d1daa8dcbbe3cdbe4ff97598d8b93c7c2562229c5c081f35068d6a66a8591035

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15-08-2023 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EularsB_sub.xml
Size

1008B
MD5

cba3b620bb98ca1080aef02845e79acc
SHA1

3d9fd1bd824b7dccb4e49290d090b8ca8fa46c28
SHA256

4ca10b296fce75746fc2663d69b35159b37b954dec65dc9cf660028e02b0cb60
SHA512

cf9cb799403b44a52cbeecb012d1ad9818240a8efa5543d15dfd18eada49abed8265d8681f5f5a3456f5d7f358dfc6b831309af0ac7159dfa4a0da278ae8183f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398298872"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fc177b9287ed4a8181eac127bbbd690000000002000000000010660000000100002000000017b220506b79722c7b3c4851b3fad9a37fcbe3c4e0c52dfe42f1e350e812d036000000000e8000000002000020000000bdacff8589dadfe5cf61722a48f907b40e27c2c2e8c38a5085840c65bd14b95620000000fc94b51a51515abb14bcb5ad539ce524f9302560baa189e4e9d26ec978fb95f840000000517895599256e225c58977bb4ab79724a04b7ad8ba6355a30b296392622297e1284b5cb94d9d84fd88f57e788b4c3d8af05547c1fd494f1eb742933af903b7d0	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fc177b9287ed4a8181eac127bbbd690000000002000000000010660000000100002000000097bb83db810aa1af3d574ee39ed14ec5835ef18f2059506c1d13f84a15673eea000000000e800000000200002000000098f51c139df4264315920897049240634ed2e63c98112f51aabdef7d5b3ccd859000000086cbd78d8ad603a63092ccc347266cbdf463317e7b336b6e47da3940126611b5921c6c6d7452cc3e5b2d95af1c49312ddc05e34b5e40b920099145001d5c0c7db3bb96a4d27c77b89332a8ac803e07e27bf859a04f146ddb1777f03b569f519681676a823e2c029014ed9ae56ff179c5c5fff940dc090e8128d2ee3c4a556f829ed7b9ff552c6da8fad14c0df8a7a889400000006c4639f2eb19219c313b6f767b970c785b09a18be81e9c2acc4dca5b025bb87ad29b64cfd81c5b420e760d20d4ae1b3faa23915642cd41291310421d3a36b64a	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50c22661c4cfd901	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C2793D1-3BB7-11EE-9864-F612EC4A90C2} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2180 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2180 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

2180 IEXPLORE.EXE
2180 IEXPLORE.EXE
2784 IEXPLORE.EXE
2784 IEXPLORE.EXE
2784 IEXPLORE.EXE
2784 IEXPLORE.EXE

pid	process
2180	IEXPLORE.EXE

pid	process
2180	IEXPLORE.EXE

pid	process
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

MSOXMLED.EXEiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1152 wrote to memory of 2512	1152	MSOXMLED.EXE	iexplore.exe
PID 1152 wrote to memory of 2512	1152	MSOXMLED.EXE	iexplore.exe
PID 1152 wrote to memory of 2512	1152	MSOXMLED.EXE	iexplore.exe
PID 1152 wrote to memory of 2512	1152	MSOXMLED.EXE	iexplore.exe
PID 2512 wrote to memory of 2180	2512	iexplore.exe	IEXPLORE.EXE
PID 2512 wrote to memory of 2180	2512	iexplore.exe	IEXPLORE.EXE
PID 2512 wrote to memory of 2180	2512	iexplore.exe	IEXPLORE.EXE
PID 2512 wrote to memory of 2180	2512	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 2784	2180	IEXPLORE.EXE	IEXPLORE.EXE
PID 2180 wrote to memory of 2784	2180	IEXPLORE.EXE	IEXPLORE.EXE
PID 2180 wrote to memory of 2784	2180	IEXPLORE.EXE	IEXPLORE.EXE
PID 2180 wrote to memory of 2784	2180	IEXPLORE.EXE	IEXPLORE.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\EularsB_sub.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b9ad7e633dbf9264d7db03c78448079

SHA1
10ef9004f9b89aa5d60f0571b61f39fe0801acd9

SHA256
2b86f1b008ef64b1f062639ecf3b76170b3c55f5b1777c38f7514531b1b32f50

SHA512
85b807925ce004b38499cdcd15a4cb6d9d20be5e4f4bda719ccd5c6061f4461b7c25a26527a1c9bb04c3258736e2801592fc4c9a1513e4b479cf4ba9f91277f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bb7a0b6f1e65bb694b78b69c6fd37c2

SHA1
585bcd514a9283b424637080283dfe7fc1329a1f

SHA256
7d93c1498e30f174af0e4d06986bb9f01ce3884068f6201fe644694d818cc61f

SHA512
4f0d7c9dc5623810e2cb7c574dd983ad1cdbd51370b99fdd13a70549d5551519270fa7d9648f010e6fa5fc0b50a2bfe7335546c708430cc1e8848f50da3a7045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef0d40578efd6c10233924dfcd0004ba

SHA1
efd27933d8576601393c1da444934c0da6c9a5a7

SHA256
cee01792272b8d1de603068fa618fe7feff9e1bf67761833ff28295fc966bdbd

SHA512
b91d34112095eae5521f3f27b4a4b440990de31807d87b1ab141297e2a3324a5792e6b84ff8f7aad99c1cf27edfd6a5ed0f06453c914d64051a161658e3409fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddd6c20408c0809a030cfdb703e07602

SHA1
839943d9c1ce1accbe018e16c196376ba3989f94

SHA256
fa7a9ee45d7d398b996b239f27028e1f3949325c64c429966ec60036f0ad7535

SHA512
b412ae0c26485d737af4e6ae11209ae67a4d555b1152584cb107953544c1c283598c8b7b47135cdac1ee5f838c93092b37bbcad553cf2f11fa4f6a519534a380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c5d840956f2a0e4cd9a4062d008bb25

SHA1
59fd3b9ff5cec03d7a696e8b490c160e065aaf2e

SHA256
f49a8c5669dcb885a6104aa17238a43a58bfc430d10e498b6b03737091b6992e

SHA512
dacddad76031146444af1d5138bc255015105549b6c0243ab412b73f8a87317e89ab2f5dd7453e78abaa94430720937da6d463c32972afdab44d853f7f116f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e566edca05f3c0f3d89406127201535e

SHA1
a2509133da6e4f52c25ae4c59814c16f68b60b14

SHA256
6033a015ec99ebbf3482ebaed3d88c7ac941ed1e05671690a3887d4e91902fb1

SHA512
552209bac77fd6718c75fece4378f803959cc7d2cc4b45330c603fb57875f3f20c8f08870fe8d55c1fcce5095aebcbaf4ebf8d0c10064a07ac18c1b86575300a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e46f169a0115dc25da6f257aa5e9d56e

SHA1
38e4a23f0b3103d75afe72062e74f2bdf7075ec5

SHA256
8d173f280939f3f55d081866b16175a7318b6a4d8e74bb5b71f677572000f096

SHA512
95668cf2bbfaddb6a38582f80d1ab4cfc58b9c7896f4be0d5748d269d799648a6501c60348efb318338d4944393508851c301def202ff340304fdf6ba48afe54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a15b58b106037ef0637c25e248a6c247

SHA1
80d8f301e28ca8df3174e11a566d1096b48ceeb6

SHA256
59a81ad27157f5952f2903dc903bf840b5d40edf677d777ad1b51d6f5779e1e6

SHA512
affa13e8826bfe5ad482039ebaf6f2dd725f53a96e243027b58c68b0f81f69640f82c1cbd9cb15b293c332780bb9a5400d8f64aaf9ba930c1c3b3ab4b75161bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
354fd088e07334472248f114f06b2625

SHA1
b6d8bd4be467a7956249f25e9d65a7402019dbd3

SHA256
dd9b9ef952ccb0cc5ff74a1f74ae43317f5901bf851b0ca9b825e7b2b50fea93

SHA512
a4a71c0d419f952251b2693cddc919581c6de6aa331cff2dbc797400725e983b33902a71a5fa019455afef945c7b4d0f964b626c88ece0318857cbacaa12e99d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a1d49033742cb14ce9661456626914b

SHA1
d628fbb8d34d7b7b752f3df43fac6fdd3add4823

SHA256
215b8b86b731db497236c36d97e697a016567fc6f36f6a8c768c180be6574249

SHA512
ca8aecb1aedef9e999e44393cdc421ac73be19682be3fb47620e1ad3971521ff26b936fd9c9abd8e79b752fcbfb44b9407b74df631257695e76db9fd60cf82e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbfddf5cd065caf4f50ea967be381d91

SHA1
afcd6c4c8ef610817c96e60bb6e0aefe94f22c47

SHA256
7dd9eae6b816126980be85db3af0494849839164d0ddcccb2d0ad7b01c62e121

SHA512
e1824b962c2cfc4eb3cec60b93c86d195fe1e1117eb2e47b67199aa0d8e9e2f8259bb34e5b37bbcc11c4ce4cb0811c9ab8dcc4880f60b4aeff638487445fd8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64e1b33f9c50b10f4a359c45f586fa0c

SHA1
a3fd35d006cb420f37050d3d9ccefe3572bba1db

SHA256
51e042790e65ea526f79daf2b00d393675ee70fab24bbd74b5e5191ba7b825b1

SHA512
b07524e52258954bee4f783b4d1750161e3be385240dc2546fe738807f7450382db134aaf6b1a33d18396b9e9643ce5034f4b3b00e49ba6337f434fc922cb8e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d84976c1a0a7a54433b867daa89abb6

SHA1
4a2cbd41520ec96a8d8aa2b25932dae3a84a86b3

SHA256
7c4ab468fae3f9120006cf7b7b4793b64f0ff939f76a783672791eda657b7834

SHA512
52c4a59dba90e9f10828cd6c942e6ca798dcaa8bd1560a27d01e61cf88659f773f0426a174e9eff3806c7f910fb8e761a2210cab21f64afe0d324cdb52589360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93fcfa4394a8059644ed2060d24770be

SHA1
48ab19c668af1fb65cc0ba58096546be492aa4db

SHA256
2253a7254e565676f7e964f675826f1fefebef7905baa4b5a2ecdeb5c0dd498d

SHA512
2015f3025e0c75624e66d3f42a056f82f06eb181624e0c253c6ed996c3eb7c5bfd653ebaeb5881a1749d00297e5b1bab3aa6bdf91e6604bfd9484e8fdf4366e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9D4A.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9E29.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit