f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d

Analysis

max time kernel
1562s
max time network
1564s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.htm
Size

1KB
MD5

752a1a8e638938f8e466e838b330f7b1
SHA1

5a66c6f7dc710496af18360253677a62a5bc260b
SHA256

f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d
SHA512

e6f1333f3303b5c30e59e13baba529279fadb5a83b3984f0f83bffd69978146e062ab82a01e04fd7af2bed8a85aa6512acaebf24604c02a317ed8b633d736c43

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000bb35dfdc9f30f9cffd57521fae9d07e0fef006807c07ca52a3beb538b658dcf3000000000e8000000002000020000000780acd623af0980bb077f13859bee099234145af346bd28e7660bf53f4bf264d9000000076294a4bd26a7306cb030c6fd7cd3aef1f6c1a43019b9a8902411ee63aa1e80faf7721445cf35b84631b71e85cb41f0c3021ab51fe3af0b36457a74dfbb6c85bd9d00c4eb7cae7f929e0e07f2c48dcebe8c8fb1e40e56ac694626b40f2cd780d117884d61225e87653e4f131ec70dd96cf652b227ee68d92d951cb0d1ec8c9032c2fb164dad5da82d2bfc7c51b26143b400000006b3aa018555c898c5c79ba84571dcd475e808c04e4cecc53a1294bea8744c92fa74d3c23ac19fb630d6134556950d1383261dbf54199275c12e2cf934e100a3a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000f5004acde719d2ca0c8fc2b68cea60b7eb0c68dca9e61e59ddd0a9444623c3fe000000000e80000000020000200000006a3f6ee694fc7b81545fee29afc3379cdc3314e02469425c0666b1f8e0c5573220000000ac973a12779ae6cc3bcd561f56c1ed4c69a5925d0e93543e850ae2d0f816a2f44000000093342de1ce3d2d9a1505f9a8f99ac20946cdd099ad75f71269596c32e792fe17b25a09c65aaa13da08f65e59d02674fc80ec5b31bf72e9c2bea001ac3dc85638	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415991187"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 804ff770ad70da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ABFEF151-DCA0-11EE-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2500	2088	iexplore.exe	28
PID 2088 wrote to memory of 2500	2088	iexplore.exe	28
PID 2088 wrote to memory of 2500	2088	iexplore.exe	28
PID 2088 wrote to memory of 2500	2088	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_430AD235EA78D5B3057A8C156D1A2857

Filesize
471B

MD5
38323c241c6173892f3d445b9d76b70b

SHA1
8f143f740eeaa01f51b008c84c99d71452b1d756

SHA256
715fef1bc6a8be61934336fe338c5faa31ea7a95cef543ce25a908d3ecd0f269

SHA512
d2007da719bcac31cd9a68febad6afa681dd09aa3eb80e5c0846e115a2951f40e3376201b9c128a85726b20a9a73f9b1fbe00a3479c9c20e68ecaa23b67e8edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
678bcb9a6c85e48ef541543fef19796d

SHA1
e12bae216a3a42ffe17c84bac08ebb3d16d84571

SHA256
f63bfeb17e3d011d84a9b9b63f46d1d89c3240d6321aceac6609f4298abf9c4d

SHA512
3dcba7c1ffba1a7a00bfc6c4437782412aeb771a86b67f1e97741e9bf5ccb550c440bb1a19335a8a67ae2f0da754f66f0fa25e8c497b082dd8f3f4306442755c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13b23f51db8f23c1544f7e7488b01f5d

SHA1
82eed1c644c9a304d18f11dac584e744a0e02b45

SHA256
bf88d20e1e93e0a18d6322fd5ed4cce5af58dbc89a60c6e18525eaa787d7385c

SHA512
3a6611ca4f516bd6985eefdf118451e9bb61e7371d8e1a73ecba3f80cf30064b8cdf2ec82d5d3cdfad53fd86ae759c4fc9ad2dd97cdbe7c7f02120b404b6b0cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fab7e5eb4aede7254c2e68b747d71ea0

SHA1
19e84917f2ee8d293bd2c3086b21a14d9e57d729

SHA256
f6c9774c598ab15c758604c34d281158926dcdcf6e9e6b7dc539de129bd3f3a7

SHA512
fea455d6fb5e21753feea9f3f965652b9af446ab070b3a0b80df165700d1a52cc0223530a8ebe2a5a0fefea390211c6c7871a0806a2a86a1d12ed92739bd522b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49f2b58c8f58cde32e01e627c3e2395c

SHA1
f145a79ec3c96616b9abeb644652191e254b895f

SHA256
4a85a23603c33db28f8ab82fd09fb12f91ac1aa9109e3d5009418e41eb85fd47

SHA512
12d825fcebe89483ce5e5864b5a759eb2d093275f97d817fceeef449fb74e204855c9b5946707682e3d4c996ad9cb96dfd88b27c2763327788f848262cbe6e54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8bbf334de73abeed8190c1fec52e4a4

SHA1
909af9f07b672b7476aca12dc8c492528dfddf5d

SHA256
8611a9b7f61316f63ee4b967819582804043aec4782f8bce5beda36beb3008fc

SHA512
e0061eb19cc084685b2f48783c5a024abafb2b0f989cb41bbf79f898dff830205f0d820d31d9e22f9da4d4cbcc0f4325cd6fa036d1182a7f471ec7eec86828e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56e2b87c10d5aff05c7af82b6bbe6917

SHA1
fc9ebbe32c720a8b00b27f3a660c1838be1da285

SHA256
f902004889f352e79786dff79753ba3a8ff8a92d397cce326e122fe293fcc04a

SHA512
75f7ef7a0dba9ce244add7f140dfdd452954afd3b2897129af0c8cd7ce1a1734a2a86049905bfb022634d7eb395056bbacd0af98a3a85140b1b637f35e3acfb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6a42b108a2817183e38abcc5a270849

SHA1
ff597c9da0d80e8c9410192bb6fce370d73d62b9

SHA256
f454bf64a0be6024f3abb1c5cb8d55f6821992be9e0a193aa22cfbf121098e07

SHA512
f9f14ea7f1b4e094823f4b81f545d63120e71d84525f34e97bddaea08ad2ffcb82a32f26b4abca38d4191d89433723a894844d7671c9b629d6c00b07a56f4717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3208db06c1c7750204866708e224178

SHA1
c5af2250aab9f28c09b7f9b84cec92fdc4f24e08

SHA256
cee01e2f4071e693cc03edc065d6ee177a28d2f10a66e0935f531724af07ce80

SHA512
a1514ae81e47c08e7ded439254922899b9944e6b2ad0bc1bc8e165882c06662348589f3714c4141d3f05648e317a82039ab0305bffce530708da8b41be2b6055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cda0079baa2b973c501ca682236e9b3

SHA1
c80af17fa26183b0fc5df9dbe7c292e4a0b9404e

SHA256
6d9153138446c3f9589aa0ffdd6f1a9c7b08aeae4de22e60f551295a7e48e557

SHA512
efd3b003954d4d711bb4fbb3298a3e114b431dc31eccebf2ac80acf9b99894fedd7a60cbf8e398ac180f9f2598d105ff9f9dac40a9ac1cfd27f9483438a91fdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a97f02470a192629b1d32d4e0525cd7a

SHA1
3517748d63d6addc0acd0babc225bdd56223d48d

SHA256
8f12838b9920d2380a858587dfcf5541bac9650e6062b60a392e68681c890cc0

SHA512
7a262b2d68bf5f2166e1d60d098ec083019adeffa6d04f7c0bb3bf8fd7405c009169cf385981f8c1c4491fad9ff365ef96fbdc625da61ed60873dddfdf443171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e46dc8ebdd8ef25cb91746ee2694e27d

SHA1
7ffa6843377d8b937fd558f41bbed3e56c97583e

SHA256
8d43667a2fd6bc47041cf597785e2dc0a04105eda60463d8ae29845b446c33ed

SHA512
1cf42c2c897e88185afa320570f85ba732276d68609419c872f65845027f91a8a4ac35ed0fbc3aaeefc1e8afa918601d8ef50d8a55095ced8fc251708fb0aa04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cd050f6727144b9513234a2b0572978

SHA1
1382ff6198a876249ab6fd4243599f0408703892

SHA256
4ab672b1b346a6b3f6e8bad962f740163e23f6c4513dff041cc7cfd67b4e1c74

SHA512
daea1fa37675d1e31f76edb0db8b2d90ef9e4b571994384e84747ec738e2c30065ffdcf94c2241f23d80b77641defb9758b3448b38b67e8e729b7fef2c3136d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e404d8b8fd3dfc024863712091d14b0a

SHA1
6b70bc4fb471a1f40a659aff4620a596d672657f

SHA256
30e51d8b2a88923bc875efeb33656a28d808c9f2b39807a9e5764f76f675246d

SHA512
f37c418aae82af5003c5da9332b295ac4f24075cd67a5811d2da66be8a86b951feece4e9043262efedfb6aa1c60b62a1ef4c24c3e12f25fd79a1acac39fca1ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d270853220f902e5d7e110af14c8f26

SHA1
7bd87dbe5f2ee909bfae9faa8ecc9673836e5df9

SHA256
ad454c4516c48ddffe64776bd0e7fa6ab4e57733423bc573de4088ab89168113

SHA512
f8632136b44c59fe8d5374b5955c869ddb38ebce902f10cd9484353dfd9612ef955574358a86d8d1d4d38f02a70ceae6ff250aebc80845538927c4a70e5f0dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

Filesize
1KB

MD5
4df16aefaf9b8a2ff4d94a664ae54dff

SHA1
ee2da7b623c2d0ee0a29687d47dc5865216a2edf

SHA256
9bf29d2fcf6826e1d648898a9863b4b8c4d9f61175daf1179d9757035de3690b

SHA512
4f3fbacafb6f4d4340d942f4b5457da6c894b6b746c0e75fc12a3820feee3096fc2b480bcc481c7fcb273e9364d8765d4624d8369c11f33305c3118cc4fed47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\VsNE-OHk_8a[1].png

Filesize
1KB

MD5
5fddd61c351f6618b787afaea041831b

SHA1
388ddf3c6954dee2dd245aec7bccedf035918b69

SHA256
fdc2ac0085453fedb24be138132b4858add40ec998259ae94fafb9decd459e69

SHA512
16518b4f247f60d58bd6992257f86353f54c70a6256879f42d035f689bed013c2bba59d6ce176ae3565f9585301185bf3889fb46c9ed86050fe3e526252a3e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab193C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B37.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit