hxxps://vod-ntx[.]com/

Analysis

max time kernel
133s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vod-ntx.com/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000063ff2100d39981a941398e931b388dac61348defd964699ed35d4963c38fa263000000000e8000000002000020000000f55945c96906261c1fb81a6c641d320d99326a1afa8c765f943aae4b0ee9c5a0200000005987365d0ef78fde2f92b6ff6f5ee352974d33f5fef39a4b7fc203e76a09b6ce40000000f972a082417917df598b54e5bb3e5ea7b87d896adb1f9f07d9ffec172d341263f554e429f3219bb25e4d4cf5031aeff38fb371d8867ea55320c5fe9f07f81ab4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01f092ba44fda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000ac4fdb7a58c08cd18d33feb9a70ddba87b03ab64ba9590bd88bc2c8ac344e3aa000000000e8000000002000020000000e0caa87a5b35a80ba82f464764e13f820b5165f21cc1c75bff6ee5e0be8270529000000004db9c408faaec254c270fd0601abfeb6dadc12ecfc4f48acbb5b0687249cf55813b3bb72907b2759cbac109252db8c43525bac450e1f176fb83d2474960e6d3f5904cb821cf6a2a5e72992f8e1cbf00dd892eed9c338841f0ff44a79db6fe0098df06c1df854d8fd0ca497d23766958609a54c0aa0b69ca87f8cc8be53921a589cf16477165a91a5c60722282b2e55540000000e9e698f226645d1132b1bb4b67fbc495b0cb1b74696897a00973d2497f396848f93df310f5e0115756d975bd9d74b19f685831a4610e1b8d741e406f4f6f336d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53ACE681-BB97-11EE-A4F4-42DF7B237CB2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412358778"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2896 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2896 iexplore.exe
2896 iexplore.exe
2724 IEXPLORE.EXE
2724 IEXPLORE.EXE
2724 IEXPLORE.EXE
2724 IEXPLORE.EXE

pid	process
2896	iexplore.exe

pid	process
2896	iexplore.exe
2896	iexplore.exe
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2896 wrote to memory of 2724	2896	iexplore.exe	IEXPLORE.EXE
PID 2896 wrote to memory of 2724	2896	iexplore.exe	IEXPLORE.EXE
PID 2896 wrote to memory of 2724	2896	iexplore.exe	IEXPLORE.EXE
PID 2896 wrote to memory of 2724	2896	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://vod-ntx.com/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a81f5405c607ac3b37d67259dec891b5

SHA1
460215d355f1793d781c1e8ad3035feb89c370b9

SHA256
f8229354bd3be03eedc5a90b6afea878c9f253aabe4f5b83eff2442fd1d86f65

SHA512
0558dff44fb0827764e91c5f08930c98416d99df664d1325420896cb8b653d65ef9c2eb47516a6f2b3e59f451a8c94567c2abed1d90db68f67228828ef435d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
208a46ff1f6b23681ebea18afb5b46ca

SHA1
c3a149af895759e61ab980193e10e47d4d10182c

SHA256
e77e2dbe23b36e25c8a606684d648002fc34958b0b1449228170113aef6334fa

SHA512
016b999b96bdda349bb7b4c6cd603eba2136efcdd351355067d595bb06986c516969749706dbb98b598d14af96cdd576a52b1430e17ccab842a34db62d1d63fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c34bbeff811c2596dd47758272646f9f

SHA1
b8322d10c32065492e95e62be39e56250f007971

SHA256
003fa5c04e40625c624f7014a175e22828a12583e8af6b78b138f61a857f555b

SHA512
1b2881e3dc67e38314ce4f054286196e5b4335350749b6d90f8ec343721fafbdf1d59910ff42ae371d9b4245eedcadd33036a6bd42cf39913b9d1bd11f7bd36e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0a372ac9d9aa30b8cd9508084136951b

SHA1
d872fbad93e7f419e4bc4355a544bba66770ebfe

SHA256
72b2f3a4e7261a2b5a5b80a4a1c42ee9c53a8a8492730aed504f3d95a77fd5b1

SHA512
754d9ae1264bf0c586633b6927333f78a47cd044608c8d53f831a447c13a0b9226451a68295bf27136ee7b09332142f62538682e5e7c1585e7bb3a1b548eb856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1dca572fa19750f4313e4204fd7f8087

SHA1
6bea3c004021b33d0b57bc044b936469a43b8960

SHA256
ec3455fa394737ad6b2ef19ad5a8d1c53d2614b52e67bbe2b52c0161a48f20c4

SHA512
5958865364a6d1e9a3e97bbecae37860306ad189e8e9701cd1c335db9e9ac016b8582ddd46106d505c8714e85611033307214e6cf5f34fc6ce2c7bedf2f99148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3a7e36900d96a7793f21e75b590d8d55

SHA1
4c490249696e331556db4b466cfecc8f3801cae7

SHA256
58b0189bc5be8f979b2774102fdfc66865fe0a037f3ac3cc4cab2b180a883e2d

SHA512
0ad474130973ae68b58b573b8bc2ac7ae8f9ca53cc29fd69c249699fcff038b1dec3b0a46e717b996716338519b4a4e3c0dec2ff3dea2006645e5a8f6430a956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
48e6224dfadd65e2e3a74442ee3dc9f1

SHA1
bd3ea69cd769dbfb774a3bb37b6c673186895000

SHA256
77d69b798de4dbfbf19494967f2e06ed17506936ec7f7cb7a4a7aeab0403a84c

SHA512
4824b11c1862479b450897b07188d1f643c209c061cd8e2a1245b6e60bb4e60b03279abe18ff555b5c6e1bcfa12c3370f531e1db699cfeaf0693fc244bf0c05a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c14d2df7892da5b1d09efd8f3a396f85

SHA1
7dcba62da146d3608e2f50a17a758eab02e993e9

SHA256
a31651dc886640285a4406efedecb8078f74f9d8108f02284b0168306b6cd1d6

SHA512
219312a1bb40744c1a5cf787de1a4cf2cfe8bff7e6b028f3e5e423823a712605ea8fd9c2e0f002f47dbe95001548f9ddd30867819ca8bbb72dc7d8dcc7029240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4e10442efb9f879d71f8e10403e1064a

SHA1
65e611f2e37a938984dfd4ec943b8a333974f66c

SHA256
cb4d14a534a41e0abca39212ffc6cb6e763f69bcee938a00238ed4e8b09acb51

SHA512
90bc6e7b698c9559261123aaec15833f4587a238a0d60ad1dcd0400e6a38fd9862b602f10c376a8f0071ae9e60a761fe9a44147211f4b5fc6d3cc630c9aeef71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6c0b3e80e582d544904693879bf00d4f

SHA1
129134663dd89d53a8f1f14a8903e8328d8a218a

SHA256
eac7992288384ba457defdbc81cc75a824965a1b2b7dae3f2579ba2a4c7b89de

SHA512
3ba17c3dfc54b93aa2546a02d048354c36fc4b1ad8360654fd653f2acf6f6e153f72a87cebacd99918ce300324f40275406d4ab90e00264ac2d64c5a9bfff13b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4bb8bc5d8f7ae8c53b8b53eac84bcc74

SHA1
9dfa280c474f5f8510b58b98759df16b2b4bdf05

SHA256
f0727a85521fb07a56dc9bb28318c0ca0123ef4e2f645b9096982ad319957559

SHA512
9c2203ca1c84b6ba11f9e86c4c83c23012e7c9f63ad26454e8787b482a6f8fd6e693122ee116bf19a12449db2437ee9881ca598152ba632a2d4bf9a8f57cca5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
621675b36219a8504ec94e1460d1c41f

SHA1
b84aacff9ab09da4087382448e8e901d8d48767c

SHA256
c00cba7310108db28204f74edfe6eb60077aae0fcd0ebab03f45d9d4d3135bc8

SHA512
c88dc6f2e409dfe65d99e360a476e3c25dba49e8e46fc429b6db57ec7ba40be66696b7e0a2461f51b6ce9f491765e6617ed567aa4933ff9acc48d95f3ff85956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
770febd4bbcbeab5061e3ed0437c73d8

SHA1
e6ab7d2f8ba8c7005bdf7af81323d3727e7d0b28

SHA256
2fa10bf75781d937622c4915847d81bc41ea7bd166640c6d0e55931327c5f5a1

SHA512
93fbb3c7865cbad1d0a9dda9941b9f4ab8e34f5c61eab531cf41e36bdbb2027df455f9a784da68d0d0fa4286b253579f6137a22f95691571e3267c5421241e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fe08f4ca300739e6bda134ba2d708819

SHA1
963298e30bd5711474baafef4fec171410329ab8

SHA256
896905c01490c46fa73a89c56bfd18ba209c15c650d0523de29bd56b88472cb2

SHA512
2562a905ef0c507b03a8c343ef3b77ebbc61cbd864f06c0f3b07cb4fdd41134a637e8ec600f15aa20ddea803a55d59e9c3c03444ab611dbc53456d9b34beb1a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5bb17f122ce54979fc62772b548178a8

SHA1
9b70f9b8c2d4064a4258759b475e4998804a0061

SHA256
c7b7d97d7ea8d1fcecbb05f2ed4a2066e49a2e24f032b446b6444b72fb3a370b

SHA512
4eb14d0bdb6b28ceb9ff697729f423219bb8e69ab35fa13987c5d8895fb7e91e9e13afe6a6f16bdcd78313663002bd14e22bc5fae6a441ec24c1fe4e212234db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9423741c8dcaea78eae81a700f8bf1cf

SHA1
6a7d3ba5846cae6fd9f341e45ead2daf77934bfe

SHA256
39452f1da4984f2b1bca76f1539517e4604bbc0e98705b7511019b37fe4764e0

SHA512
3c92c5139e3b6bd46b5f4797432782fd885539763a9aa5a90e5136e211386633db0848ae4e4ebef74c5b3d73d9728bc6d88f160015da202360cd7c2c3094dfca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1213328643d9af0e1ebbe5ebe267c87a

SHA1
eea11ce45eb2a258d15214793597a974ce0d3c1d

SHA256
2c77af069bfb0b310c8385a7fd1e2b91e7305c93552083db1a134843ae15ac13

SHA512
1494293d10cc7432f1f683a01ac25842059c52ff1ef02e8ff923f6ec31707eff5bb69c7f8e66ae10e6c662cbb16df8775acee16bec5d373e3f03cb5e578ff2af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b8a59d26ef03c4588c79846a6f47bd55

SHA1
169b11afd0af8a2e38643d4fd10dae50823940a8

SHA256
524f8385df04aa81be2e7f42809af4d85f5d69e42c9992a8d2ba95e8c86954be

SHA512
5f0e7ec24fa04d81ac92bfe21c25d6112e845c2e39526645e07022ab088b053494df0d5a0f8404a223462b7a6a76a2a97fa27e113adcdee1f525764f5e5f5d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
606bec81b7843f4e85d15b0f98e1af22

SHA1
f1cbad81963f3bb6cd035602b4a636d7a095db14

SHA256
1d01669a2cb066f42c98ccd15222fba0389a18d7488581c1bf9fa5fc6a695251

SHA512
122e448577495392caf9420c9338d57892d790314004d17a485e5e019d49a940b22dd7787b877e5754f758b203feaea805555cf3c05772fbac0875d612aaed47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab433B.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar43DA.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit