hxxp://142[.]188[.]172[.]199

Analysis

max time kernel
361s
max time network
362s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://142.188.172.199

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000a8ffb6657583806eb3196f86cb7c544654738ca67c44ad3d065747e7f8aa497a000000000e80000000020000200000003e5f09ab432a21318d04a8f8399e668c1128b830d6d803af7ba3e3012f6967fc20000000cf1340786853fccaf1f4dd0756e662e1c4bdb04524a033ecf3c65f6c0bb948fe400000006d9a666825e92655aacc9032f6f8292d4824ece98817d1b277bc266faaaffc0c0d2e03cb6be1743a0511a2363f59305ea0a354be3e40f68aa5ca13180eda930a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 304d71b1074ada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411741789"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000055120a928c74449c3daaceb2336f6e252391b07a27b3064cfe5d615ee681afd2000000000e8000000002000020000000e99dcb7ef5bbca9d74c8bfce180dbe4c3163007a89c87bcd64842539b076eb15900000004716efd2a64d5ef4dcda7a54e72586d5fdec640d621714b15ad07c7bdfa9e871f7b2290a46dab78e4794aa7fe78701f60da3bf7a7ccc459cdde22318f293dcbdc6c6b959e50d63c0089c64e20bd6116af1bfa8b6294f3f2922692206f99a7473b4def938a804882afb07aabe3f1379bcc70ec2ac751788c120ffba1c14b5f86628ee51a497e3a09920921391162279ca400000003675d8aeaf9d4cbbf9bb715ae4414234391e377647b00c8fea730656a8d9177b0bc141848db4dcc58c3a9bd1fa07d9938c35a899859ef14cfd4af0faff498921	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3967121-B5FA-11EE-B84A-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://142.188.172.199
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c57f1bb56beb61915190f7395378e88

SHA1
5c8dd44d4ebd1ffb035382b2a162d4dc043b8686

SHA256
a37ee4615238902ab327a3ca5e1af1fb3c155569ae0fbd2c396c1f3f6409510a

SHA512
2e4b7ec4b8d104727aa58542b5ed7c7f8b28847811c737798a3a691cb49a22d64b9e4ae69e85ec0a33351a71b8a0cbc6bfebd1f2fbb947087b79215108e364d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6e4f1dcf2537ba5c918216c2ba9e220

SHA1
56fbb25bc36c0ddf3477c3bdbe9aaa37efa4e7b8

SHA256
6a5e29028a3f70768087a758b41bfeb912bd8fbe63edcc49a3738f63f7a19533

SHA512
d23fe122ff225aa63693ef22dc99be6c14d416b519940efffec6b1c5fc1aedf2a05e6b45c91531d9da437e52dc1dc33ef5b15240646851a41629e03414c8d505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da651d55727784e9aa1013250f6b0d92

SHA1
f04fcf9106522ebefdb792ee149d57f64be4a155

SHA256
eb2557bc7ebd10738046daeff69bb9b254e9ed866d3a0a7c85b7519a00f0dc95

SHA512
a4036352aebccf3ae71baded5ae3fae1dcc27440ccc545c269bee13bd66b7c4cb8237c77d6866d9273f501d34f6462a12677dca8889851018b8934d342b6599d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8bf0d80d6116bb1d52909c231299936

SHA1
5dd8432039ddaba898c62c4b8308a7b561455e62

SHA256
f87613f968c00f7653ac754737d15d44be7ad878975aadc0ce0d47909a947691

SHA512
56214e7767447c976c9719ba31188c8af2d7d5968b0b9c2f6fd41ce41a17091ad0750830825cbed0fb213b757b7bfe402f0868a5136ed607647a17ef184d50c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
360cefdb5366079a49e374dc69331159

SHA1
1477774d03e7003970fe5758db01d48b65c62145

SHA256
8c1514f6f43383b2dd6c0e5fb7e7cf8be5458865ba139ec3d52fa8f7e43252fd

SHA512
07a335d32c2df68067c44bdfcd37ab526da40ac517228a2dddf0f93675608cb9f9c03a0756c317dab32f5f65ac2174d40bf34f144ae8aea22b18c553c36b8831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49812c8be0840e4dfb616d339c120453

SHA1
0e2537a236cc097567ff41cc5b933e85236ca307

SHA256
8439950a4a728a9e44e4595de7dfe376939e7ab732cc76e8b6e0ebf348006b76

SHA512
b2caf65169d8452088de93ca4f85b43bdd4c69e5277d3c423de147ba56f4a6aa5d211e55eade8d4da7707833012584a46399f54901c3fd9be2ad7e66602ac48f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e710b339248946270cd9c326fdc2861d

SHA1
969f567832ddca4c7a2edf33abd421ab1d5ea764

SHA256
f8acf7e5ef8ff7598565e5d323e020c08538c10c1fcb657b54c21c548ab6e85f

SHA512
beaa109801f6e390b5e84c99f566458170ddc4482a99c5f8df2ed8caf27b175fce817e46ea53389c8622a64d267bef62a3e7742a77d2e90bf6270a2d96d29346

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dac9d6b1f4c4f5699808c0d5918101da

SHA1
211c9b87c0d792dfed6a753bcc16ec27103c7446

SHA256
27e7df2df2d4fcb2c8126d54fcebe4151a94022761cbad8700af82d6b7f6454f

SHA512
cd0e1165b9f4ff7a4ba19f976bbb5bad180faac1d184d7fac02a9a85f975e0814bc32fee24fc3e0026a257d15a77085e0f24625296bb5bbbb645f627153d0359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f523d24791a487fbc6b233ffff957a84

SHA1
da6a08ed316bafd8c15d458d5dba47b5696543b1

SHA256
f374396cdd1923ad9f08831f5ba0705fdee3f7fa5d9d0d28f78362d95f2ed955

SHA512
6c8ced3a662407e453dd4d4bfc24006e6275229c46035c08cd646d6cc2571aca4a71f16511e68daf8f53bcab994c718abf4529438227ff19edb8ef43d27aedef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fa5d405d7a25cd3730a2ba2870f6a81

SHA1
70a2b7891eb52d877fec69514cf348a9fd623173

SHA256
b7bf4eb4ee71be343940aadb0364e0dc5ce8539d6ade73d1c93e3c845e2f2d98

SHA512
bee293b5847db6143f99b3b8fecc23d238451bab6f837e399c46bc5f2cf021abe9097196f4eb3652df02ebf1783d6dd5ac49a00e15fa0d5df7d35811395e7c9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a486223d5be22157750af3c995a1dde5

SHA1
022bcc585d36784edbe67125f5fffc7bb76ba207

SHA256
e2db444bb3a4148ba6c67b90399211397c6ad48c063121340623118a954972ce

SHA512
fdc356c73f1dd221d11bf4aca2879c17f0f263b67a0487cbc0b2fc13084ac1d42341054d7a94c5f9b3f867adbe038a43e3ee2f522eee7564b43b22208c9fc451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd3d3afe4d3340c26703c771f2d1ea6e

SHA1
f2b6bc35b604c5fc0b2772981a233eed983c9ad0

SHA256
8872c2834493ca77e04637036debc6eabf79c5a19700af336e26f385b7124e51

SHA512
c0daeaf4d5383162c79245aa4fe21f2993cf05ef8dba54b928e065da693895ff8b9e5ac0eb981aa75fca6a251a74031d19591d677c1a31cc1c310c0e5fdf2e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f297acea2a3507dc1178343b3cc4f60d

SHA1
6ace194df6727c53960865a6856bfd3419424325

SHA256
fe7e5c7f1f5eb9f7a2d1db4e1f6a10dc5d4eae48cb867f949b1720446a6b1af0

SHA512
411a2b5233b081b5293513799540edafefb211923f9be0fbbcd24957517cab66663e244909fc581c58d4a14fd258559d672eefb59774424fa29c128d063b8e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcea807be11c2d5cbea228213221300b

SHA1
a2058f20cd2ba986da3973fe6590ab720da73495

SHA256
5870d5c2a062437b68e4a2771020df70e3b9061a92df0641ae96b393c217b2d6

SHA512
563211ce6aa0c66027480d4cac11d4704deab04c8464351c187b8645162b7222d984114062c86b3680d0d1573b0606bae179f93c8646087e168409e17fff7167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5566708da32483ff410f8486edc4722d

SHA1
a5c66e4da9f867eaaf099d95163c4346d41d48bc

SHA256
bb75105b4598114b23c9b8b31a673820338067203f4361ed30c1b3cc31afe889

SHA512
632a36cfd55ef05bf0a4ed016750da9a742026e6c6217e8521ffd91e3a1941debe5805b159195a0a95432f85397e7502f0e5d8a81ec29ca9b6184cb04db10a40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d899ae86332e717410d11a16a6d04e13

SHA1
0dbf74e121e5d7a40e9f940ebdce5d063a54cd31

SHA256
eb1df3558cfea317d11b95aac00c3008cdd5c3b6df03ddfd9ac8a419f7001165

SHA512
6fb412b3de7c086c84fb5586200eb19219ab851451167dc5265dc0e8f0d4ed25f7a18bd5fe8487071a58390b4f70bf63ea5ae19d253ac1c100f87e6a1151f023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42352d45d710101d76316854442f43b6

SHA1
8f6ef3f278e8f824749cb4ae51c78394ac37120b

SHA256
c695c31e58e54def38a624d0ae4eca2c7dea11c686fb7a2daf24376d095e7c1f

SHA512
04d0c0d14da7d643f81b1d34c453e218164941d9f83c37d5ba3dd980a7e545502cf9bc674d66b3f24c8b7ff598add48db1e6d2001cfd14ad285044ec20c707af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
037a955df096629158a2abcc21867a4c

SHA1
d8244bd4aa5250d3b5c5be196cb6a6e72dc8118c

SHA256
83ab1f3e5138aaca332129978fd92a1ec44ca9c8dfcea441a6984c235aae3823

SHA512
f588c5e8e8635619c97e440d5943e16d2ffcf7d10638b2f5044c2a98968c4bdd6421e49535aeba2b56b4d5652690704a464a7e567e73d548493036fe98c7f4f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1226f4bd50165ee51ca8ac852d9a6a69

SHA1
45a5fce97c1e7149faf52b9d0e558babcd7a72cd

SHA256
87c2f9e25a564a7e462fc9053bf60b3253971ee0aa8fd6b5fc0507a075dca249

SHA512
31a825d901eff65bd69c88d73bcba3871a6bfbc54e97b1f98977d2f43de20057ef1374f1db411345f211ab2e4ad998869f523fcf97e2ab196e8629178fb16439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e47d6c9a606311f97717e0597fa5e1fe

SHA1
cc0d1428ebe29ac3443f1304c73bac7594f0a0f3

SHA256
8e7e245a98eafbe332c54f32edbbad98cc772c18d12459a5947cfe4cb50c0871

SHA512
c227eab3cfe69d0e915930b7b15dd9559bfd221ee1a7e6fd12aeee34f41e965fe583485a26094175eb8d0417c826929c9025ab7a9f9fc3dbd41eacc14a06a6dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF05.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF95.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit