2a743b1540bfc7ba676fb9ff51fac848e0d84a1f991519b86d5adf78644c4056

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-01-2024 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

upload/dbquery/language/index.htm
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000ab5c43de13fe39e3d48c48f92795187bed360c63f7ef22def2a1029373a03ea3000000000e8000000002000020000000251eafc88a0ee57a5c3e3aef1dbcd30710eda4c1ea29baf47406100a32a127f49000000076b2160d02e7a9f633b032c97149ca15ac4a357bf8f011c2fa29f9406513a67c49b816790b404bebdedbcfe52acacf5047d4ca914dc0b42ade3eef018b7960d50ae91b98182007708c5c116329ce70e1679aeeadb4d6098503e2457c3010fb53ce982a5d5883ef90485daa20c21f2429b3f8fa1d8c0785773fae6dc461a0f002493201c00a9f2b4aecc7a8a95d9703df40000000b4d98ef3a462cc9c08043a7b9312295b1078ee8ab4baac3a2a4316b5f07339658c69a97c179175df3cf621e6609201aa71e43bb63de825f37e8fba10a900b2df	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE7E8A81-B8FB-11EE-9BDC-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40985ed3084dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000e54452c03923120e7b0d4435ad3e6ae294fb172de6396bc66d6d4aa2e2adc970000000000e8000000002000020000000858a3f12517a54c436f8ee72d3de0c44b4d9f4953cbff1f4f72e492483510d122000000080990c8d5e6321893c67cc708ed9695c19ee404ae37f0737598f7bbc4444cb6840000000d106e3fe7ad22bd43daf69bc8a89764915315e23b24e1c41fe71e22c9046609e68532623d403be350821d62a72a7cf404c842191e74f41104f47e60107553924	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412072163"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1236 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1236 iexplore.exe
1236 iexplore.exe
2288 IEXPLORE.EXE
2288 IEXPLORE.EXE
2288 IEXPLORE.EXE
2288 IEXPLORE.EXE

pid	process
1236	iexplore.exe

pid	process
1236	iexplore.exe
1236	iexplore.exe
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1236 wrote to memory of 2288	1236	iexplore.exe	IEXPLORE.EXE
PID 1236 wrote to memory of 2288	1236	iexplore.exe	IEXPLORE.EXE
PID 1236 wrote to memory of 2288	1236	iexplore.exe	IEXPLORE.EXE
PID 1236 wrote to memory of 2288	1236	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\upload\dbquery\language\index.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1236

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d3f0eba2b325074922716d858da4273

SHA1
e3ae5fdf6b2fff2115795df6ad649cdc706795de

SHA256
7489b3ea483bd39282182356433741ada62af991b7f72308e8d86b9d1e341209

SHA512
edfe6f82bed3d514859026b04013ad07de8494ef64d41c9fd421466b506cea445dda76de8f4d51f2af6d1dc8d66826d015efdd70933713d08abed547c5c89ca6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54778588e07670158941a06436743344

SHA1
c91d6897cc462a0f9d5f611b2c1a143ec45d336a

SHA256
b6d533f94f8b916c91ef95132a6e6ae732957d016d793b92068c17fd9b0b4900

SHA512
f069d657c151055f6b488ef5e426407cf0b747d852db378fd30531bd19a60c2ad7b01be8322bebe5d08924ed1a65e79dfbd001409dc068055ffd5fd62b84efb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
065e66a6fe8e4fce8af95ba317738fd1

SHA1
0fdcdab87ec57aabf77963d867b0b9e73f68e1f2

SHA256
33a33c4e3c8e4e1376929e8cf3b42f371f223e58340424da353e85b80f399adc

SHA512
4364cc797abff7d144db54b7d75f4da5d77ee12a4bbc1ff847aeeda74aa2f8d7cd22a54d2e725df18e47c95a23f7d431fcb795e1d10587cf7b567f1e9cfa7724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21dfdf21d15c203bfda2e6d9fa838a32

SHA1
af2dd34475fbdfd12aab550150f54f08e2083a8f

SHA256
0d879600e908941ace13ec1cead6a7bf61f43d7b2b84c46ed20c24e25546ac4e

SHA512
1f5921b1a194fcf2c8efdc293f90a312dddd2f9cea26891764d433ef4f1dfc6e61a817212ec08d9ae46b05ae2e8e3ef1d5376f4f2249dca0072ed31dc4c4137a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0762101bb08e87cb743f94acb3123777

SHA1
cdb0357bbb2192c5ffc1c644e5ab6c8c7c8f1f79

SHA256
e8ea0a2e731f2086e0fc0c477a70efacafea059bfe6d29b8ce02739535872bd3

SHA512
16f9e44784b1033b900ab2032e5ea81e751362cbb7f7d2f29c5121839ccb1bedb013c6fd13ea9cf4ee347d0f4e868e0adcfe80f99323c58207cebd93e163f3a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f684d096cb3b3b9798636ad1c329b35b

SHA1
d365a415c315f04c7012f50495f06722617ff0d7

SHA256
7599e1c3c22ec4b04a0616c3f81049e33f51d078f17a70ae32e0d5f2ef31e307

SHA512
6faee1eb785815d2195d54c520fec33da0bec5d8407966e49e2af7a75a4ad85e18d0f9f0b2d10678f165804f65278970bfe2262be158ea8d97149b64f50fe81a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66835ef645f6b17003029380582cc221

SHA1
ed8cd1e12b2a564c2d4a3eb8087a94f41b24b7d0

SHA256
a00feef8dbd91d075d64020575534dcebceca72d9f3429a4e152e07a7a0fab63

SHA512
515d46b68d2f61d10970de7b9f0e9ad2cdc293dc2987fd468365e7e611d005f966488ca877a884a5ab4147f6c16efc152d6e48f9ecf45f47f29162732cce147f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
947beefe295a8c3bef459ffb0fb5bb29

SHA1
b130838afda9368f0a95a9c4f5c43f2798782ff9

SHA256
aee028e20f6fd1b2faa65fba19714b2f71253882a94d07baa1303909aa6c558c

SHA512
56c08788739ba7a39b98610de4a25ebae665dd72b6de16ab7532a65a2e5c0233e81f9fe99cdafd7108bc1500c1b513c0de0a5e86ef6a850b4fa4a5f6c539e28f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74409a1a43ba298d5a4d0cde7ca42876

SHA1
eb9ee2779d9411fcf3a6d2e5dec5deba0eae964f

SHA256
32e0a6c1fd4863e8846c305d289ed4a54e309bedc64614d8ad372c7cbf67f25d

SHA512
0d3e379bc06f91af3664ad12bd5108d4516c2a40a811cc3b262597cc6875a4f8f57ca014c561eef39764111ae673ef3ac8b9008638e1e3d3c16a88ef5d372764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cca90bdb17d4b33d6ef29dec07c53275

SHA1
b941399cb4db77ef84e938d61e9c22211303f1cc

SHA256
3f217c7232cc15c9f6b884df6b3e02b0b171c8c022b9f18e63e03c7713e95616

SHA512
e3adfdd0fc994b49a77cf2c9c111d2184b90499ce9a98d2e5d707d71c9c5933359a93b1d20750c3839a9fcdc30d5ac86540448e3ac6598d50bd9791da505e14a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b23bef76108554930bf676c6cc3b759

SHA1
80abf88179d57c1131c90849bf3ab1bd60ed8ae6

SHA256
c08ae8ba5422105bfae327d53ccc1e00a81f15ad049fbbc6ad6bfd8a1b6322da

SHA512
92bf2bc2bd03a3cf9f40ca9b485690233f6b3fa876245bec86a1a633b4c7c1e11dcfc240d1ded7441e449e6ffa87cc089c1e93acf4efdd9c43b220cf1cca1cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc7b25581394383cb6a293bf935da51b

SHA1
9ed7225fff0cb4a2e496570e0fd7cd9b63eba1b9

SHA256
5c8552158374efa987787e65424d798ef3622f9a7a5e0877ab62579c119c63fb

SHA512
5614d27e0b90693d8f3036ccf2b83900b2aeef7e5d4482a918eb49be7adb883ae2c9abc2633db830c7919c4346293d1396110ffa455a4150970c7ba604237c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2468839e9cdb79e6b8129dded2757150

SHA1
6434eac7c22aae888611fc21b40f9e9f60393210

SHA256
e817ddbcbb391bdf734c9d917cdae5d19a3f3aafdf586e2e532f3d29d927f847

SHA512
01e79b51d10ab7e8bd45913a6b1040e11856b4bb4b24cf152dd1c584b885a25a5e3f456d9708e51d881d090d43feb2e122718cc727b0f2a8324957bb0579eba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9adf4b7379a908529ab532be36478b2d

SHA1
b6b60201c121db659d6baf2996e9bdac780950f0

SHA256
ffad0c153c195f8144e789fc840e39cb1c5969eee0829205b1606e155ad6b377

SHA512
5a432a8ea9bed26b4f83f383df8f310a41d986ce509a4ae82141bf97cd4473b7ef01738111a64f687db335b92ff2d6a45fa688c41cb9ca8cf00f34858bdd86a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4894373f01ac310dfb8d869410e12d77

SHA1
967988894132d7852d4975c0297258c65eb4071d

SHA256
b1223699a67c9c269d4acfc89de3ee2435505e09ee2b50e595c6c05939fe371a

SHA512
08738f7320037a7011788c0bb6de1a659df331d6af1922e7c8a7a93f993cb4b41f5a304d557aed76e2c272f868859ea46bd689c2cf6029e09a95452d0f67ef6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0414f1a41f8eb09af5af3d9efedeb30a

SHA1
dd56691e6917a9ad2815abd4c6f2ba6a080f0429

SHA256
53d114a196e95dba4715a85236775f7a44bbe247022d8c741a8c3467cd4dbf89

SHA512
97f98a03d62c7867922a91f26a62b79c27e6eef36c134ab15c52fbcab266b8758dfc7bda75f520503ced2e8623408deb3a390c67f85cccffcdd2616d9d322037

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e7792f0f84465e9172b8e1cb775ae10

SHA1
23dbce6d5c3e76c7d980c8d40f0eefb395e42ff6

SHA256
5326507685944b77220083af5876d2a79d084fdd550623273745f466a0662ec1

SHA512
e6184abfec95b1589747cd1f6ce3242a7f7a8fd81478b9e6847840939c58b6fccf02dfd1c5908659d87ddc086019fbc7ed960b87905fa20b2abbae93db827aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BC8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7C47.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit