e5ba2b00503d1fd1380ad0c4cc201b76018a9131725f531174de360f939b43fa

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.lnk
Size

344B
MD5

4c2a7c403e0c28333f645a363f606da8
SHA1

fe61f5e318e323fab9af329245e4bba6128aa5c6
SHA256

c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14
SHA512

8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000bf3d7729c81cd60a5c49b02c2aea0abf2fd994bd4f718529455cb1bb0b2f90c2000000000e80000000020000200000009c4a66f862315471ae723e9c71eda48e2af264644714cec22dcc5dbd21e6b81890000000dc48ff020b213f67478b6769ae78dcdeaf0e1239592fe2cbb8c2ce9c697d6d8b6c2a80be2ee5124fd2655b2e64254f70b38b9b9c8b67275277dd6b66bc0a0bc89abaf7492a308c1736db71e726dba306bba3c6e8a9aed32822ce8ed856f9c2778b0071ac934ca3ddcf1bc647f0e3f811bf4bf9e8bc77a896f45d2e78580832042cef5429a12d92b61211b71e0ae4130f40000000b6b87bc16f7af6c1ca5b68e331395ddf66794fee79300e732425776c63787f66186c6439abdae11bc9e60b94f755e3cf017b0d70997f92952ba7a27fa23c443d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000f56337cf457c581134dbf81e116ef4ebbc2253be5cd7e454668de516f52a1d71000000000e8000000002000020000000a71c1dfba9cced88a0763070acfc52638de15045c53754e22b27b8ee81b5cc54200000007e669896a094c3459bf85121485b037711e38b2e4ea380e8c329d1a721c713d2400000008f1f666c548aea07e4d586c62883f19b6d847cab486355fc79a370f807a06e0a9bb367f4e3db78629c7e1d10205300d700e29c744978425bb32e198e2fb11147	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3C390E1-C2FB-11EE-AA86-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b621cb0857da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413171655"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2780	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe
1856	IEXPLORE.EXE
1856	IEXPLORE.EXE
1856	IEXPLORE.EXE
1856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2780	2024	cmd.exe	29
PID 2024 wrote to memory of 2780	2024	cmd.exe	29
PID 2024 wrote to memory of 2780	2024	cmd.exe	29
PID 2780 wrote to memory of 1856	2780	iexplore.exe	30
PID 2780 wrote to memory of 1856	2780	iexplore.exe	30
PID 2780 wrote to memory of 1856	2780	iexplore.exe	30
PID 2780 wrote to memory of 1856	2780	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aaf31f137b049bf11dfd7631c011afa

SHA1
6ad923420de2fce372c4dd352f52c59bdeb7e848

SHA256
90d99aeccda0c7b48895a8b08d7cf1a627b3064b5c4d89c2371e5e7e6cd8793d

SHA512
7bcc41bc009e719ea9ff5627d1ae9cff8b860b73f648d1e3232ba5e90146a8279656c027c030b3306b01a013f57ab0f74580ee68f853b14564943cb8123ab417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
506fa639afc181d9500d62325610b881

SHA1
89e769089defee5618330e323243c8de3da0c292

SHA256
1a6cdcb2da5f6cb75d8461c20a82e0cad6834c4c6ec48a411def91e20cdf0b85

SHA512
ae09bc7f11bec9e0397ccee78f4f10008c63a8debe9f2159ae8e9a8422e7478975ae2396cc63346327039e0648210dd727f809eb7d485e90e53e55e793ddf7a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbb852d071adee3b6e467e3bc9ad5929

SHA1
6cbb01493f65daf1728409cf8b9cf06ca0d365f9

SHA256
ad10967b932e0b0eb51f3905b9afa6ae93190c064796d046e01a874a21ad0e6e

SHA512
9eef5b26b82248ef5b3bce7ae1a14fbe388a578d6630a61deeba72984975bce1edb97b3c704497be93d5e9ad12be3ca09b2cb6b70ec67085e7652809b9a78792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
997a6fcbe700f986314dbfb6f7d33b17

SHA1
1f012e6a716204162504adb86b18d6d56c16673a

SHA256
c92372df8cdafc97f568ebf091e272135e33cfdb607f9dbd55fd3728470e60eb

SHA512
0edf8ab4e76d0d34d49df99f9db83c20d7751d4b2831882c4daa3b96a6b4d0022fbfc2d4063cf8462d5cd1fcf4d20c469047b0ed30f2c8a92803ec8e11075d6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fa080b7209e835c89bc0ab1274471cc

SHA1
7a68e2e5ede57c936c6b182d2a125de735dd6616

SHA256
762d59fa66c6a1580e39dfb2116fc52e3afe90efeae8433415fdebea24a98237

SHA512
2c4e3ddb3898a28df3d3f9f4ac2322104b84f93348a84d613ea01c7d3c2cfd810e7b8be3d6fa97feca476f746909b2981f8ec6fd20bc62a0599899f4241ba498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e86d57a367889f295ad0821f4bc5e07

SHA1
5cbcc4d56e1e1fb77b6452a5f2fbf7445942287a

SHA256
3f2e95571d0583a4b58165e0d992efe899434566afa4d2240828e43cb6960925

SHA512
537bf62389e16ea271de02645ca85c9efedb0b6e2d23f375688127f4759ad1ca8327c9b281f092873f6835e69466d49a32509ec8355a34e7e2d3591f4bd7ca81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bfb2e3224c9916bd2beed063372e2e0

SHA1
e152bcdcf0cc2fe787bbbf7081d5b8e8a88eac6b

SHA256
e894644fa6b4a28918559860e9be3ace742c75f737090def723f0a91f3311d67

SHA512
f10c0164aa47535258b2000fde1eb817c3c3cf18a6438116b4dbf08337b77fecb7399804da2ddae46a3ee43e832f70bc843b8e3f5887d68763e5b53d3073e31b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5a79a3dfbd2e3acca27b12699c12e1b

SHA1
3d0070a32c1a14024c845312fb79cc4e920d464a

SHA256
45573c769fdb75612b3bdb989a5622bd8920061db9704642f6213b1f20bcbb05

SHA512
2c7a0dda6ae2e4fdbbeca62aa9e06a64843b2942ce5e0f5b34cf7b236961e1f5989a713b56d755e3b7890eebf9ee0be5a16aedad2f56e43fa6c7a436a6e0d7fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77bf0874669516aee790ab36764d8a69

SHA1
c3f374c41becc43f70836ce88acf5f839ef3ef5b

SHA256
b36152110a4a384a5ce4fddce7d737a0012e5f54caf9f7736f580bb342f681bc

SHA512
8ce9966272396c86ab256a284ded23b53b0f1dbd2e00b170803a8b039e511f652b940866e411832753fd834233dcf06fc7b666b57ae9ba435b12021c77832603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d857f6bdca73640420f7660491cb597

SHA1
8d5e430eef00eec510cee2dc21fc7bbdb88b4330

SHA256
e84f1cd34860aa8827f3b47a1bfe4ebe82252274eadec256fe5abd7de95e7606

SHA512
353ea8116b94f3100ff318761d1bb0c6042d5f00e596c34c38a3c834ab6e6325ed59b74db6f05001bd4bd89265cca666fc54b7890c50abb2e7b94a8190724d01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15d416bcc2f16b4a755831c8da3b704c

SHA1
2942aa25a18993c7927705dad6e9e7eb70d3ad45

SHA256
1c7411f129efedf55f3a25b77cce39b96907c75e6afbfaafb1da4a960d7ec46d

SHA512
c11f141597b615521cbf423c60329d668d815007c2574bf717037545c27971fc30bff033c132a8e5540a9d9ee4daa4f7685ece423b8daedceedcc45655b0680c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81ce18d6a997cecd2f32631d120240ab

SHA1
f8e1b3e728c104fc6a82a8e477ed7e9040836b16

SHA256
6766d3dcfa10dd691f117d3ead442782f1a682c22eb07a5f3f56f3050c075402

SHA512
6f53ef8540f568cf5342a3ef9136e97d47f615961273ecd0dfef6fc8ee36c272644f6ca58718ea829e2fe3574363687235e80116c5e9cbbd6810bd9b8922dce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e82dd7199d82c711743850c91a1c124

SHA1
53fad461a2db80ef150712906500b96af1c89b5f

SHA256
7aea67a6c946a288e2ad3e2c9dbe1d1717e95d3be9728a9b6f6b967a99bcd8e8

SHA512
c8ab8a6c8c888580b93f267d4c7c1913f5488147797e8903516040c7f10f8ae2321a20fdf8b890db8aadf81c046c3be8fa0bd5571a5f728664d0069737dd7ae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52a581da394a89b7a4635e3e65a5bf62

SHA1
dfdf900ccd766e827b819b2020ef2432ee50ad5b

SHA256
95aeb1b488731c429f96321a126fc9226844cbc258ae0cb6b538576aab3a1b67

SHA512
e8142b6a3880bdbd3a71f23e3d0345e1ee4cbdf30bde44de20b0c3af12b41a972d60bc3617e2af10c00f4a90499c2e4934fa3bc4da9d751877492ad00cbf2e30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e785d65c12fc45a0dc96be8e96a63b8f

SHA1
1eaf710a09441fb134e68b458a89113bf7dadf07

SHA256
256ad5eacca380ab9d21fb96021303ab1ae2053f67c4c2ee204b63b7e4720b41

SHA512
e9d018c664b09200d521f177dd5d35f318c4b58187c0282f650aee2ab0a2c4b45a68b396b642fc70c20893a672fe831919d3971615973f4c67ab7aeed8804cda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
554a3aab6f6ec048d06868a771d6f7de

SHA1
fff6c6f91e758772e8baf9a14dbfb17f99bc76a2

SHA256
6f618a8e885a5cee330cab8ab4b2aefa165498f9a732b2e4650eafc3ececec3c

SHA512
7dfd491d24b6b0265fa8de877feec0daf3bb23480a1b495c763c25bde5c77ac27c6c1f87dbcf17b2762aa2cd2d6ce231444f120b35e3717a7d73be9d88be8e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcbd4ed0dcaa6fd0a92f0221c85f9b80

SHA1
85e48fb6325c503203a3828b268118b042af5e00

SHA256
49333a9d13f08d755b7660d5eb8bb126d2c838c0dcb8226d20b988992f259ebc

SHA512
199b0da684ada15acd0582505eb9f0fde282628972475ca9092edfffc430aa43c16b6435a879c71def306d84cfb152abc77c2e6359db9683b77ce07b030651b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5968f21749ec8cd846c0707ea97f8b04

SHA1
4f4bd9832019a59e2daf29ee52ef847f153d1f7e

SHA256
3fbb8b6f32ce59fc6bd9fdc1ea9ca5d9d88663f5727126523e1e79d50779684b

SHA512
8298c7af3b809b62696fd5f06acd271010383c4bc367c85468a4a6df623bb7229666f1116269af7b31ce55dcd4a4c412f6dcd4601f969f4c07d9554c471bd047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4C00.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4CA0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit