hxxp://texaswhitetailfever[.] com

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://texaswhitetailfever. com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421714145"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002af439553f0402bd921bd1c152208ca388dd8906f3ad55c5461ccaf380f37feb000000000e800000000200002000000084209df68024bfe31a74366e7b04e51ed4d85f5f90965ad82bc5a72d1151c51b20000000e738e8a9a6ea6cfcb922304ac3ab1f0117a26f9c443aff418f592c1eadc3898e4000000079480140f3ac91b3299a0a9f5c6d8009a019e1efda0258c60c3597b9173ab7e470262332135c5b93f28b33b69f5b3ecdc75370eae2647bc641f5ecf40024a57f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CED2671-10AD-11EF-90CD-4A18CE615B84} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000056fbab48f26117f401fdb6349e0616f4a5515e7bd70353fa1b8f0941da4c7f15000000000e80000000020000200000007aa295e53f58eccc17164f29c9f463ec85f3e3618a8a9678a7cc5fd7bb2bb07b90000000672dbd9ea27d074723dd3140ef0fa8250725c38afb5b0eb3ff405db6f8e2da1ace7ef14dc3c796e617e78551c95035ab644da3899df692c7b47b45a016b503c3add99fa9b0b14eb2330fb47f2897b3dd26696031d3700ded382791ab6cf5cc76e447b67eb3d85e70f1d9acdb7dc9febe0c9b1c0bc4c0e6660bc74cd27df52b5d916f0fdd415809c06c3df2715711668b400000001fd59fee71999407ffa3bd45f0c01c79c11e85cfc5e4a6236f7ca55a259583967b2fddd6c3c0da1c2641ecf6f6bf9afc6bf183b986dccf6408e6be101d9f8f14	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0948151baa4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2280 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2280 iexplore.exe
2280 iexplore.exe
3040 IEXPLORE.EXE
3040 IEXPLORE.EXE
3040 IEXPLORE.EXE
3040 IEXPLORE.EXE

pid	process
2280	iexplore.exe

pid	process
2280	iexplore.exe
2280	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2280 wrote to memory of 3040	2280	iexplore.exe	IEXPLORE.EXE
PID 2280 wrote to memory of 3040	2280	iexplore.exe	IEXPLORE.EXE
PID 2280 wrote to memory of 3040	2280	iexplore.exe	IEXPLORE.EXE
PID 2280 wrote to memory of 3040	2280	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "http://texaswhitetailfever. com"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61efcf551c8c023b75fbb12e3f69e507

SHA1
9a39a0bf994a1e96c69c3dc865b2f72856f38735

SHA256
11aef18e543f2c5adaf502ed687cce8dc96998c4e6f4cd9cbc88be8148b7f51d

SHA512
65c813198a6c267ff0b35c9beebe376b44027076b213e84850424761c831e5a744b216d76c13529142fb0ec250551c4bb7247136e8592b258301538bf9a0c7a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cb495918acdaea99ae149bd64a66a92

SHA1
08bdb9644fb4ea7bc603fd83b0912a49fe5b4e4a

SHA256
946a73417fcc79cd9afd0451a76067cf075e8b8b0397c2a83e60fe827fb0c309

SHA512
70324b5d0b839621fdea322a160ad44c72094cc965287dac4586daa774bb104d9e58d9499c049c4c312d675c2f7462587da02df6de5de9b744495486fb1f981b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
304640890322afa855d7a3e0c118d719

SHA1
6db6c129b5605739a1bcb4ff91cf6f2c2858e1a3

SHA256
a38355b48fa0e1874ec50bcc7bf5cf2951cbebac9b86a4195647092bc9d708e5

SHA512
a0127d70499d2cf6f40083d9df6f260854337a5ffde78805c10bf0bc3da4f6d7ace32267040d90e1d69edb0a305fe5abe50e09d210ae01145fd78eeeb7143eb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f4194e892dd9e852de95a7cc8527c03

SHA1
623097c2979398303bfde6f173f5bf391c2a3c30

SHA256
ada247e308e624674c740a867cf20453daad035f31d57fedec8e5f2c6928e616

SHA512
08f21d79c84bdb930f450a97cb33ead5c54a6158c884b925fc51652246750efc4728963587474cb93bcee2fbeffdf08db012e99ac67f993d10bdfe0ac469b0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
842c19bb5aa2e5b30d6f246bf673519e

SHA1
d051a8d2dc1bdfe25baf630d4aaa2717f911e4fa

SHA256
71a30049c25dce4d662edcc105035342583919be1e2e70eb4af34a81686edcec

SHA512
ae203f9fe2d77c7ba0e195913ff5f996098bc23d40bf72fe8eabfeb415b2020a1ce91e0d59c76d929e1464c2fd0bb2a4bd1f21ffbd50126c614afa320960660e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aea296ddda28d515f37c01a4c731b4af

SHA1
29ba2ef0f7ef2c921d100134e9975c47d513504a

SHA256
d21a7dbec9d96fca54da2c60da5c753f7315347657fa137e60782d29c637c601

SHA512
608495c627fb456e25fbd66bd8fe880bf22cacd30acfb6f3b031ef51d3add255e26663bca95ecc21f53d92ecb9605f382b5fa256f23ccf0e656168c7a3338db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5037a2bb804ab41a21f1d0940ed771e4

SHA1
df7249bf9262e51da03ce57fca887598efe517ab

SHA256
ddf45037d56cd8bf1b3adb63c421ebd34a977ada9df30c38d8f8f028c7ae78be

SHA512
1a6f237e262e4ec58e54091d9dffa23a9e05ed723c50c1c04718176e20ec2b4aca15909f0e7328aac688e663fa97309c9b6b24c02ac9c3142eb09312385bf7c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c66512985c92535d78e9cebfba48447

SHA1
b49c4f2dc8433d33d50ae28707b717aaf67461a4

SHA256
acacdb7f10c53b6bfa01ff0e0836db58b5005ca6c5b09f0464a5074cfb53b639

SHA512
352cabbb0a95db1fa2bed2ebde1980f9cfa65175f74646ecf9553cee7aca56e5477ae48ac35df34d2ea20e7acac736688684c79b06fc928b160a536eb448dfec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c25a13ac3bbd36cbd84d72c86a01798

SHA1
23465e2d181e7c5fe8b2c732278723cda3d7af34

SHA256
247602f63876791018fffbd616c1042e08460e6092e46bbae8fb7d0248c2cb52

SHA512
690eb6a5526284e5a9623a93ba0561f4838037564b9fb4438774addc9a12ea037c95e0818585d1303faccd77ed836a31c4e7e4eeb6d3bffee785e463162de921

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10fa66fce480a350d4ae63f3f87c6c05

SHA1
38b04334ebf5a0ab0b345e8efd42e4afbcb8a1e0

SHA256
bc21191493fea8962f415ca6922a2f217ca112ab9edb29c8830712aeb1b72afc

SHA512
cca894ebcf13a1b5638a5b5025975c0ab32fc685090187a6abc75c019eff034fc9fcd232276fa94c42b48d13b0aa02e41057b05fd3a2948be5423f9a685b46e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afd5167cfd7c91d3c412e8da7055263a

SHA1
f314eaa275223b440e9db156352779fe8771bd43

SHA256
02fa8d2f01e5127c8e0f259e686cb71573383e79d6c44a5993d8170f7f5e109b

SHA512
e4bbb189a7e314a84b738f23910fb538b5389a692676797e605f9fab0266643e0ffddecd82a1982faafeff6b0033b3013efa15f7499c16d5ff27585900e3bf06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c43f609876ec673608e251a9a520a5e8

SHA1
46f5e9dcc2804d36a0f3dafce3ffdfbfb8e85316

SHA256
5275f29459adeeb230e3ae040fb33cb3003408bf2da9149752056a09f10c83c2

SHA512
2e3ab39a173ef10111cf6c0c981295b0fa459a270eb1ccf840b0e86dd9d834b6702e25b7e444ee3e100f7dc8d0246dbfb68854535618ae9c377e893e264a774d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fb127173e6f2be2225bf964ee0eb5b8

SHA1
087c582ce9d98777980a08ef14e60f03459de4c2

SHA256
582ebb5d0ca713261b59f783d073f502b88c24fef2feeff66c0917a46dd162ba

SHA512
de813659cc5596777e3dec77506418f58b4ef5f2d8d1022ab6e1a54852aedf4217da6a8ded254b5939b5a1f8a679d6ddd7e16352b84faab1be123f198a6bc1e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc68c18a937fad6008510dfc4d56e6d9

SHA1
d9161032ca72dd04f7fe03ae35c9347295196ab2

SHA256
5dcb8a5fb7137160daefce290b39ad61f67a16f78aca43360b4de8766e43e901

SHA512
0c32e0ad135534555d4eebf1818d3e08b97a21dd0f5f32ce2a0005aab4b6c43000541dcc628bfda8e30d9158c21a6601891fc964e84af0c2c2ef14334f633faf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5201b08e8e68c889c0ed74b21dd92cd7

SHA1
3a9bcf3a99e2a53cebac4bc419b19361377c5487

SHA256
418dd36dc09d80ce83bc51e5e3e2acdf0d1f4924ea7acb1cc424e9f494a335f3

SHA512
01823de97142711c77a8f846d7e4e8f178b40e62d980975d271bda385349372677ba5a7f3e1e91755b0a0e8f422a2f4c89ab7e957e07f65b72c1cd1553e74e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25f0c6cb119d1c05fa3bea9997a64040

SHA1
df5ed0199630d28663d7f4ecdeb717726588ac76

SHA256
fd0fdd7628d418125d0dfb3e7d95a9a0c9e149a2ef8256606db2794d32f0a98f

SHA512
8e2ba61882154a2d4bd547e6bf93852199ceb2cc7d4cd68b01e94a4359fecfac9df769c4d652b2d912140256c7cd66a3ff4ae456505888599025454356093cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7763e90cfa55cf9fa567f6e5d6d7325

SHA1
0cc270a31c450ba7bbd16edb987d46421e14215c

SHA256
da22c7ea8c4ec79aac481464d37e7bd7f5e6ac60da79d86c030281a4fcd746e5

SHA512
5be3155c27903883cab3cae0fbcfc37901ad8533119f936c69bd434ad7f896ce129f50221e77b28b8e68d342376f61dfb4c92ba651ff25089b8d4bb9fb533f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
407a7ecf89539e86c3bddae897e42c29

SHA1
767d49701c54740639037feb67f4dc183332f0fd

SHA256
587e099e1d05b6c44383515df09792769c259c8c203d97271dac39f570fc96bd

SHA512
ff97967c708013c0cb152424da2900bc8e1350d0ebacdb06acb64a8d339adf13a1dd8738198e2c819165a9dcf76533a15d000654d6fc796872fce7131ec44524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bc9187b5a60ec9d8ecc2ca057437e84

SHA1
c9d39c79dd1917529f59bc75067622813a3874c1

SHA256
864957cb70fcf9fbba7efe415fa11817818a95a7f462259c39d1191b3360b88a

SHA512
9533de074f7515853c04b9b0302e40298d5fa690cb7056fd52dad8fdb6ca2178dada6044c6735953219b81073486fdd6c6c9b1bf190bccc941f7af141028b406

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2262.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar22C3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit