779a042291cfa9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ca29c16dc9d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

852 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

852 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

852 iexplore.exe
852 iexplore.exe
2796 IEXPLORE.EXE
2796 IEXPLORE.EXE
2796 IEXPLORE.EXE
2796 IEXPLORE.EXE

pid	process
852	iexplore.exe

pid	process
852	iexplore.exe

pid	process
852	iexplore.exe
852	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 852 wrote to memory of 2796	852	iexplore.exe	IEXPLORE.EXE
PID 852 wrote to memory of 2796	852	iexplore.exe	IEXPLORE.EXE
PID 852 wrote to memory of 2796	852	iexplore.exe	IEXPLORE.EXE
PID 852 wrote to memory of 2796	852	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assign_labels_local.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:852 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d24b636e655c1d18d10292d444d082ea

SHA1
bf15c8c0f3f0c4ad440ef0ef77f7d2856f1ebbd9

SHA256
03b7fb9cad34b0dd98c0d8d9a59fa846edbdb8bf5030847cc32df680cb9e08d0

SHA512
a37b99b06bd22c1639168f4ca1b534bcd1a0441f94ed36718e941fd886da3433967a999b1b97742eaeae78990c13cfde79d6fce8a41e5b44c08528a135f1c4b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94dec3323fe52e1dbd46a71de29c3049

SHA1
756da029bb793f2a6033eb64df46801cdf4ccc39

SHA256
ea0d1c3de27cb9ca4b944efbf266bd78e2581bda9bdc235ce8c381801cc4dc0c

SHA512
e4e4a3628fca0c90c4300841240c8d9850effff4dddd9f404040bddbed5243ccd1516edb30be22c2ed391433b49cf5469541eab93a3fa4c243160d3d5a6c294f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71d5e9d642b39c7004b08f51165361d

SHA1
fe5f95b643df1df8c32afa7aebd6cebd0580e50a

SHA256
d2b9f8b44f9c5c6b7df586282917f82d5f90796ccf3b485915549f2923541f14

SHA512
72d380b1e79503fd2bb5e3b19aa8c8bea945d867e7ca299040bd8c6afef17de9330fb9f2fb451543b2b2d842002a60c03a5dac578dcbe1204e444503f22e83c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78c40c4ff77989d16c6eebe33dc031fc

SHA1
1648093abfbbc5d8bdb3166e65e4e638a7bf3093

SHA256
26f92418ff8a4c8f69bf8e4aebb29113bc331a8c3dc4cbf33d13f9dd63d7d724

SHA512
a35cec73fdc4ef9fd253fa9f9f215d6f30a28696aaebc99db9eec177670c6de62ff3d56b19119d14bae0d57efbd43f09e93f95875d933338253937c0b30776b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ea29c829046a4ad44a66505c44b229b

SHA1
cf428f49bcc15b2b0cfa4710065e7677f2f09645

SHA256
45b84bb570f9689ec6937feb8ecee2dd69af53d27ce29ff78f1ba7a7d3e87919

SHA512
2e96a55ee29cce623ef5c53a3776f9db918c9bf27a0e82d9122cffd7777bbc20a1672474cbd3123a24d112da9e174a12b8a385e1eab553bd5f2bbadf628d6b87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
896e2dcc934b52ff7da86e55f6c164aa

SHA1
a46801d93302010c73c6ac9e8081427c681b88ba

SHA256
a0c6a9b0e7d7c22b34ca172f95478636e661acae2e69edb25089c6e2f6103077

SHA512
bf95f5c61352367662ca947c8b2c1d991eab06e51df909fa066dd0c43278a93ac1651633bf8de7f8b1bc6de555b5c2999e4a3467468924bf9f467d560efbfd35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4b72c68b57225e8929faad9bf4b7eb5

SHA1
852fc534f43e5aebea639c6ae10643beae053723

SHA256
b21f2e77305f3ca3cb5a96f89a496524cda5c16c4c8e3da46f637c5c06446ace

SHA512
1019006e59e1a03357fa1f9db3d3c213d5f3008c0b0ab9d302e27e14c4f26d7a45c79890e11a9997db1fcc70fa9a2e37c43143882128a0b48069d6d53f437845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8d936bbbaccf7a7a15a5185f77414f

SHA1
b2f2e49a8e262aa14a5979924bcfdaad2467e3be

SHA256
3c3d59c55e420685825a20bf4eb4a71e29c8908828fbe74509b257ad27c74d3f

SHA512
06aaada139a52de586d9c8e29c80a900422cc083d090647f02c42a01ec9a6629f06cd847f758270c05157e02835bcba6a15895a50aee2ed75da7008cd425c7da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77e9344192f0dd278071018c426e8faf

SHA1
5f2d50221326bf7d8b450dc0ad14f30e303fb065

SHA256
73d7b9098d75cae41d056a54a64ed856fe286f046a3601f956c0e0b7e0f94fbe

SHA512
b93aa6b3a10c9cb48f6daa9550aaf63f8e6f2055155fe11a84b1a0c025b241a8fcbe2aa5feb497b1a977755022dbdfbeb0d27f7f75f9dacb872534039dbad823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f6ef5209a39e3cd4d839e40ca6a586a

SHA1
9cd8f2e1ffbecd6573ca985ab0f1afa839d9767a

SHA256
bf2dce623ff71dfac909d73b6afa60b2cae03f18d4dcce1947bd8e0749ddfd1a

SHA512
3ad0ae1579006e43f160bb9eed1a9d4aa71d3160d6f647abdd013d7ab97870d39d8e0920dd49c5b054e8d306f17174281ef428d5fbc737753f5a776554652ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
869a624db67c3cb3ca2cf5383d242340

SHA1
e0e408ecac0fcf2ed3641efed7cabd46c67eafa0

SHA256
ac0a0c951653705c7bd3c763cda51ea48b20ad9f9860a7896cbf49dd152880f1

SHA512
00636419a497116019ab010132d86ca1a7f22310c94bb905777be5f749de89bf05eb5b7175e76553546ebd67188f5090abf3c7faaf3d7bc3c4e3b7f4d1db9c10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa651395d9cb98b03fddccc5a08d0aa2

SHA1
9d71c9c52a63f8ff5b3d6f54862aff53f6d9ff8c

SHA256
fd3b8341ce3af22335109962a2f7e86d946068c249959c0dac3211573bd0feaf

SHA512
1cbac8d37958022ffb76778cb019c0f9958995b8ff163debb2db18a0aa332e24f51f163c7ef8ef533dba2e3b86ac3f77311192dcb5f06af2f35547c5c41f1e5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9d2154981276c30d81addf659d4bbe4

SHA1
98b5843248a28a972c44e57eb857fe39c1670282

SHA256
437e3378859ab7c554167fc9c83ec71ab39c9687d18cb618f5cfcbb0ecd2f798

SHA512
1ce08f9a2fdbb4518a708ce5d30f76909ca405181eb09008d9b1d6f6c8df18f8ec7c2ef0a2b14c45ec606d3b1f604173773f7c25e264f0c5ae399c8a318d1a04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
345cd87af8d91ac22f0555fab6fac94f

SHA1
af9585c3f62a43fe44cc595c80bddda445b741e5

SHA256
28746caedf52b452fbcce933138f9150aafb551cf694a0f4c043128f78500b2b

SHA512
5ce0cd0cc239826f748ec38fb27a24c8144b3b1499d3e8aa40104d5dfaed2cca6049b9b1e6cdf10de887df7484a988f7cf3de5718994c8a8161636c0c943fea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9965d2ad0e7b85dff0a29935b8e1e88

SHA1
f9f9f590cbb37f066ed1dfaedffb0ae21b0dfeb3

SHA256
046f78589a48fa5db4bcfbd74b9a87ffe77f52c02329b9f78a2217633f3a9b67

SHA512
6e61f23ca455e9f99e42cbcef3886349cc3a6c0f82dead2385c8eedee70e17d051543cca52a09db9e1b57cf869e6ce6b3cf04bb28657a5e6dc8412779c619f6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3818d714cd039de0958e8c289696e38d

SHA1
52c33317ddb42db18e06390641005dfb9cbcc930

SHA256
04f8aa7d8076a714d81719eaf26f004fa3bb52145c1c61af690f4531073f01bc

SHA512
1c6c05a0317a7f941cd3e6c5460578b9dc4af123f4ffcbc40f4c99e546886b4adef2f6dfc2dc235a6631792ca87dcfbc405db75558c7a72f23d0137ccdc7e5bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e898bf6b43d15a868d7e25fc60dc6656

SHA1
abfcaa690a460d046a7df811652a85e84037b805

SHA256
cef98353f6352caf06223e6da0716c35592e2d168a4306aa12616b179ab91666

SHA512
a2d52c688ad21588fa654b5edc02a4724b69d91416b3c44d26f3ba8c9cd138f0e7e08974e0aa422d83826566f99dbb3b50dcadd31011d032e2828673ad0b4504

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBBC4.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBC44.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit