53914632ddad3b583337c1792dae4c0d61855e212ef317d3117d06e431fae62a

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

help.html
Size

1KB
MD5

d00d461d0d26f00f33c137810005c8ed
SHA1

3276ce557c139f5ef23474bfb95bb581f32759a2
SHA256

53914632ddad3b583337c1792dae4c0d61855e212ef317d3117d06e431fae62a
SHA512

f75be5a03215b8910cd41f03b6030a6aca35564e028e19f34bd3bc398fdbd68d35267a0b7b2961cefaa2bb35df4813f9e6fa666cd77f426e3e5cd35869c19b16

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{96E5A381-13BF-11EF-85C1-E69D59618A5A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422051773"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006e6b2eb28b8e94bca6e6e870543e93e000257ca3ca7a062d93f1fa4432c75095000000000e80000000020000200000005348f8722f8dd695d5f6d61289bb732fdce3ee93a5bf97f1e6b3477b0b39ec4220000000808f17c7fb278636df98a795fd58d896120c4e2c6c3f56d558afc35bedb43350400000004e1b014fccca4ab95b22c6f8320496238fa3f2d6acd2945365b87e4affb96f926186fc2faed49ead47cf1235b826f175c145f88ba5cf89f4abe76cabdece19b1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b9626bcca7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000004300323cc64213db1790725f4c7604621d04078bcdd8e2fd6c5837f24301f6ce000000000e8000000002000020000000737b293c84753a1bbc5aca39d227ef2a134e66eb0290cac9cee445409a20fe6090000000691dbb12c932967342c10164481ffe73f67e5d652b1a7fecb3e129d17946a65b709bcf1e328ec89b7b2402515856f9789f7635adb5a453df0b0dbf207b4d4abe9bdfa6bdd5e05e262320af7a3ee3aeca8981768c0bf775342af9cbd60ef26737389c1ae64d2fc39c94890a9a9feaf939042952a38b05bca96cb8315bfff140bd8108d9339baf514c7a9452e68509c089400000002550f1f08164e4f66a06f7979fd0b5be60d6c377d85597246575704605150c04e23a1b3d03c874ab99ded4bc9550c99571de975e949aabb46867fe871a6972fd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2888	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2888	iexplore.exe
2888	iexplore.exe
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2400	2888	iexplore.exe	28
PID 2888 wrote to memory of 2400	2888	iexplore.exe	28
PID 2888 wrote to memory of 2400	2888	iexplore.exe	28
PID 2888 wrote to memory of 2400	2888	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\help.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c239d48e2812adbfc5e1857ff6c86bd

SHA1
66bf67dc19aa7dee095f40665ad50163527a8ce4

SHA256
d84b6eaa16bf0b0bb0b710c74f1d5022b56d41d8d642d467fbed0fc4e54f0ca3

SHA512
7fe122b8e264f82802df2b8efe5a122e4c83f8892e5364a43f5a2e5b8fb1000b59e97181eedcf790d692edb5a51b9dbc9d68bf795307b40005e84878797c7fbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5559f269e22a9e2c857f66c71ad9f428

SHA1
1824e3f39f39c9d6835d1aa5f2a8280d9a602faa

SHA256
0e20dedff42bf2908242ce5af7af68eb9a946d181ef6be77445e389dfe72f1de

SHA512
3e6148d1d9b6211edc9858882f0ba5766874b96ca338c9d983eeef5609263d4fbd590ca0b5409083d4ef952f531c9aab115f43c672e816cfaaca1050946be9f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd60be72dd74b559078570cc34921b3d

SHA1
c5a850f134c30440c38c95f4543b14f34a09bb06

SHA256
52d7cb9c0982b4de9eaa3973c3b6b01114fbb9073e7815f92e772afcf4083dbf

SHA512
d8fd61bafe86a2398702aa1718da988c3220bea9e47316698ee4af0694e1d9bb20772023edf24d71d2cd6813928c389b603e499fd30c0ad16df9dac8dc78cac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31b651ca643b2e0f196378afd558f248

SHA1
03f051120c24ee9be0d62b9a7e4d3fb0f6f1cfc4

SHA256
698238be8425bfeec22f4ecf1edaca8b941c5ba660aff02689bfc275eafed461

SHA512
67883864aac3357d5f00b5074f589eb5d2fada220b8d5cbef605c892d877dcf3848efc24ab54fbc5d48828942c314b5be8925fdf2f79cd4d20083d551ef23ae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e303c204419530708d4f9f62efc2693d

SHA1
a8c8f0f011440c43aac5090475d4cb063f3475b0

SHA256
92aa858f3862243d198629bcde7eff7e2ee4f6ee9f6637381308202abf0d0396

SHA512
84b129379c62e471316a112c2f28291143d7e3d79542734e7b42fd49a740892518fb5f74932337496a21536e7056dbd27245550e10667e15e71392bf2cf3b845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84fbd591e0590ba148c8d7f616f8fedb

SHA1
a7d698ef455f69260d757617ff4b3e31a515cef9

SHA256
8b25c6fdffd2845c1be311193bca368a5be90fb1b7b4f122ba956cacfbc27801

SHA512
73904928dc646dff40dee40dfb6e9d055e1d2dcf29db711dc485b870ed84d75fa2273af10c3631638e466cc9f767a79a1668c0b7761b6655645ccbedff8564c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da8e8e11d7f511519aa909983a9ead16

SHA1
e4e280bd5cb93c3581389fe1d6f213bfe3bc8538

SHA256
d61e3e88c4f361d934cc85ff1ba3bdd21e32fc3103b32b2b43a7cd8ba2d39f31

SHA512
f25f69931e523fb4a4d69914b0ee9af09afa4c36168f6418f0051de98abd0ca6087aedee99b678acf0a364e7adc2cc24f8e29cf369802c4c802dae3603e09ba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ab23ecfc137fb4182d3cff1bd742d2a

SHA1
d82c2f16a64feb8de2549d67b093b96d4b35a316

SHA256
17b31be7ef782b1a9b8f45fa88ef1e4253c5438332bf09a66af26a0ad366b4e4

SHA512
d56b74974bb2bfa2dcee6bb2541396f9638e1e13bf05e722c12a55b05c153ffdce3214f8c7b847e352d260ea025e3f2eaa404bdd92543a788b8eace47b41c7d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c718bec3563ce3a85cb7c864b04e255

SHA1
108a32805cda5cadd37a14f6538bd37f25c666ed

SHA256
2560530cdf3d569d59c4393c261616ed279960f0d9007283439de530dadf3902

SHA512
9b3df18d5521ae043f207601cf6942ce105d5582368f23dba30791af7f53db34e785d74b79705b3cf2e52394879a47ece59e683877c296f18decca6c7f0fb2a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d46028df43fcd96dde5db40b41baf9dc

SHA1
a949f43ce36dd9e3ba3b6aa02f65c3a75bd4fe91

SHA256
55ec4524459e75a63ceca1b56392cca658937d57c3f5c3b90a2352d504d07acf

SHA512
aac6626b43ad91cfa43100fb0d49fed04ba997fbe019c656e9532a9ad99172b92e3d0fd2b36a56c242611efa64804323728d588443a87099e606fe435f2e1494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64fc21038ff8c1821635dceb87cc9a89

SHA1
aaae03aeb365945a2f5f3787bab5a27c48aa992d

SHA256
006692809142533b54d748adc2ef121dd398f5c58fff968facb04352233aa696

SHA512
521cace09bb05d62c55bdfdede2fe071c49761d3ddda2e5bdd5f7d6a402e42307913a476b4d659ea5f7e0851d808d0b69a4e3273cd5a5b78f44b856f0f76f8ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f73407a48606680e4e51be32b61b8f5

SHA1
04b511f70ca385f48a2024d51e4bbd20c8f4bcf8

SHA256
dcd00f445b01ea1527e49b3dac1a484e52e69541829aed751f6546e5a4d5c83a

SHA512
48cb510078992fb16bdf007d2432a5be57ec3efe7587608bdaf4d5fe608ac89c0a6c8a3fe9a74dda1f2f2227a7bf655bcf460b877b3354fc1d5d05240ca91033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be3b66c6b92a53e5c3fd4db64fe7875f

SHA1
3e46ab4295d592a2b1475cb92e05e3cf8706c637

SHA256
fcf44ada7f473b1b4c2deff47c2bfccbc68e6051baecdc2632b250b40995d111

SHA512
d47f1a8207249dd95910fb31b19afbb034261dd767e596aac7017f9bfef3e54b910c7609a5aa2ee27cdeb87dbe4e8db93c1bf2b9e9b70f73cac520c264ee25b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bc9d260badf03541c435892d42a7d04

SHA1
d98e9f7c78da897a4f61e54fc8dc7882db81a25b

SHA256
56d7de8e83f2d70a91ec29ccd0ef8f4d6b177577d1a0ef8d31ad896cadb45443

SHA512
2aa92c9ccc29ccf1aa0bb2a09e3b764ab3daa91663a7eade4cc6156553fc4b29cb89aed56fc4c5a2a22bcc360365cef071dfb660b5fbdad56ed06ddd17ad0112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7b306fd063b86b8edd994a319495026

SHA1
29d4c5ed2e5e0e0dc30142fddb1da8f034b669c3

SHA256
e0404fe70ec927b5da07399745f21731c6f582c9f3cce10eb79aea654f32f138

SHA512
5a182b40a1cc7c2bff7524186e1ec6b8add364401d783bd841de99e6c001c17df775b8ae44d2b1636b6984ec59f274ddbb20d21d73213472a07135a569884c57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45dc3c7dc860e861164bdbe17a09e720

SHA1
31386958c13b21a0cf8f8567dd6ebc597f1e85ed

SHA256
ddaa4822c19911561f22b05a021c6e034ad591e9511f2916efad6d514f2d3ee7

SHA512
91e328ae0b430a1ec65d795f5d3e3b2b9628207222ff18568206d7ebcd5815edcc8f354720c370d6fceaa4d34351ffbc9137907c9ec12dac250c2f5a99f0bb64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae53a753e67a4821b6d26f8d4cbfd516

SHA1
3af846c6b7e088915a0ba019ad97add650110e18

SHA256
d9a53bef00b0d8c3ccfe8c340ac0286181392f63f0d5c0e0afc1d59c22315f93

SHA512
72f7f1834f05da737a6c60bd8c27afd3715bbffec0c2c9ea17b4abe862a8ccc6d4ae5aa3ec9cf193ba2b044a58d351390f86c46b71dd93f99ae0286cc3270a27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9b0d8eff6df08dd5cb9c194045df5fe

SHA1
10c30d7cd75e237599db0b97f715918b3c58d642

SHA256
509d5299c2db7cc99ceebed7969d9540e5bfb92afd471195f8b0e53992d3ac00

SHA512
e7f49fb7366e325ee23772982a79a629d1b4438a506e44596b801c559a9c91b8953c661a4a8951306670881bbc56baf8bb3f3eea69aeb63ae0cdacd9c6a9658e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B96.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2BE7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit