da0a855699ecc8cb2c746f5345954ef687a7434e8e7dd7915e2f3ab9b8046097

Analysis

max time kernel
119s
max time network
176s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

3KB
MD5

55acfe384eae522d3d9e0c046ef9bd53
SHA1

fbcf05fd0ad0569b4afc35c3bd8885b042832b77
SHA256

62ffd64e012a83d114bd8e15c45808773d66852ce385599a8f8a0fd5d7acc87b
SHA512

32043682d12cd10e24ea18d9a636b7f03ef688596818b1e2f15b090bdf69251fb2b69136231c418616fa95d3d3d514ae98b529c7a76d3f286828029cc574c0b3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000007c9cecb93e1bdb2217f13e5fbc47bbfe346ed01bb2d60fe445fe2dbee5e00213000000000e8000000002000020000000b601ee6f3e2f0bde08133f08cb272c1091d9607d150588715557584888c5937190000000a2addc988094aff60f288f4a21a1ea4015f4433fb509c6942fd893a046e48dd6c15c4bdc1d948bbec701302b6d4f8969cece537858893fe5e2237b8ab36106dfd5a03390078e35815ec5ffd251383959c58cf0cabf78cb640b6739e8a3598788b90d091d5db0e73cd08ad73b7ab395f65a0f1a0291facd9e9302248aee6b76ca99460db6f981ee41f6cfac583fdce4e74000000069ece3752fd73f654221084e0267d62774734be3eb05008dbef4c465dcfbcd8092bd7e14111fa6bcf16d85e00ff7179dad7ae6ab65eef13086245a8ec2c0c4b8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f00000000020000000000106600000001000020000000a9a989ebaf674a6036603576bb30ab1cc1aef3558018000fe6adcd1c1bc8d934000000000e8000000002000020000000b2583d63e9c7760434ab12e67e8320293d1d041dbb7d7c238614f5f9bded1900200000001f06e2a59413a198de5e8c0a75db0e1104ea96b7b4b1117d1ed672734fef81c940000000deacca3c8a1d68f2d3707e1331a3b1a673899f01f3681185bb0894beb05d02675b5fc322c9a805332e31ad4f50e77037eceda24268b24221815a99984ed9c20a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7010d8745ffcd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D65AF71-6852-11EE-9922-7AA063A69366} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403203321"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2692 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2692 iexplore.exe
2692 iexplore.exe
2780 IEXPLORE.EXE
2780 IEXPLORE.EXE
2780 IEXPLORE.EXE
2780 IEXPLORE.EXE

pid	process
2692	iexplore.exe

pid	process
2692	iexplore.exe
2692	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2692 wrote to memory of 2780	2692	iexplore.exe	IEXPLORE.EXE
PID 2692 wrote to memory of 2780	2692	iexplore.exe	IEXPLORE.EXE
PID 2692 wrote to memory of 2780	2692	iexplore.exe	IEXPLORE.EXE
PID 2692 wrote to memory of 2780	2692	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\[email protected]
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2f6c8456e068a946be2c53e9c7a8b0c

SHA1
c201ff83691a3d44ee9858a6a55da0bcb2b3bfbf

SHA256
21c3ebb7c86bf0a3ec1eb67daff10085754cae58dbc4196121817eea11e202e5

SHA512
5c01236bffbfdf04acf93b64f53cefdff16126779c5826e0258e137cacd188dbb254e96304232e5bc3cca5e90f0b3c07394ed1c6b9a92f921afe8b98757d3d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec735b164c170b7eae11107fd7ae95bc

SHA1
c2614c035bbc2c7a8e0c84d455f0a622154be9df

SHA256
bdfea08a22e156393bab1116950c82cfbafc6992cdf8da8d06e2ea969b272d00

SHA512
b2c07b0a3529ecda971acf548bfb72d8485b36e65b62b21902f7df1793e0e94ca3887d029dbc28b2127065009c559cf70ba4a6c85e553fd39427d0c3912fcf1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f51c402972cd0b0a8b49026bdf9b4375

SHA1
1af0dd72357a2f3578903f258b0cdb9bb01e8360

SHA256
2cf4ffa326e431866464753972f3f3ed61c8c8be5520b1b2b54ff895e0746862

SHA512
5fb2ec9fcce35c00d2d06fa472175657c80ce7d9a2a58a6021c1ec21e17871b994797507288bd18bf9091aec1e3acd80afcba65ad5269f74f4e004fc0fa841ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63afbef7036528d5f404e3a992c5acf4

SHA1
dac6a8392bc308ed64f70fca3649bf3338fce54d

SHA256
aa314993c9bba76ac407ca0d852603bbc98a3273c42fbb1a4b5bec76e091b73f

SHA512
c80e1fb0eb03fe812dd8fb862d2b531d0799e800492af6b1cfe32dd634f3a6aba8041fffae4c1a1667bbd13228f2f476816bb018b7fec2c4a5b66472f87c715b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0268fe3ac8db4c2e64553dd750dd259c

SHA1
926f8810d14fd0284e3144f6d27334a1855a5426

SHA256
cd3fd5763aa6d882db66b5df9d46ffca7b74383012ca9995faf2d94134222050

SHA512
3bdc40a9aab287a5b33cc145a85fcde5b932d20596dd5060ccd17ddfe1d68ef8282e96f1e86f530a167c805057fa9a84d93c5a182729497e822e860b4d820f1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba9c570e4ae52cbb507384740d8dd7a9

SHA1
79e0017b0371e7951cf006ac8e8ed6e3d9b092cc

SHA256
cb590e479768d911596e6ea7dbd235f3cef11c33b8350f97b74f509df4a4da17

SHA512
3c641d71481b71677b67c3c0ff00b7512fb2bae0a56f8f1cd65fcad6788faf55ef6dc416ddb148a389fcd1b4721a5ce3c3fb60ceded7a406659ae88d5cb71251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29ccdbaa48c9becc63cf21487e8f265b

SHA1
d42697bc2782d59d994a4bd37f8fc30e39636576

SHA256
a37c1c688099f5d4df7321b3b28c71151f3cf36c51f9aa0610e38721c264931e

SHA512
89d811d9506750e727ac24c972ac7a56022e94b1a10119907966ac1e0cd00086abe957364d2ceb9e278e535ae6f11adf92b80fe6658611fdf526011336c1a81b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6bf26efa37588021a663c42c151f7b0

SHA1
eb03f4e525ad403aee474d054dfdaef859b953c5

SHA256
517f2590668864cb2c6fd28981d0653d74d4b6ed9a973e5d6997463ae144aa56

SHA512
cf57c34b2d105c64683c05eaf33b62575eaf628477aa3f644a90c4fcbe7650febbd81b7c6c1485f4045c073627f79ffa60a32aff68df7ed1b8839c9a6cb2069b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ece0ba92d674aae7bed29aacd61a1928

SHA1
f734dde39d485e39a14b637bbd2fc89b0c608c0a

SHA256
b89f2fca7330427c395bcff5b50071ee5f7a5ed2896f40a0615988c05e6cae5d

SHA512
d79d3c48441d2a565be79615708e418ed95514489b95f792558b701b3d32171a79a45fd5cff127be010f36477dc3e0cbf77bdf0a7bcda1c4fc43006ee3c39142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4923dc14e28c43a18194a67aaefedbc1

SHA1
689ad7f4c3f46ebe1406801713c633bf7a46414b

SHA256
5b35fef47db0982c0b37e29733ce686ef7fd98f8d4dd0e9e3c15363c912d1017

SHA512
05a8c3b2abf07b5c82c0dfded96fe3ecb6e5ed990dc578133507648666bbe5a0df684bca5f664562a01eedc057eef50128aea984e303e44375bdbe4fbc760a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b57c71262c7f7b0cf4280b33635dd0d7

SHA1
fc32f2c5ae93b0a363ff6411b3e14faeb2714f0a

SHA256
4fb635ac6e2558883334c9762626ddd1fbc355cf88e497e91539e9858dc5391e

SHA512
89916488e24d46282672014be9c9d318a0e92c293173b8fdbfba1a8b0afce34e7944a1eae2cbf7526cecda26a886f6d363cdaeb9d0704cc1def7f3e6c2ea0a2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58f76dfa9d3f6027aa0108c2bbc0c44b

SHA1
431cffde07ef674240e29fdd6b0432dc128b5703

SHA256
413bd056a3b79651e2976ae277659ddf4cfbe70329396b35d4a50ba5d8f73b5e

SHA512
f281789bf935021625b596c8e0114ce10171669d091e604e5648fbb55f9fcb813d7b52833833ddfa1a2edb250b7cb84b8c0b69c67ee1b920a11363dfc48ede82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3948b32989091e9cd7b72226f481e150

SHA1
a43bace97f25f89ca415530e7d57a7b775d8f21b

SHA256
644ec8fc2f72d6fe9f950684fa4ddeb89d3362601675c96cd45cfe0657441fb0

SHA512
7f2c4d6bb2b7b58e65238644010c5276a9a6f8076ddedc0ce4f457da2f3175f7d7f609473e100e95e52e6ff422be6a31eba9ff73b296f1de1d1c4f2a5afec016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
723d83d2936bc19a8979cfcd992afd28

SHA1
1bfa374893233e7c8303da7c05e4fd25a1dc87bf

SHA256
e54c0871073b70708dba7f219b34acccfbbb2d0c3bd53e85ec45788c5b6c7fee

SHA512
841cf855a09ef929021f1f07ddc415eb00289f3751b123dfe64bf36c5d0494e3b31ccd4588f2ca31ddbdbed0a5a94a8df1d4c6b335a63b9712f65703c088f29b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3005c35ef6e50cf3e54a42e20b7c5e96

SHA1
2e148b04738b8e40157d6aa1351fa4cd93aa4e91

SHA256
1e640b19e6f36a93164c4b0e9db1bac44dd153bf9b4fc77d8ffbc8197b2999be

SHA512
c97059264856b2be2eed704ae71ca6ebd005c8a7aec94f885003644fcb7d3afbcf4b8d23e4e329e4eb728a7ff3efd1985e5c28f814ac6af57fb1386f587b2808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20b32bb9f50ba44999ba80cb1895338c

SHA1
cc4b90c34f02d5fe8b3ee87cf2f3f92134e67dbf

SHA256
e78d4538e01ef8f31eabf26043464054edf3d807e20a9a344a30ff3973b91b91

SHA512
287396923458fd932e9bb375d07f5b8937ffa9709ac356ba07baa92564bddf58691de20285fccb8f2f7cf68c0baa7689e120c45141382f5dafac865dd8702719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe3f4227db776053f4e47d260ce78ce1

SHA1
b66ed88a88fd9f8446460edab549bd716a2e0a1f

SHA256
ee7efdee0d4ee55d27601f0f6879d0f3643530c7c1c1d128a6e45dc24f59a78d

SHA512
bf239dfbd8961384d3db08a89abfdcda1215589e733eeac07f2cb39f7c4772007a899cfddd4ce69ce29e6102d1ba373ae7883598a9d271963f0380f4f9cb3fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39B9.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A96.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit