b205a04e565c13c365e184b162b054c0ca4f59995fd3551f787b5446b6723269

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FLib/FLib.html
Size

7KB
MD5

21d9fa58935689acf14b5e97bd8c76a4
SHA1

037a71ed5015f7ffd4605be3321987af26718e02
SHA256

1b557c8a44ae4f4831c88d0c2a99b63d66a329343de63380b476f3b19a2d563c
SHA512

8f256e2eebb563357cb87689637240b401add8340ce6a24e8ef5f25fa4500c06c717d792a206b1648c6eca47b280a1c86b41f1a3929d6e4f26f7d14f88d5108f
SSDEEP

96:Rt4BnbBxgL2Nmhyx25oFnDf1ScZjkoZjkn6ZjkBZjkSZjkFZjk4ZjkHZjkwZjknm:RB+qXQuQ6/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001a555a428bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8588D2C1-F735-11EE-A8B8-66DD11CD6629} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc5000000000200000000001066000000010000200000005190b24f8a91774c29f13d0ee0390c47fa6c8e5c5931bd2933267c7c8061e7e5000000000e80000000020000200000004e6885aafbfac8a4465a15bb97b644fe94ab67b9bc5e226ad7dba56976a2c5ec90000000ee85cae4a578316627f7a1162a8e992c3bc63f9b6fae2feb138bee9d4c315c32364515f9fff9500b9f77c5409c3f7b147315f0d4522b042dd3fd5c9c5758b9fab7541f9c9cf885158c618b788b57c6a667c049702d3464e81a12614767d0e29533acddde594b839c3499c42546ba599c3274a1a5d3f3adbaf59054939c5e521ff5168323b81a4f07b1533333dd13112340000000bf026a68bc5f59afa1f16bd24c6fd317825388efeb6c5db18133129067591e77bab222034d2f19b44f0c91f22fd01717167877a65c01b5afb21f6810ac8c673a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc5000000000200000000001066000000010000200000000973332563b4211ab2c6b926e273e6a5aff1f44f936293a258db0eb241e74be1000000000e800000000200002000000051a46277a668f2bb70141d5dba49c28c93ee385e0d889c9a1d3273b5f10c93ec20000000f71c962d96726e37fce97a829ad1534f1d8085f06d166024fe00e6375b66accf4000000061948176cb5ba160e95331bd8736633bb1bf5db9aced0580693d1d4cbde842c4823e9ab92effc2cf1385230a8efdb2e20b9571012b2efefd7d4fe946ef7aaf93	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418913843"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe
1316	IEXPLORE.EXE
1316	IEXPLORE.EXE
1316	IEXPLORE.EXE
1316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1316	2224	iexplore.exe	28
PID 2224 wrote to memory of 1316	2224	iexplore.exe	28
PID 2224 wrote to memory of 1316	2224	iexplore.exe	28
PID 2224 wrote to memory of 1316	2224	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FLib\FLib.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86d53300b171eca7c216504cc649fd3a

SHA1
2f63ea4ec40da292e3d18bd6c296f00627357618

SHA256
fed2cb04c95121741b28762fdf15bf3e830815a9daae9a0483768b2bf4b32389

SHA512
2d067e845fa1c35bf3efb42eec242125cbc31ed7381528c72d3f00fcb77ebc9c25509d5e17876674f153ca8fa1e601ac7b7689747f129d9bd115d797fa66a15c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5734baea93b1fbfb4e0da761c9caad8

SHA1
8b37cdb96885c3f1df1eb102c4e56bfec64df080

SHA256
3c466c6caca6d51634c7b2a980ee1412fd767b4ff2e7e9b9fcfff1fcee9f442b

SHA512
242ab03eebc62870365e83c07581878f748fb27cd8c02a1e69c277f06511f8c49dc96eb30664ab3a182b86686baadee263bc63f4a4b52208a2741d3fadb97075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97e8747b80d2a5fd037b9b835575f5f7

SHA1
9fd6500b4ee869220e6dc7dd599e4b82944e7dcb

SHA256
57cf2bce3e2226febe8a0c88d5082ed54d5353d15f5e2d9632858f046f7c8f34

SHA512
6d10f29d92ce86fadd514294b665dda8067fedf19ba521095df70153328802969cead44a3f88e586ad91ad46e20d05a81f98116ceeb5b058fefd268b26e3474a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40eba7f0ae4b636db8926d85cf439f02

SHA1
87b72f6f9193e7c4cb786107ad0c8d9267e710af

SHA256
5500aa876c8a7bd60ff0ff824d2315047b8eb30617cb0b91095bf295c7d23699

SHA512
72b51545806de05fec88c2332196861b000d1a82bb642ef7051dfe39cfc1a3ca1092001a4262cc2f08a6459c6899cbb1eae5609e1dd4a5d4f6773e8296732d4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ecca896d43a6f5b21a2a831f9c55659

SHA1
5d0025c4641a80b9880bf68d533821ef6fa2bb1d

SHA256
c91b91d5ee370e6871583f2468b7b7e84d6917ad8f00d9fe4feac07c30a8ce10

SHA512
ebdce659c290f69a3de295963baa24352dcc7da6d1d1a3dbce80616dc5ab36786ad54ac76ff9b57a371fa7488d88470794c33551a9b311980e73878704ad3c16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7482cdcde5fc933cae2c3f985fba55f0

SHA1
5d55b8b45311bfce72dd6fe0b904baca8063465b

SHA256
09fac38860ad068cf0e266d05914767efe65570bc09e139837b6e587f6c69814

SHA512
7d03cf414a879c57d60927f95fe499bb8f0401102a226f3efe81dd36a576975608bacfda26521b404d1ecb46901567a2450798950df823a907ac55510046c738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c69299258a004282af0482dcf5ad22af

SHA1
ddd49e59e3a46da6108594458c124a2e51f6396d

SHA256
a294e9f9027ea440bbdfc9c58a192fb935d422445a2456fadd607a7da93e935e

SHA512
903b52484108e1a36e37c415f46052d0477bde5588223b6853aa7d6b4b5fbfdb49668a56c32c5f1e556cfa1a8372080697762def20dba172a8e1eb669ecd6953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f0f33b65f2a9576c55cba515fcb222b

SHA1
b4e5f11003cd70a689ea8c60c6b72bfb31f22369

SHA256
76bd9c861cdcb1caa01a88808067a129abe0426107929415e1a905a2575c3d0e

SHA512
988f7ff21783bcb000e4ba59958dda72c0a71403082a7fba37bdf03f4912e2b39c9aadadc389ad82251a8391cdd2cd1445d02fd312d8a6563c2e6f0e9601c623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78744d66f2573358b2eccb232777e59d

SHA1
c0af0970cd9207636383b0edbd4d77c390ef7103

SHA256
8a1402f7695542342d3fdd54d86730a88aefe077c6ca8844c88760b34277e12c

SHA512
4a6d7bc1a5169d3908d72050a0b3dce03ffb327cff1130762654e3234e4a6bf7369c9cc0eeaa760ad8fcfb9bf655b11f02c641cdd10c82bba0490a27f3309987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e07008576cdaa1b9e9d75d42a3454e6

SHA1
9bdc78c7c0e70fcdc8c476462de2acc1212daa1c

SHA256
988d37c7b7fe59184191f0a7e1cab5bc1978d26324e6f19659fd56a0a17eb451

SHA512
548fff4aebc8b0216cb0ab45ff09bc40648a3a492efb08cfad6dc720bd51bfc0f5a1b7e6a62ce74943961490020b490ec714df7f212c07960e456944b477dd5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f573130f7d6ef49f9e48dce50c604177

SHA1
0701fd314180ce509281f0b10ea17168adee8245

SHA256
f3347243b17c46928ec46f8e2ad879d80af0f08ecef7e3c7f478854be6fbf496

SHA512
13fbd25af67d4fd58a593cb17a2c47aa206bfbf1fb949178504e7a4135f0cc5b96d5afb90162b3bf3ddf0c45a079b48b2bc795bfb2572f0453b1c09fee2c829e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9137a94815e4c12871a395596d9152f

SHA1
47f2a720fa331b92f21fd5a05a500977b5944171

SHA256
745f8b6b606428acb0b61d42e592fdb1a660d3d0325e9065043bafeb633f4633

SHA512
45cce8f86946112be86a496aa30d159a3aece55ba6f5a4cafeebdba90647bc3d174eba685ddb073375c4c8768fa538128797e4ac424ff715519aae9afc950b38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eedadde4bfcb31ff93f888a343af5be2

SHA1
824a1a8a5f9de1a46a9738ac16493aba8125ee15

SHA256
e0363811b3c27c7a20dddaf98292b907d1e57720b9b06a063cd6f1370b0aef73

SHA512
59939b184f571449bd5a0bb31c59c411c0e43224c78d732fd58ff88769304e5b5662e450ab371e34fcb4ce8640018e17fc3eb081c4f2e13dd42e64e60c2530ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37fc6b63f9c71b17460175b447a63109

SHA1
fca85ec3977d824e9833b9c918b865c644e56822

SHA256
7c97fa11fef1484ea1ce03a85396b078a88737e8091737cf2eb15e2fdf4ecea9

SHA512
3bfde42e7aa8bbdd9d9b765a526de5b98e1e77d362b4feab9ba60edac1f0ead69e6deeef625d9ade8b58dd67378ff8c00fe1c8e39696488e1279ff02cab63d79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e73452e9d063a6d18bf21e1e1f187996

SHA1
3318bc7df7c712f49b612237409a3d3975411ea4

SHA256
fa2e12d7dd1eb85c5ad039867d42515d9e02cc87a2595fc27faccf116bdc6b97

SHA512
88858cc70179da2853048650437d3db3df8882e7ac3e4539bc1873a38829b1aaa92072007699970b43c1fb60bbfe1c5f410a946605877a0795acd2348930a22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbd6b0edac3fbb524d3b846e4af7c6a6

SHA1
95aac26c5aa5e8fbf67544a3ca9bc6703de6cfe4

SHA256
30cf8c36a66054f48d6dd2ba9f370f939b9f1a02f7d0894dc08790c8e7e8e908

SHA512
d6c33f629217f7e41339062ae6005b83bbaf7b77e2c78607b83a8e698a91a0c14799bb944c8852a33eadc4e865f6f3e2d49ec2f2144f0176550deb123447c28c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af24a455da3d7f0b228d60f5d26d2c96

SHA1
5e5447e34c0d8204bdfda6ab4022167bae283b3e

SHA256
a61f14b098ab840cee258830a6cb500d51df53b723b7fedd32de6e368985c862

SHA512
da4e675fbf7c62545782231a2d8860769d7d73e4d7e083c1843bade9eb660e5ccdce8d93dedc9714e684b3f06a47ed6af9becc3bca2f141e643bb611560775cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab894E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B63.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B78.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit