3272b29090b0fc96acade796540f84b7d284c665cfbbe186b7e50646d065d242

Analysis

max time kernel
157s
max time network
185s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08/10/2023, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

helper-oppo.html
Size

1KB
MD5

b4e0d3a8326441b9b1a3125818578d00
SHA1

89fb5b2c540b10fd8f34d2012e19d6fd233e5178
SHA256

104325068637ff57d6afc4cf647cb3096ac1e8b8feaa64b76504bf27040f761b
SHA512

b69050d359676e83c450d839705fc428e3577609a998610b2bd9d6658b51b7b5309f363ae9e4a1ba1842e31e7deab0b4f11cb285b9613827be89c7e8c36efaad

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007832999c35766c4bae1b34334b3bf812000000000200000000001066000000010000200000000208a573bd5583b478ea0f4372404ebb1459db1f4bc1d54e86d55f9dd53b49ec000000000e80000000020000200000000dcf69afb617ff0f6653be6e11cadb9193dc3943faa320d84ce7001134dccee420000000307ce50b05bea49b732e476a0a5415606f861b749db796d8b17ee185c602ca1a400000001b7ff654cdb226cc09896848fd70a5c3dba17a502637f2f1377ee7750a4db8675838e7628896a300cecbdcd4f75fa87615fa565dafc0276c7e5099db0dbbddf4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{226C3FD1-6598-11EE-B77D-5A71798CFAF9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "402903326"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6029f30da5f9d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007832999c35766c4bae1b34334b3bf81200000000020000000000106600000001000020000000e09fc99c31c860b95d7e140377af5b7a7a7c346fd9500ca2d4423d03b7451907000000000e800000000200002000000087e64698789082e4dfc3a5d9fb3776c8bb58cb1db05ee413b502518eb3a8175e900000004d59e8bda856f11e9880b07718370e0a7a4aeb5ae56ea38d80e2e04f0d7f91af08e3825ff2b87c7ba59fa32fafb590ac002d475515e32cf7f27e8eab8cc953ed613ae097cfbd22df8f070044c93791821ae334cc0eb977e2eec17fd7fc3021ec2b00da1e4f4b73a6bf7ccacc71daacdebe6056b36e3df58b6a6235065a12a373b6750c3c891ccb4d0e6d1015b42cf85540000000d0d2baf20a022f787691b09f447dbe3c481520146f559b21b29cfddbea2f5bc4560ec8f10931704734632f39272a98338819bf0602d4fad2a93054191faa2086	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2828	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2828	iexplore.exe
2828	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2988	2828	iexplore.exe	30
PID 2828 wrote to memory of 2988	2828	iexplore.exe	30
PID 2828 wrote to memory of 2988	2828	iexplore.exe	30
PID 2828 wrote to memory of 2988	2828	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\helper-oppo.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
798d1ff238cc67922685a17fc2c83412

SHA1
de6f3407f6cc112114521411f85d039b1a98ef1d

SHA256
6e63f093f3ec442acb22d47d613471669d49011befd8a5fcf0aeb2bd4bc50b91

SHA512
bc414455ec106605f8ceff4ff2e00e0af0a6c1ddc14a34357a353f386ed28d4e1f6b6054f698e0f44efa5c6877198572a3bda87c20fef4235c0cce1206c91096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2f319507c7936e054bc28ef285ab440

SHA1
059b63fb4ce6d51b89870d9ef4780ce2902f493c

SHA256
0d3a59b094018d4367ef13575ccc19014e3233c4d2a79cf9db21f55999eba7ab

SHA512
22083a30c3df851ebf971ec69be8ff383c91149c6f53be13ffdc9c70468368c6d64e2418b2168b5d3f4c343c06519ac571e6ef10f56604bc4232f65b9e100883

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38a58187a83bfd9288f464aff818629a

SHA1
dc7642b5f66611a1f8db7f7801aa28f6cd0da702

SHA256
608d76813f3d7e7f2ebdec890daf671eed7c2692dd09555e211b7bff32fd632f

SHA512
3b3578c726635f86bb6672a166ed7958ec30812be8c1902790eb52ba39ef98f08c32ce4ea282d64c6990dffde4c23affe5d8a3c07c76bcf2beeab673b354cd03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eabec202327dfa9ef6db7efa1afe41e6

SHA1
38ec761d61ca40d0d9cb564d96c6616f6b30e512

SHA256
3c98c43aeac903d2cf30ce284b2d1cc58c0bfc9053cfaafd50e73722af4b3661

SHA512
6939cd959a4b6e5bbee2f884f364408d0896cf1cc1ae09107b0fd6aee5608030122460e281c8e220042743638fc2b3fa026924c99d98cd1c84b4400dc6c6dca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebd91225f4c3aa03e4b3bc9d110c29e3

SHA1
63fd1b236f7ebd51d716436b11d67fa660d0fecb

SHA256
d76f9be749a61e427523bb14b3cf99680f12bbc19b2614f755020134dd258300

SHA512
e1fa1cbf636a2a4d40d745c687cf3fe92c6dd43358c6bc9228c54add1434ccd6721b9e6de1f8de52afe9a34b6183baaae766106133c34a8868dc70e0a8b6154d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce1805af537d0f62631813c3e76b0cdc

SHA1
fa4b63690969981c1176ac95052544ca5427de71

SHA256
a8c103b00e25203ae18b64f4a480b5210b6ec947959215092a28a4fc1afe8d80

SHA512
97cc24d11c49340bdf72ab2d04f7e1b9f9ab473c3749acbcf978317c009af7d34a61e35138b9a2f941339156f02b20d8c6ec8ad2ff92d6c9d29216215f9ed3c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a073ad4c511a5c93fc0579e1e1a7d4f8

SHA1
5ac5a960a29a22dc70f865195841df82bcfd56c9

SHA256
a613cef87fd12c04ef256ac2169432cf48cb17d205dfbfeedabf0588c2f2be09

SHA512
de0bdc507a097eb4625aa6b63119e0ac069f77777f45ceb45521c98e75c3f0984050bac6edf0c177ad19a7c95eb267523709994332ea10fc9c74cff9830256c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ffca818287d16ec0e1aeb7623926371

SHA1
2d4316e9d5ea6a51da115e4850d157a8594126d7

SHA256
93519de43a8a644de6836c5e63c01b040958c24a13e7e108931866ff79c03611

SHA512
42da41d4b10d5c60492a24b75be90b2b27435cbc1ef1b1c2dc14eb5d4149236dff1d1805d4bf1ba381d02e872c1586fb20984d31416f4b47d3654ef3eef88ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
212a63e0f0661f201f8b8a6a28a302ef

SHA1
c8e18b13aa083e27fc4783af5ba2e8c320567880

SHA256
2c5f73f4796c878940ee11ac6c6ea935ebce7aa54fb2a459f2e47297c9a6c559

SHA512
7969bf19bbd6c154d93b340c4f80d732539f0a46026e05ca8fc94960e0d4d360a4cdd54d9eeea4a6c8ee231080e2190b938801925bfc195bbdfff092e16f1023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e3ccbe7e28955421ac3ad7253cf0bd3

SHA1
84d0b69b949206e0e1abb290113ff8dc5e51bf2f

SHA256
fc5e20b14d1c1c6ec3a397e83beba024d52f9f7870809e7773fb1005a6d0e984

SHA512
dbcdd0210a7f484d57456531ca6ec8ea9d13773bf7d42e3d0fcfa01cdf979cd2774ea4216a0c99759783e8dc5cba8af7e564d237b16fb04d5ee6d67ebabd9949

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85da460cf9c1e634452a03ce6d945edd

SHA1
08c7d3e5c4abce9fcf5e1a9778d4f49aaa81d1d6

SHA256
db35bec963401b561de5eb52ba78c1c08e81563275e9506e67781a63f8537686

SHA512
5c4504eb7639f085df7fb00dde345f8e43ccbf0677ee033067fbac7e6a171f7fb1b06ddeec8ad02340155bdade0a5a015ba8b0aca276558e4205666c10dad26b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d27e005050be8ba63df94e26c25b047f

SHA1
f441ed2d3a5e4b69fd075087ff930cb1220b9e05

SHA256
fac0f5a41e309f31056a67853872b5b3250bc7f6ed11eaf92e76471d501ba578

SHA512
b0c6a43ceda213828b23dd125ae5335d69ff7cc262c3a1aac19ac2ad69f56ce9349cc92711de251f8b54e9cf5c6a6b3ce6d98be6f75ddc8479b0b8a684605ef6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84b852fd37ceaa2ca27e77e7296bdc3a

SHA1
83a62649c22cd276e91b2ed7964a72d2a00897ca

SHA256
440690d7c702b00ae2c77b7f5135e20593062c2f7fc50143b64bfdff778bb9ba

SHA512
127fea015661dd8f54f3e1fcb0855e66c3e114d1566abfc1aacfd0c3d0dd06ff3a8901d86676d791ab3b675044756af5fd566796e41526bbda3f86aa30e05b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31f2c9170c796cca4135d1bfd5a46415

SHA1
906eceb0276ad43771a480a2a93bed43b4361cc4

SHA256
632b1ac3cb8aaab87f47922ad8ca202d97dfce2a1bb09410f4e241f446219541

SHA512
56cd402e820edbb6cbec50c7490e45f9cb779eeed81ad0edf06391e4cfbbbf3bb432c3d7dd102ea53f8cdfb491aab3b5106449f03523191c91030c523978a515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e8392ddfc33c7774fd9a5644dbc1b52

SHA1
cabb2d9197cf68ffe479556d909d81e3c181bc6a

SHA256
de3ba9f3d3a60a4e2f278f88bba23422d4f6359e47f8f2a96608d69fa4737365

SHA512
8f03686e61a043ab9724b768bd149226c0821ebd57a745e62f0c0e589290e7709e0b9aaef633e2377905209a12849fa4d4a1102251a9c59cb2e8fe3529697cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86a7db64bd4a86a23732fdaea0d2c046

SHA1
66cfbb6dbbfbd88285bae25996c25b204ef4352e

SHA256
80f78b97bd255bacdb9d95e107b045e31f2a4f97e70c393e15397f1ed3328512

SHA512
373af64015ad1523128b9aaf31e184843a6ff9220b318e9b6d3079e77c4312861c4c4dfaa013d2cefb86b8a5b6cfd8329e2b71004f36a060a90654dcf31194d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b1addab456fa01c35455c2e8b45b24e

SHA1
29f5cfdb89cfad35b4ccc4a283a5128c75dc2e58

SHA256
2a4bac00493e43f39125d9872a5be4b30875add822f55bd3e19bdefff583fcbe

SHA512
1deb30a4faa651cd68f597edf1bdddc7797fa722a7581ad7ccfb5321b8fad2ac1d6b9fd23454b8398c0ac7481c26b2b857b11ee9c07ed5108d662861112c20be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16e5aca4136f2a7ea2337a08fd9b1100

SHA1
fbabb8df44f367f5fe9ba0919dcb33ac6b7fdf97

SHA256
0b3312f824bb26b95915b48af740d4edd35c023ccb732837fed690615d51c52e

SHA512
82c516ec2367c16165bab90cf5ef314fc3a7280e93d4939246a0a8505353c9b5857168ffc3ee81cf90fbbed4fc47f8f40187eb37eaea9fc12db556a56743380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDF69.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE6CC.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit