3583ff7421dbbd05af9cb5c91110feb4ac461f6d6510e6fcfe56950c26ecf782

Analysis

max time kernel
121s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1da2e21daf121d1c38c47f0be84ce2e.html
Size

2KB
MD5

d1da2e21daf121d1c38c47f0be84ce2e
SHA1

a6801c6269511fc146121de8950e1af679e00954
SHA256

3583ff7421dbbd05af9cb5c91110feb4ac461f6d6510e6fcfe56950c26ecf782
SHA512

5075d1056450c6c8a277cfd27cb413bb00a08acf7bd1239c7ac13e671ac65f65e71ee03d886bb5c149d5a5b3dca7687851eb4fdc03db1f1d416ba3814c538099

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bb2b421036da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000c8bb6dd63d30a5c06dce07a51df62a54d0384385f033410186216954d3a47882000000000e8000000002000020000000e95307253d62d8663cbf594a39046747a265893997a08f2636f279b2082edd8b2000000085cd42fb0fa16dc61acfdbfaab4ca57b372d5e926668b84000afdfcf7c2e21d7400000000d19d90edc49ada10b8395cefd351f186982c0ccfa7e302e5672a9d83af1dfdae3885f5d7064fccc97fa43e283bf7d8fa569bf9c90011e349fcdeac1df123dc0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D81D191-A203-11EE-B696-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409546483"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000b53ddcb01bd251dd802f634b4888d0d4544ee1e04a85c59d85c82802e6aac681000000000e8000000002000020000000fb3d268d8c410b49709f4ceb16244bee12693ae30874ec58c3ab95b697a070009000000034a1a16f22dc4930bb6091c9f6d038e29767561eab09e1fa75d9316fcddad08873c8071f7df03d0b0a6edb5ede02c1fecd483a535696d21514d0080251628b3e2c705f1b8502e60f96ba9f90a51854ec995b4c4125398b1defc307d8a24ea065964e47c8f58231b55999b628dc6760c2b6f2e351f7e82abcb2ed126cedb5efdf2a3ebd6a973f08d638ad59449efd96ad400000006a5910a9a340b9bde192fb1a3f70853cec7ce6cdfe04e88977e357dc8b0f9a4d2da8a843dbe91121143aeee04db67518c2ee31fde3b0d320134435215f78a59c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2136	2444	iexplore.exe	28
PID 2444 wrote to memory of 2136	2444	iexplore.exe	28
PID 2444 wrote to memory of 2136	2444	iexplore.exe	28
PID 2444 wrote to memory of 2136	2444	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d1da2e21daf121d1c38c47f0be84ce2e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b959a5278980c62eb146272db876f54

SHA1
15ab6a97fdc47ce2ad75f465ecab5cb92490f19d

SHA256
6df6e940f01b757e830182004c08e7a127e8a0155044bc5278637dae995aecb7

SHA512
4770a49ea98e891ddfcf18c4094e29ef9dfd30884dd5d475101be1b0bd5403ac21e6da6707f4383667c0173f7d75f7b7f2cd46ae7ad64399b7ac40d266cde3fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2de5387221f47571e2851af7d70b02fa

SHA1
630408904d293d5ee80b594872e311426595b459

SHA256
e2216d76b060b0f6c6726071c636fa33d87495c3940b9b8babb3ebb7983df33a

SHA512
2d6c4f38578b239b8efc1a8a81d2d8c89f185112c144ae5d2da1fda59735fe4dfc35cf6afc58e162134d7291c40ab6b8e7c275118b491c80890befc9d2921f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f88aed5621575b05ded53eddc446222

SHA1
c2efd5f8b3e8b6a3212418ef9d250a839e6813a5

SHA256
f141836a5e4ea87978672b2d39c63bc0d245b558144ed49421408926837f8611

SHA512
c3ade48cd604fa5c951c3a5d2dcaf7f1fc7ab3420dd553207f24587d920ec26b840ee4292b88730250c28d6ad8ae46ed379b0759f72bf87bfc79768a8f48efcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f3c1eb86c27f465de7d73f5cc1addee

SHA1
2a8b2c451e3d31dd6dc3a41b12c53fbf2562af78

SHA256
2a0246588b6742c752ad9ff00a7fa7d55e459958a1270ead9822eed59e364dae

SHA512
8a331d805a11efced18a8ac88d4888d4deba6057e3940c9f4fde53f4dec50240b4096a972d451fc52a435467787fe9413aa2619ffcce193e553d8517118c008f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3599443eb69f3e1d8608080934f85d11

SHA1
329c93bed615a806051ee17ad0dcf12fc08cf794

SHA256
92cc9ea29abe36cc1d14da7fa31476b89b28542005d3dc94f69136bc3ecd7653

SHA512
403acbe056e758d346cea4da9e6433f7d8857e2385d11d5bb20e23bb8782a93b8903c0d5e2f41d5b79e0fe431f9ebbe51e00a08893c658f79bea179b6ebac122

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8d26c5de9c4194105fe9bac41799794

SHA1
0a51d9ff9450507fa5817f7b0d2902caa3191862

SHA256
d9674c2fae444b5f82d610d788454f7cc4f24af8b616bdee12059a8bbab407c4

SHA512
ea7d5467540898e8b2a3d8534dd5e76cac736108a2576eb15e23d0344ff600e9c91c6d60132a34b4acb8500a5866fa084c0206af631d8549453e32737e92f13c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61a3d87b0c39bfa15128f5a20c440fa6

SHA1
de1b87f16cbbe07b3cd71e37910895f4244e8345

SHA256
be8975383a49e16a21f8907458500d3396044fb9cca0a425c5de170117d53150

SHA512
f30b3a25f81398a1a3eccc00fdc0c4003aba46ac11fb66e0b9adf5271161676118b51c8999514a8cc103e8528f48f32c4eeb964b814f29b268e715c217895616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a16883310dcde84e83c5ee6205c88c6

SHA1
b789a34a8eff21f53571d46230cc866555edd48d

SHA256
b08b8d0d27e1bf29709fc00cb9d229b5e1f5abcfa4d8e16421a5e9a01636bfbf

SHA512
38b57387181820c390fe73a6e5199ca9e4dfc95cefd13e7cee64445b61ab29dda2a2d23f52f57deaa73d7711164425a1a55f5285386812d25e27a3a4dfc40fcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0dbb14ded2c6a0d6c43a4dc2f1bf2c1

SHA1
9744287c55e967d33ca632af38a21fe4152de840

SHA256
f8a743682ea4e216a1823cb7d5563962661c596e07b0adce01b05eeb410c9d67

SHA512
803588626631a301337a4c46d8615ca63c4cf041774014f8e2211d1a797b57205ca6ac6f457a2c0afefa4c141fc02bac239b53e3bfec4b1c0e828090dadec7f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57da0310a57fd2b044ac1463bb89690d

SHA1
bbb8c9d9f935473e11d23cd2fe235132649da4dc

SHA256
fbf9e39e4563a0a985e8496f681f22f66b6bd7a2b316badef084807e86e1f835

SHA512
814fe0781f31b5439ed3d7a6cec7b45b147cc10fd683daf1ad8f23b9c0672316e6ce71cd5e9a86f80291534828d1c1b377c1b3f7d0dc271654b870d5263fe6b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52a7de2ba7d282049cccc2b5178e04d5

SHA1
1ccf51321a9b823d321fce958bbd16a58eeb2c3a

SHA256
e147b05c9ec4f9534d3234044bc150e568dd0b7c97883d6c4b6d66cee199ec36

SHA512
0a8411d3805dcb959ce3b415959651fb7ce2f848152189dea21d8c243416dd0b6a40e08d77e9a7cc63835eb2034d47bb908cf2e4bdc5a268a79399fa56fbd601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d850fe18394b9d85bcce3099142de7d

SHA1
87e2dd2b3d83b0ab060ecb2d4c3f69444524748a

SHA256
db164441c7f22b2df1ca819592699d45b7bf72cd5c01576f99f8ceee629e3984

SHA512
869e4830f5e54c657f79b9df5a7f387c3f3d45ac1baac521299b66c1b9eb04244d6a58872718b8eb34fe1eae913e9d1e5a7064a13c5deb432792d164bdee62cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4327d0de78d0fa762816a873bb1b0f5f

SHA1
c78871fa361b0bb52b730e6f677defe16c6551ec

SHA256
34e132f9866235c36047c84f6614007e3368811a6ef3970dca531c6c9a227a81

SHA512
3ed40b64761572757b11f3fc7260f02e55a263469fe90d75169c10e7145b3a04437ab5a01de13a4574603f1029c6bf94d909cf95455a5504f5cae72d29fc75aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3dad963109a4273ee1c05cf180becf8

SHA1
7b5a969f2b87034877cdcc23e6311820c88ef328

SHA256
542ed0b0d999615987a8de78a82888fc614ea074408d06d3915cf5f46ce2252b

SHA512
a058aaf4a1e5958a16203926eb8a60c58338328475719ab404d6052803ae9bc0765b48ac7ee0189c280503e3ebdc9995b4f0b42afc76f5a12de36ff1ae215a05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
542c3db390a6b91b91014f7286c7f022

SHA1
bf98e7387242be3dd7cec280a940ac52a658b69b

SHA256
cec751d673b1b2f4b064a489f55cadcfa104d97a0c68dcb75593616624659470

SHA512
0ed67c68acad033ac7bfec43407bec47601ef34a9891a9c6bef761a715874f11d27c72bc5107d658b8b7624da36d172ac6b9c5fe246ce93b92604d8c870cac84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d3c4c7f788eb653d62c951189883a76

SHA1
900f5405896c75fff948577bb3a83a69fcd9e381

SHA256
8af943c5088be03b8674d0c18405a34479bd52d118b52bec840a88333df66bae

SHA512
2bf219cc81ce3b959a363b5cfdd34b4508e4654bae11c8804ac5b4f581880923a9b4ad7d895a40f70747ddda1dec326f8a9a1946b3f21eaa3db77df8e467e147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c94defb608df216e6a9cfefaad2e701

SHA1
a86418c38597db6375b92d712ce6ddc6fbebbcb1

SHA256
93999b396a97c1209779ea9b6f5e76fbb58aa11cb08aaeedc93d3e06dcf359e9

SHA512
11a3b0adda207cc4067db70e06b531f837f6dbcdbf4cdd7ec5443cb8261b47b78741a56ae6af5c4f2c171716474701f824ebe9e352913065365cc315dd3613a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fb720ba28532222e2c3ab5b67d8b6c6

SHA1
33f75914e05de5f0024cb5ba0f840d5686aed1b8

SHA256
5dba98174cdf4574c6eddb3f88c5810334483b96b8f4ac7c4aa9afc84dcec148

SHA512
fec610a919f4f47950ba046e8878f3a82e76e0660b28df7f96096970f9d09defd2d7b284f54cf0c27a8f412849a6f8135d94c8920f91e9dc4e5da5463d2cc66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6DC3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6E84.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit