11ac8b313e17391ba1c40d40d400b477bbc4bd48fc72967e308899319c9ec7bf

Analysis

max time kernel
1796s
max time network
1819s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BotNets/SmokeBot/admin/imgs/os/index.html
Size

91B
MD5

3c79360ae83ecfdf909a16cbe606b951
SHA1

7dac957f1b426d257d11c8ffad85c4ba2faec511
SHA256

da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61
SHA512

31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E2ED6C1-F2A5-11EE-90F6-569FD5A164C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0bedb62b286da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000559c0faff0af9925460e4f3dffcb21b94dbff69fd50a50ac9b8bb8952a4d883e000000000e80000000020000200000008a8f50807a2973ea0eaf82e101d2a8005c22b2efe086d87cd8521bbadb42ec47200000008bf64997cc2721acffb352b22497342fa3b0676c257d617ed9ca0d39356570fa400000005cca4b4bf0e9a725d1e02e852a916f89b739c755f5d3226c7ff837ab4f6b5578d8a23816e01e16fdd440f4f9d1a9ef4ea85a29dadcf586085b56b55d8d9786b4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000001509fd0ebd659b9e4ca93ef13bcec20ec8582641d00eb45721f531af689b9515000000000e80000000020000200000001f0ee7bc1855b67be7eb91c8275ba410adcc31109b70959d2193639978c1926d900000003c0d09ee0bf84fd0364981b13855889cdbe1388315206cbe567d341ee4aceb2f34f2b948ee140e642f282732964becaf8f4f0b2c729fb64e515d535494d6a193afbfc7a9639e959e8430e9a44758d0148e810b5e1c0e04778ff17280f2fb3806e302a44e105c1101c799ad6d5e0a7ddc021f8ca6e3cd5a8ac788d2d56d37705ca0cb3e893f2bd838772203497767a2bd40000000020d468848117edf944edc31c121089802725f75dbe61e82d896fd58aac066dedd49de45420bfb017af5f39506f6364879a8b0578be8ed9cb0a14cb58a64aa19	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418412204"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2492 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2492 iexplore.exe
2492 iexplore.exe
2928 IEXPLORE.EXE
2928 IEXPLORE.EXE
2928 IEXPLORE.EXE
2928 IEXPLORE.EXE

pid	process
2492	iexplore.exe

pid	process
2492	iexplore.exe
2492	iexplore.exe
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2492 wrote to memory of 2928	2492	iexplore.exe	IEXPLORE.EXE
PID 2492 wrote to memory of 2928	2492	iexplore.exe	IEXPLORE.EXE
PID 2492 wrote to memory of 2928	2492	iexplore.exe	IEXPLORE.EXE
PID 2492 wrote to memory of 2928	2492	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\BotNets\SmokeBot\admin\imgs\os\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
72a6107a35f1d8fd0c37504fecbd3723

SHA1
295169c8a56bdef7051a07064905afd0380b6bc1

SHA256
0554f29d2f730e77075a27cdc234463ee44be0b2f2eb7002bb393fa899d5a5e7

SHA512
e2670c544ff465bbd5e117e535593bc71bcd0d0212bf122d86b21086e4b2bca826a29c57bcf96913b679fa28eb4e0d454c9ae684945b3c293dacc11b99a1b58f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b004d59183c130f44d7cc70b4207c7b0

SHA1
35db0cf73a428bed5aab85dbd6da8455887138ad

SHA256
0fa9a6265701c1564cefec31b2176be8f4b2d587ee143d580415f5f8f2c83469

SHA512
d281584eb24ff1f82a3b32a81c11d128622e0a9d6674fc82cb50da4dfe6399a6e4b55fd7e4a45526747dd7cc336022ca04900f1c2471a217b90e1401468cd76c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b2bf63fdcb01c11f83ec5562a7b1984b

SHA1
1f928080ea409f82120d2c2b6055fac6acc52e9b

SHA256
58a339a50171818fb019ed4d5a7af2861046a41ea46aef4f90051bf1b03384a5

SHA512
4ae149c824fa9374c454248641c82405f142e4ad78e6d00abc531571cebf04e9c42539f84c073db546aace9eae67213bdd5cc528090c5203f0316920d1ad7340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cd2fdd7034897e4dd6f23ffc1e0536f5

SHA1
4d33971702af931b39e0771db35ddd6b8d910f50

SHA256
d57fd2e6fd1014d71c750714185c3c4ef586794b02253f8cfc0b5f7f0ce12886

SHA512
e47c7dd630a579de213122485376cb828358d05ed92244b4d23969223b027c2db675298c9e78f008fa3e6cb3cf076bf5e872e5a596ec72a98cfa2e9a15b7423e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3cab65005519bd8823fc6959cd35889c

SHA1
563877685acd4915826237f9ef024cc3db5f3c0c

SHA256
ec8e8361450d2b22d950b95072cda6062b04eb1463c4a1f342cdf270a9e81241

SHA512
99d13803cbfe49c1bc6a99342b20b845db0e45cc88ed00c2e66247db1db94f5fb1c9c743065af9ddcf7d884a1c66c0b9bd4ed46e540fa2973634f4a77c75f577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c1aa5cde8e5d7a5dcce158c632c723e5

SHA1
ea1eafce7efede0c607af4a3a66c77795133c95e

SHA256
b48f51dce360a025551167c5f7e423ea9e4631d72520e1425cda96ad9dd91b4d

SHA512
48816f5bdacb21d6af5a5bcb13e2c94aeadcb864a46c05d509c8a2faea6bd619ed0907e455d56e419983ddb9cf706816cd05393df94d9cff721eebdac455f20e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7ada0c9ec3654e165b094d84c4635d49

SHA1
b6346e4349e89a0f47e8664d63b4a1b422e32706

SHA256
62dfa68b10ec003f1645bbdf2950068eab3d0923fd34952d1559b72f3972c607

SHA512
c784b94635d9fa3741383e7bc95941e73206089dfc37b95f04dd2c72f0424c87d36e8fc34eabc7c490fe187b31a2760a9a06312d88eeede8c374f581b0ab1ef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ff8f282e7f2a72480f75dfbada78e8bd

SHA1
512cb7a78c35cd4358a3bcd0289032748fbb45e9

SHA256
23e0dda3398e3c34d3407b444a682a744433ed8ea2ead5ee13e01d1feeee2d4f

SHA512
2f0218996f86f7fafa0ad9bec35d9239b223af0f112592ef0b51ab896d752d33fa4c80b368f8d87cf5ff496503aa1def8420b9e0f06530222397096ecbf5d830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1b6a693b5806c5b8ed9f5b404e1e4171

SHA1
fd429624e077a4d8fee1182db9b9a4c5a89229b9

SHA256
77f23886bbd9009525fa6473531299d831b5462acbf786f52b17a07d66b1e9d3

SHA512
19c29324aba0328d7f473da1dc64ace1b21585e1191d0fe9632913ff92b6d82317dc3fa5b7c273c2268a8d7a5250a7828e55588f77043e6005f3de4171ecf7ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2d6024a85b10c92d5804c9b03ad270c6

SHA1
c02258e106267381da519f24aa2e43cb3700d1ff

SHA256
479ac37199f85474acaddb9336485fb04adfd8615b5461da36279ab6ca5323db

SHA512
7986aa5ff2b6910bc18c384228a8b7463005fb56e328f2afed29e8807d7617ec151c1a27ca953aaed49874567e30116805536ab8cac62936c4e908ee39a97118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6d3f5e3cd4cdce9c36a1ffe1b314b557

SHA1
67a3f8755eeef7a1621f9cb5faa872a81e4301a2

SHA256
cdfe6569aa82c102ab18fba5b7efec3f1f1e7e8b23ef829a8608c5da1ce32be0

SHA512
ad49fce41932608c759baa9ac728d42e6250c7d2b34a07d6fc14961c9746cfdb42025eef3e2829e1be59c989b9ed740735ae264306045da02eb981ac806884bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a37fb646cd4cd3b60d2ae38e79fbbc09

SHA1
9e29d1c24adda16420a73bcee19e506580166b41

SHA256
60e56fe83f7636853c0e7623f611e5f147b12575195f9d713066d626d86d05f9

SHA512
0cd96579b204fc5e4c30d1f695b3ac7c311483f91b8c288ecc0db4cb8b190c3c00e55fc82a708541b3bc1bd2328eed302cb78f71ee19b2cfa62d4a3cb24f51d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ff2d75d6285dcf745183e8501a996261

SHA1
cf17abd52401947faa3ac0da132518865ab69dcb

SHA256
6b7a9c4924d1e4b4fc002caf456ccd3dd32517052847a3d4f25a9eda0562cf9a

SHA512
1a29029a8951c984c09418624cd290593b45e60b53d6d0946d046f84302468fb70d49f80068297e0c939d6255de77ad0bdd293647989415c123fa16c1e6a5e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f840799efa31e9034f4ab9a0fa9d53e0

SHA1
a9ec42379aebe91ae2ed8c7dd843d5dc7128cbde

SHA256
99d2538c5dcb226a2a85fb33efef31ceb8cc1d66c22d40ed414e367e3c5e5b0e

SHA512
83f3ad3157d2890ef63018e2d5518925b4f1b614da9088399e46edd1352175407924aa14ce7da44a6d243d6d8f7de2e1005f6adb106814c15b09803632bc1a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ce91704b003011647a759a497f68eb02

SHA1
dfecb12f784aaafc24069d288ed50eda5bc33292

SHA256
97c60d50753f1cc6f2f4be8e0770d0055fa10de9f8e4b8410eaded5cf5902e64

SHA512
6bafd6e68940facea9935fb119ee79dba133e44969f04ef897195206301eb63a6bf7da57ff7a759305f923de22e490248dc9b00f5d42f2b28678bf0d27468725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a2c3c6a80dae748c1080ce4886208600

SHA1
1f413f201f1a217644edc8d40d48f80fe54ad87f

SHA256
36f0b3cd5d3c121b6c3edfc69519d9166000d22059c1f9ff72612b5eb9b87cd6

SHA512
5ac68e9eeb54712706f5a38831dbd1a34252dad3fd0c8124032628400435bc626b4cc3bfda47f0eaaacb3b776e5e99776a9e1f95690e49c108079ef25b78699e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC1BA.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC2AD.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit