626bceccbae4b02838d2ea21c66551beb9aceb3d729c8a2fbd4ab7afbc9ab0bd

Analysis

max time kernel
165s
max time network
255s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29cca86da8fdac64762814690bd1b219.html
Size

432B
MD5

29cca86da8fdac64762814690bd1b219
SHA1

241618ffa79b20c441637a021095fe9b09fade24
SHA256

626bceccbae4b02838d2ea21c66551beb9aceb3d729c8a2fbd4ab7afbc9ab0bd
SHA512

573880c127da9f1266d01642848603fe902fee99b0c1b2764e76676eff242063a2b58c6ee8b9e39d26e59f997da92ad4cd384865ca5199801b3e3197a17ac3b1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{121CA450-A943-11EE-8F35-76D8C56D161B} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000b3b948011c19bad6933a2150d2c92230e30d7ac10dc82832fe003ade0e739a15000000000e80000000020000200000001a7c7a9d7c7eda0f0ae8fa274bef100c4261039a75bec15309aca0d92ee72e0220000000c4a52dbd141b1f90500d0c2b036e8e8adb00b4371928e5de7f9e898cdb4f065a40000000ed0282da91acf8b1251a097872036d6a8a1ebde07417a389da8f27cacbdb0cbced24da415540b2822711b8494c40d4a092c81b75b0a094d9bb9b6723540de9cb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800a00fd4f3dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410343481"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000002e4178dc8b677de54cdf85c23865c16d40b0a0653dafe645ab41d407042f7750000000000e80000000020000200000008b787e850b84c0082dc08fe2c245d2b53863c6e9ebcc76d748645d8d6684cd8a900000005e37a2f071df254ddfd0bdc68a7558c568284c5d05b0b28958c314eca436b50b5baf684278d51b521247b2256e5cfa0f4ee9f4f55afad669934e6ef8175356ee7781898f56308a46eac2a3a9377326551288d61cc2eb9bd5735861285fb16d53ba26b5b36bb90b9c27f308a463b59a7eea3abea556d589608003a11fdeb784afe3fee73120e04c58b218a1096d3fe3fe40000000d2c76aa3939ad72027534b75f285d70e334495f5fa0f308c0cab9db76c060106ea4784b9783077a425ae181752d20507ee5148666124680a9f000a15c9cfb210	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe
524	IEXPLORE.EXE
524	IEXPLORE.EXE
524	IEXPLORE.EXE
524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 524	2224	iexplore.exe	29
PID 2224 wrote to memory of 524	2224	iexplore.exe	29
PID 2224 wrote to memory of 524	2224	iexplore.exe	29
PID 2224 wrote to memory of 524	2224	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\29cca86da8fdac64762814690bd1b219.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad994da14978b8d79852df7aefee1276

SHA1
7d87d9e2cb2dd89e8bb9b32a4e4c54a04d73548d

SHA256
0af65b5a401d465ccaff70e9aa0b89583d7ce4c836e879e569e175119c484f8c

SHA512
96f36925a2949bf4bd5b665669b7261d91ed4237e2ca6cc197b2993337fe8d60fed6b9c919c77f6219d96b9b4139d341008ae84436775fcbd2ee9571c35269c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620d21c402b9ab461c716e2188db709a

SHA1
08a56d848395cc88fdae7da1708f4847c79953dc

SHA256
548b5c0eb73f4329fe9c0ae305d3f31a6876d10db09f889afe85597000b1b44f

SHA512
d697d317f849043be3b8140057141667c6da61d42f9b27d857b0efd52615b1436fe0f9af74680da800bce579c4b54ec575eda2e90d16cadf3c08cb96eb4e4f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa4636f160e2f599b1047be515062859

SHA1
0e526da5c5a9988d32cbbbbaf07c934a072fecbf

SHA256
571dc019cdb46297f87bbee2b4f6bec33d908226aa6f12512c3b7e4e06da2804

SHA512
2bf3dac2c043ecb4c6005d820f0bdc4a881fbebb5411cd082a0aa597f4e96e2264e6778effc798b737c84f578d7e79b2ea0dd8b1e61b873f029a9208c422d0c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f953258ef22a191baf4ebb723dd355b

SHA1
85b1392c108a807680c70045314c694b4f8047c2

SHA256
dd26d2ccf514a7a2e27c801b120656d2c7191ba8cb6776a2ceecf1ecadf64037

SHA512
3af01220f6ef13ea4e307ff424fe94756f186e1fc800186fe64aae2cda072a25664bbcb1fbc76add583061dd5b053320ff594075c4a477cf4eeea7a9cf60a77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0e45b3537b90fae1b21f97f696c5f89

SHA1
866f26af32399d8bf1196959c5897ae9897ffe9e

SHA256
8d34400982e834420d12cfbf95568ffafe2b0848f48d07497ebca48546051905

SHA512
236db19073747ea670d93e37c30872bf3d9dcea30607c2333d3e87656de05c28cd439f80f8b61aa2933aa2850e890833b8a8c40d5d433b39b2e6a02be44df52c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
982e67f8794ce682593bd32c41de8f91

SHA1
2388cf8abdd7de6cdfeb8e00dbb5a1de0aa5c4b4

SHA256
509e85f8faf3d2729e6bca2cf8aa4bfebacfd4caca3811284028347e1a07c788

SHA512
10d2f26ddaa7c4dc5845a62ccd63ad5e9fe78b2b9ed9b1833ad530f053f00ab4e737e778ddd7bb65a3110574e4cf56241a86e6b27e5c45c8f560402f3922d2aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e05378be642853749695dcb0f33e5a5b

SHA1
9191b87085ef8e42f1a3075198d7e910cc0d3a5e

SHA256
3638be81820fc0037579caae8b49f74331ee923bf21eafed487b77a5d8628c9e

SHA512
d211953c57a1bd5116d442297486a50c74d9ddad6ebd3a10f529769ffcfb86730fd55c786525fdabb445e7642f9d67ccc536b91ca272a839ab8c219094c0cc84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
518ec3f2269405eddd6acccf00e68a47

SHA1
7514def87b0e6f72715d4de7accfd2b67bdc085b

SHA256
1344a5f22b3016e30d4e4dec2369031ba25b24f18cf830c85e221035ff686c8c

SHA512
fe90cf45b1e83e877a3957a0d507ff3363104ed5158a41d438663788c5f76bad46cfe6428ce32c3ce953054e6c33c198081ae1f5e7fa24e5837d6bb6c4727582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17d7af324d74cd452c1a516a9ce4bc2c

SHA1
415cf51bf92e9e6f57f077350aafc394815e9447

SHA256
f7a55e16e21566f5e2d6aa06a8d2a455a7455b99f600e877706e0dba17e04205

SHA512
5606f69bc2de5b889bf0291b6b7b91361074ef92e5f99eb4b7e5666112bf9196e7665a6bc87cddb2c4d47e48c804c607b0263425cad2cbc071aec536a21b7c05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1e3bacb39ed0520924930957b029ce8

SHA1
d23ca77628e9791f054641faba827da9b22763e2

SHA256
7f6cb24b5a5a0d27f21096aab020a5e41a537d951311675db16c9bc8172888d2

SHA512
ea2ec548efdfbd2ba431d6153df9fea05bbd510edb0bd5e44b2a9dbf1286a9b2c9a887df706b060d33e0b56c010d0e3aae47a7a991027cb993f31974a71dffbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de36c97791f615a0c32b4ea76b848a19

SHA1
085a09a58d393ab4008ecacf710c00f20d784294

SHA256
2d3c33c91e72e42106a312748e27935477738c333eff71e0d45a3dddf65e7d35

SHA512
8a671a4b32899ce65cc6414d90a003d5b73d4662bc5c10190cf12283fa2d53d11272673744cae7b588733172cd47d44c6a7820026fc794a521f222239a0f4c22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54acb0f6a439e4b157dc3d490402468a

SHA1
a6b010a490daef83bc2408da488564e56e524930

SHA256
08515bcc16bc22b0ae4f8dc139ad47df898d77ea01820051c6b4855d0f3b8447

SHA512
dc9c107c9b03da65216a57427d4aa332c1e3ef456388eb71112084f6d1beed408c4ed9a9c8c60612259a74a647cfd2ca1fc8105ca67adb60136e7faca84d5b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
bbd02e8295aba2b1d90a748af5d5f0b5

SHA1
02176479ce71687d2f449290a50e99f57891e8e9

SHA256
34d4f75487ca18fe3eaf1f3461894c17b1952d6f662fdd6003b620e6cc90f829

SHA512
fedeecde091a19ed9a1d96544d7013d12d88e00d7d0ab712281296f839c873386773d030d1c03d6f1ba85e5d81ffac30569de0cbbccea52426ac59828557b5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

Filesize
5KB

MD5
c64f71c3f330dd9795c21a3f53436a0a

SHA1
62e51834bc06849224a3dd4c9d764a11f0964015

SHA256
7bde7dc7fc79a66eb6bc6301b4b6c87d6c2c01eecc78048b3432ab36fe8906b9

SHA512
b90e46c02256d79b8d45e8f2f252aaea72442f0c0f41ab974b29882838b03b7417eb30968474fc837169be8c410aac880c87530bf8efa5adc55206613e999a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

Filesize
2KB

MD5
821691eea08755195b1d5eafd36883ea

SHA1
37f9b5232b618da7adb17aa094a602e0ad4ffaf6

SHA256
9cd9f2db7237db5cb5485bf945d74847f9d50c591a5648e42e56c2b76ec1e4cf

SHA512
5f3390ed10e3ab8f48be2452ba2058dccf21fb6c14be6005b492f35acc022b3c71dffb28cdf2c8c4387c38f1c40265b8ab21172f3daa06134c9d1bf7d74210ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTTGCPI6\favicon[1].png

Filesize
3KB

MD5
a75c230f34b9296e6fdd8b0b855df5d8

SHA1
e0b9e32053d44532fb4e8bb55b54c3211965517b

SHA256
8adba20b1dd9747ec8ac6ed5a26a8dfbfc7ab82213d8051b76ac771c76b87920

SHA512
950b94afc397ac760f38f4c68691bda6b541832e1d23f496e36568def2b9f9dcb6984c6a42ff6b5abef0e19b76c37e40baab22e9dcc9360091b609333029b24c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6BEF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBA9E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit