9a58928021619edf547ba8793a91c219b4fdd4b6d1cb8ccbbd840ea2c8596c94

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
07-08-2023 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FAB-blue.xml
Size

1KB
MD5

beeb15f69eb7675da389dd2a7d25e61b
SHA1

9b175d994ff139e6079aa83e8d32cd97f9799ff2
SHA256

3eaad41cf652ff44c03f0100b20dbf00d0bcac736147619fe9dc66050095a1f7
SHA512

5c711726090a1b3791a62fdbd78683caefbb056a900598a67851f1e1a89f0f92ee1e8854c3875a141aa958517be720c45f1c7411089c3adf7367f2e11076d04e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000c735a5a046832458f5f74784e0d0b8652b4f1ae553a892389652ea4f6789c86c000000000e8000000002000020000000580d5c9b26370f0b2ad36541f997a8e10180cb0cda5d9e3a465fabb57b7695d020000000ac0ec70cf6401ac3fd81d56362da2fb7c115925bdfc664d29fa57379fb4d270740000000228096c1cf641326e61b0ad379c4d2e2adcb2a76b2abe976083393371319242da0dce226a583284f29fd523bf918375debc994b70d0b73e749bc5dd75b7bb360	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "397602109"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{461F72B1-3561-11EE-A5DB-D2B7D0620653} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000ef151beb3ffc1dbceddcc7d1b54c11095600b4e4d59ef838c45e3960dea5e0e6000000000e80000000020000200000006cafde3a7b6196d50bb90b8ee4267c1d33e4a4f07e26604bca43272672af7cb69000000028895f1e56b34faaf9be293da5578c9fd33a8ab651f0e374407b3c772ee6b9e02686fb1250afde6d8f3fe98a07611afcac5e4673b52bb26503ea7c6480cee4fb79fcaf771c8dd1b888f204aeb04dbac773f002136af9dcc60ca088dfd4637de593bfd4a3dcc0fed66890d4eb11163e3f36864600d2752d5f6107b1d3f83b20d42242a43111aa68f0cadcc0ae9c8e4828400000002a1756e02f782c5d72c99f3cc57f0f1ef7f9f4088b993028abf1e52ba1da63ecc7307799d4638e6dd4ab8cb8525a24e5ab1d563cd438ef67e54de69f22c28f7e	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800def1a6ec9d901	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2568 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2568 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2256 IEXPLORE.EXE
2256 IEXPLORE.EXE
2256 IEXPLORE.EXE
2256 IEXPLORE.EXE

pid	process
2568	IEXPLORE.EXE

pid	process
2568	IEXPLORE.EXE

pid	process
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

MSOXMLED.EXEiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 2184 wrote to memory of 2572	2184	MSOXMLED.EXE	iexplore.exe
PID 2184 wrote to memory of 2572	2184	MSOXMLED.EXE	iexplore.exe
PID 2184 wrote to memory of 2572	2184	MSOXMLED.EXE	iexplore.exe
PID 2184 wrote to memory of 2572	2184	MSOXMLED.EXE	iexplore.exe
PID 2572 wrote to memory of 2568	2572	iexplore.exe	IEXPLORE.EXE
PID 2572 wrote to memory of 2568	2572	iexplore.exe	IEXPLORE.EXE
PID 2572 wrote to memory of 2568	2572	iexplore.exe	IEXPLORE.EXE
PID 2572 wrote to memory of 2568	2572	iexplore.exe	IEXPLORE.EXE
PID 2568 wrote to memory of 2256	2568	IEXPLORE.EXE	IEXPLORE.EXE
PID 2568 wrote to memory of 2256	2568	IEXPLORE.EXE	IEXPLORE.EXE
PID 2568 wrote to memory of 2256	2568	IEXPLORE.EXE	IEXPLORE.EXE
PID 2568 wrote to memory of 2256	2568	IEXPLORE.EXE	IEXPLORE.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\FAB-blue.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfaf6bdcd24643b127638e6078fb8ed1

SHA1
eac1a2512047e8e916a4a8f09137fe6713ba6250

SHA256
669882d9497d338d9050f208805a780c00a953d61f9051de2209ecb94d7434ff

SHA512
5688d290f5d50a5e5c8cb16d37f107820f55a10d1114afff862c30403c8503846ad991782b90e3b6b3d2a597a0f0aece811d9e5062a4919b2414418b56ad313c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3743a230a3d48feb1a2ca2143753bd75

SHA1
ebe0acb3cfde1972de1d0af6daebb5e7c9339a3d

SHA256
fd590cb8b0a5f3e053ee8fb94a30d5981266ef17ada0f705029239bb03cf565c

SHA512
6d4c2ece7b378a5d8e0350ff65bc2c946a8a811da310c766a94ab8b4eb50bb6a15166bf90e248f4dda2f354ffc8f8c1977af33115fcda52502284b5b5dce4d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afe73cf2431c995f7db961f7719770b7

SHA1
0f9f1ea36811b5cf41055256ce5a06d39d7b0545

SHA256
ab94f64700ab0d4635384c9c11bce661a31bb64fdd807a23383b32e8ba99e1b2

SHA512
cd8944f848fc271b616fd471a0066e8000e0268b1e4005cead662c9905e0b1f3ac4048509c4371c804217af2eebef03e1ab542dab8b26eaadaa8dbf2283d5ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84b8c97ecc1d3c28da68162d675b7d94

SHA1
a7f93eb82ece43c233cffcaf6bf4090d50260526

SHA256
38fc7196b44c493665f3669c47e128ccc32e6a41d6aabf53b4fb5f809412a9f4

SHA512
50393cc7138bf374469486e12f5e210750cab7f5c091c2e4f8dc0fe37a506c50a4e6903b48b43a656cb31b57c579f36a9ed5020fed4a9bbfff1f51e4ed020aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fe3270b3a1265115eb2fa695d1757fc

SHA1
83421243d23045ece8cd23a1d2fdae76587cb269

SHA256
85dc0a43880f45686a07d812f5aee92cdebab89c3d76b108f805d8287ef61789

SHA512
3362fc029a806fb62793378ebf7f02191bc2b626d2baf672264f043f47ce6415f47cecd853754eedd2ec0db220c6fa9cdf09788f12f624b3a013b7f3dd993892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbd1beaa25693746b53e703221a5e990

SHA1
ec1eff65d570b3ee3f941e296458812acea506ae

SHA256
723b2bc63485998bc92e2a4d4bfeb8f939b15b8426449adb78b210393139090b

SHA512
187f7da449c0c2280a43b14202760471982baf750f80d7db5461e0ba9c217cb50683a0fcbca514a6e30c52f968ced6c0f0eee006a3b60332728535587ca72e12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35984d9e142bd532c0d4c4270c6d1746

SHA1
58c5f2121492029a70ac74cf931a168dc21c7465

SHA256
1aebebcbb8089f3823c32e272ba0af8903ab9d550b8f00adbf25717a0765387e

SHA512
d7b1c697071280e961854da4f3f12d1a980e30f2e68ea1b3df0caf699ae1d50db3ca8ea2bead686c40ab0e5d8e40acfe1e22371e57b44fef0b2259a08dc3fab9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aedfb89a19f98fa2898d2d7c40ed078

SHA1
2982da59103e86324650d44b6820ce15fa15ab7c

SHA256
a10177286de6b34e14d42bcf55109a8fb6731fe6d33dba63008adffb09e05a24

SHA512
2aba9d0b4101a85eac170c5ae7a0808c6388db9beb229e099caccd3459803645a5124e2095379117b8beba12867e7c620298a2c9dc3890cd69175e5ec6722dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad92652746cd7f9878ec3d28846fd64f

SHA1
fca9f4a81275617a811e70ba5251daa7f8b331ed

SHA256
8a2f4d04b64fac99fa23568f0eb04012a8ecd2702724d0dfcac2c357fb1a4911

SHA512
649aa6c575e45316fc922808bd86daaf1eac05036d1c1e25167ebebafcbb9d2b30ef3291b077e2a690ba3b4e39329623c5f513be02cb035cd2d6fb8bcf7705a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91eeae7ed2d31a4ac9e1b4290efc6d29

SHA1
f1e07314eab1ae1eb3e24b37b7b1786d9ee1130c

SHA256
e00d31578f99164d15737ea68b6bc2715ff79d251b112ae3c06d0926f1914f77

SHA512
51c66caf0a11f268f81b24ec3dec6d1c1e212cda5472d323492a5389f9e670053836ffc2776d56c62f7e7004bf1d3e2c9ea8505475c13934b4f47df01c351bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bd648967c73b069c2e966d6a4a6ad36

SHA1
d0fe3b7b76306d9d508c9dfb1e2ec64befc76628

SHA256
74b4b9fc640eb4a87a04a1ba721f278cbc7e1109d039a45802a6257fe729ad82

SHA512
d1ba921ae2530bbb51665c556e872f887bec4c4197212f79fe8495b86d83c389c6c0f4374447bad40edfee88f84309add6dc82a7ed78f2f3a9f72d741414a8aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04f1537afa03c8d5a256b9d91c32b6d9

SHA1
677b2561bf5d3f56b50d394d0d36d644eace2efd

SHA256
d622ed864195d6e1d1d8dabd7aaaa1cfcdb4f0305dc7a81f1911f6f85722c63c

SHA512
405510aa4556dde47c3e209136f39c3ee4ea59990558bd9c04fa33e2145bea1ae3abe718f81df483c54374a7430b60d57d4ff89f7df02d2d108903913df74efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
753e239e12c39bccbc74493cc467a194

SHA1
992943a036343d8b48b772917be57c4656a6e1da

SHA256
e8aa60b7ecc2f175f2ef3b971fac34d3c27ef6b9140779ced905709a904d9f43

SHA512
a4e03177ef88b200e70478571494ba65cf375012daeb5fffc4c516848072b2a0856512f893b99368c3a5af27f49baf3f63da4f3bb17f8e28720925a6a501edbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
758addd6648e541b6e61888d654ae4b5

SHA1
890016e413892c7c1fae24f5eb6e3d9f97d2dd38

SHA256
1356e65ae9f73f4157771b088b1e89228a88e058056a32c91a7672b9065b4bea

SHA512
b2e1a1011a5a1917952544b615614cad7f4e0ecf793c54c5992f001c1ea81e5aee2306b24060540e6615c8cc3c6fc1494c0b6a1fc2c7ef7f51da27ae3e7cb555

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF539.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF5AB.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit