c38f1fcf1a2d5b1cea2d24d47afdc38ca6b27e12436b94d038e0859fa07fd2b0

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Docs/Contact.htm
Size

2KB
MD5

80cfb5278f384e00b5ca9ebe4e35b3d8
SHA1

0c2dd80a0506a9576a0055962230026cc4049426
SHA256

4ace08a931badf6fc197f9c2ac0a7982f0fb8c0cee513bbdd735745029661f38
SHA512

9679a321d6661c9e8659648ab1f7bc9f8b77d879f674f26b2519551d22787ea8a409c5e16b605f6e3547999b675efe537d35f8a99a394a0faa8d0dbb0b1b2ffc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000006f07b6d6f72b453f6c82dcbf49757e1294e3dee4e2dcde2d26a10afc9117d8d000000000e80000000020000200000002f4d2ee8b317f27fb768a11439a75d91d5b1faa928e3d2d9457860c38fd01a842000000026c1feacfd917cb7130269f32e1397060a75c50b14e0fc233243f5ef6987313d400000004267665dd41bc69febaa1be5d4fef509b7e98f8db6334f7c9a8dda7a51a11c0073777f5648777e3d2a7d7c9fadc3dbd6f1f3fc62fbb0e34b0e126341d89dd58e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000000d9b05d2f95182601c5694c865f30f7eebbe7f7c7b36b44994efff645ea25e00000000000e8000000002000020000000496757d8a75f18497994dbcc36f080c75dec198eb42a9264a505015d8f82ac5190000000b7bc3281a8cf23624e8636fcd669886e05f3f78d49fcaa0f833e23da554372446a66739d65254016384bb5648df71e17bd56be9039775ac60e2a417a6cab61d9041b78adf268453ad005eacce762b78bcdac55fae17256b85e2ffd4f458488fb24582efcb5434dc066916622d4054d73c3cb844c4c13baa807590f080c6356d5569ca20d2831af89e5fa73c92271efda40000000c6c7e74c22f6fa0f86c7f8f3169463a62cdb078e1991cdb781f2fa0d81ed0fde3a001a5bd3f91a1a322c2bfd88522f6e5d9cb9fea2f4b8721a546c56f89f34e5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e041746b045fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9650A341-CAF7-11EE-A675-6E556AB52A45} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414049391"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE
2168	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2168	2216	iexplore.exe	28
PID 2216 wrote to memory of 2168	2216	iexplore.exe	28
PID 2216 wrote to memory of 2168	2216	iexplore.exe	28
PID 2216 wrote to memory of 2168	2216	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Docs\Contact.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf5391b07f08633d6701065087bb7b0d

SHA1
00b49df8e488c63c5b479bbe0c4fee1ca100256d

SHA256
eb540230ed04253bc614e23904ee029917240501af712d5060a647047b70df27

SHA512
8a4a1696d515c50fa8bd939de4a0141b7a7ade0f8a04f510bba53884866ee8c27a5f4043936b7f6c2bf60795fc4e7b4543427711904a11f8e4b9adda07d9a35f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57d3e04728f18903f576a19888958d8e

SHA1
247b6fa81396cd2e573afb4e1da3912a6680b782

SHA256
c848564348e14100298b816265a39280350dc16c5dc022b1210ede7400cdbd96

SHA512
3bc6f4437a0f72ece515759cf379bfd633f092910bf5a647e138f414e4a95997ef52d4892dc120eb5d0008d3eba586bfe537111306e3ec3c2f4979c6f7aeda24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6cbc43df5476651287e91c852c44550

SHA1
bff3c9c98a97240fa482ea159da59f7fbaee6268

SHA256
ae9a0a1ee2cfc439f41a38ca24ac0b8608e8f0cf81aab27a746c9a4cd4c90013

SHA512
491ef87d31e188ba82260012a3511ad9a9d318c1591479955c25067b2181d938dc68c20c5bb23bf886dd5a06fd086b3c24b64207464a25ecb41727918d15f8ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0a9bf99af9afa6ef9a67e244e287317

SHA1
3abd2e0267418c678f505fcceec144b2ab793990

SHA256
1b5c188826ee9fcc73134430085c6f48c87f3832ca067699ad3a3c1cf5066df1

SHA512
da75195dd23d7471afc5d42a3e989715ae45b1939f76b39515e12b50260c33b41c8dace6ec9ca8d5c7f2893e75037a9656aca0c5043a7c388a806e30c1a58fd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee17a9f6beaa9271c2d5206d76bbd57

SHA1
c62eeffc3d17c744fc9d93ba9acaa78890a10431

SHA256
b37c26d29b400f95e5f0c38e712c4d7282456c49e2e20b32be534b713ed3b119

SHA512
009c75b5d4bf7b696a0e139ffd02479aaf14f4759380b2cbf65cf90be116293c6d66e2da4f5b970cffac7fcf6bbee6fa21eb91f385130dc84a646a70d5b2f2d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33b9fedfebcda34dfaf3428d65358921

SHA1
a301533af477983f473e482bdeb567fcb83d9baf

SHA256
7c1cde37921b9f93200e8bd6a21c137128c2c6c899a45a7c6af48d3b6d36fc30

SHA512
4ed129e5faef11ef819d8b32ee30bbd625cf80fc50abd3280778e3e271a52968c42469468c0496d8927dca4f68ad4ddcb06844bf8dfd7a8727794258af7b25ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d7c01daf4e005e01067256c29ba65c4

SHA1
192d885de7c88a45e494281f09ea8d0635c96922

SHA256
bc692b7bae7a075d44d6d651ae00a8399f461fb637675963f621dc73bc7ef2e3

SHA512
42415b2e33fc7458e5afc7ac85c9b4205d14a474298a89f29bde4a55a68aae397d26a1dcf1e5187389c446f65bfbc565714193b060b8b190fb509022ea632278

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3406aa8c9c1f67628434661d939db85f

SHA1
ef4ecfbf8593d4ea524638c829affaf2d6901a56

SHA256
99ca6056357a0b0aed17805152b306afc70630d4c5ee9b4ddd1b596a7f669002

SHA512
affb2f8dcbd3dddd7e3a3b58ece86f6371178470c9f44aa543eb37cdaa7493036a28349634ec5f01ab6ae14b3e71c97d7b92949815d0a34a069fd7f4adf19038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f87890cac685db9cde39102a13ade37e

SHA1
1eafe07f763839623b2059664eb666e0c35391db

SHA256
ed53ef2bcd08c99a0faca3e32602260876ce9c45ba5caff12045bd325ba72304

SHA512
37e83dbf21082943e3b255908ce7ab3239c37d3d6d0214c32e22eadd491e3fc6d3495026cb651648da55405c9a710c6587869c08e6e689f5be1ebf1313a9fc0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac4289f4d686e3c3ea0c04bfeb37ee4d

SHA1
281c3c1a60b631c1d0804962716109c6115c6f05

SHA256
b70cc637d832bdeab925644f1fef6e876e88465d10f3787ead8dd50b8a632c88

SHA512
b189256ae7f101ec36587ebc9e1614702c224277c7b3cd2173bde6970188fbd1de8bc17b2f4d7eafff1007af18e8d25b344f96310886622d9ad2474f56fdd175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b95fad2c2754ac56ac6344f2003d34a

SHA1
a9e171101f95d7ef744296e61785ea15a4e6eefc

SHA256
7f0985fb96d1fb28157d3fee2ab3fdb57d12ae12bef3bf27a55e29c763096a4f

SHA512
2b08a89697b5646530a0b909b5f04114235057eb5a9a003e3c088be7f634f9ad0bf08d362fed082099c6779d15ac392b72861234c98b9c80567a17c97f1f0998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d892664e30fb4282fe4b9308ecb6eda

SHA1
1cc586a2c5cdbc99d6d5e884db0d88604c04c15d

SHA256
212b8b983e910c317b0d61ae895295314d1f69987916b61cde38bf8257a24656

SHA512
b27646e90595559a91127936abe58b5d4ccc0476a8658f166176e264423d18d9843a09bbc0e84e7a4ef775201487111ba7e4f72a5a20bd70ac545aa8f0c7cc1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
568f2e0a3cffd037591af3b9f216e8f6

SHA1
44ad62b226f69e0437609fcbb5f8287ac6eacc5b

SHA256
c616546b690889c8d4dc899151e9bfb2d06febb88c69cea72bf63b2063ad242c

SHA512
55099d37bd962a6931e2bbaac2388c5783f311f0a5da2605615a39ee7267ce54e1dc4e32011cc02af72e1b6d6c4e2a6251ce638caa230b278f37d0106ea7eab6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e973e4253f309caf041442c23c30ced9

SHA1
579acd3f5d1125008d7db97306c66b1a247ef1b2

SHA256
181e18621af79977b2a965bcfca7c03390861954f1cbb0183793afa502410007

SHA512
b59458ca1d906058e41d885cc6f130f9df823ca4587d769c8e3a36d30d6342a4165ecaa1ad80be79d484ecd97ca3fc6438319dc7d3c846388441f377cef542e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7863533b71781f3c15e156c343f153d

SHA1
8971c159f53d95cc7a29b8e87e96fdc892e8643c

SHA256
cda2ea9167b00131370b5ab665e8db3e3959f7f0fe810b6407096f3758ade0a3

SHA512
6c165ae57a6b370c0d850457b9f2edc34d4ca5143d8adcfac8e2dcce225a84ca1a5488d5266d6468720b7fa08da75e458ecc78a15bb23d3f9fff39bc75b3116b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6c6ece9128b0e5f5a5a2432281da998

SHA1
848c0090cb18bac713edfcd90a80ee54cca7c080

SHA256
13c5a19435b85a3fefa0f7027fd0c9067d2f157208901774b145e60ef0f7ec63

SHA512
fc7fd29f9fc9469f8d09ad34a551240ba5723fc786d73ecc2db82599d3ba03baeb96258f9439ee292a7889898c0b6f3818bf1324b1b8f6e24e926924d6f91ea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a43d484a4af30a458c6b410ec664af63

SHA1
d340d47764d5808ea0ca7872a29817e5fb9aa0fc

SHA256
7e622bde433b1cbf88a4946a4fae2d987d9cde4ebc1532e1f98cdd77a155eb86

SHA512
80c92714dac82787669fa3979d21ca74f89591889132bd54f5cad86b0d385a52ff5227a90d32d4ecece1f5b68e3b92dfb959b5b2dc9c6e251200125b8fe2e7a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bc8ee20f1afda2df547d0dd25463e21

SHA1
c544bcb365fe03aafb5414c2f8fa3884d523bf56

SHA256
ebd1ebe10b03fb79cd71e2d4c0aebaeaa6147b429e8d36b31ce70447caa2a8b3

SHA512
4e957264a5895ba14b2db39152e58dec32f74c79e180f39bf30dd5352f672a77bdcc8326904ccc046338558a2752bab8348255b723d25e808f758a1d6e357fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab81E0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar827F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit