3ab65d62f4f75f30baeea883c25ed0c3e9f6586d84e52fa6d0268120b9a4ebcb

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WpSvc.html
Size

657B
MD5

d4f63b173042bcb08de589b60ad2e73a
SHA1

341b7a315a1813f77b0f49409004e5fb8077aed2
SHA256

3ab65d62f4f75f30baeea883c25ed0c3e9f6586d84e52fa6d0268120b9a4ebcb
SHA512

076cb550ebef83e9534b7c847807a84b80ec437a224c423c2f6be73ea0ae875945cf4d5a971332eeee026c24d9d07bbb67fb52d5cd64661b4642e78c3bafbed2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75128EB1-1830-11EF-AB07-4AE872E97954} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3475937c558d64b8e38668f1f6a0f9e0000000002000000000010660000000100002000000085f5404d1037333a31bc6c7559b1e9f8cc769be70b3894c490dfbc5e7855cf1f000000000e800000000200002000000069ef2049cb6b9576c28ae57d1a3d7de085cec2cca12dc1045d9ccddf558027c1900000008802a2631de18b10290317238c2890ab5227b41e3fe648eb2c8519594101bd59f89ece8fd8ef8e99dbbb567dd5d6c36ac44039beade375f371ae53462d39ac10aa3e004175a9c787802925af112976a54673ed70b05c825004a682bdf8cd32028c23d838ed51c6e7a2161f0aec7f7c8eed8ee1ffd92b4e20b938d0cf2de4abacef134fd6717a22cbb9dbe12b5a8d16d540000000a81726527b0db0d4af7be9746c56846433c70c1ca30a87d03baa4130ce0810f4f8436d2ab25df791d993ef3ac7f079ddedd1b6f68f1c58271df06cbc12692c0f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3475937c558d64b8e38668f1f6a0f9e00000000020000000000106600000001000020000000a96dad8ad541c83b594d72ace8e8744e3d2bb1fe59f7e109759f48e26bb24792000000000e8000000002000020000000441b2a987066d1c8955ab4c0a27016dd831908a7eb1dcee6b50e176d50dd82262000000074d26a92176242a67fb61f73bcff8550821552d4fe8305edfca4135fad4f880e40000000f82de47aa7bb339c75da56c639aa57c12d94eb766693c058220820b35f51dc281a958e57a98c6c53e3e4363562d7936e31557308b56defb31793dc0049d25ee5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422540055"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b281493dacda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2540	2056	iexplore.exe	28
PID 2056 wrote to memory of 2540	2056	iexplore.exe	28
PID 2056 wrote to memory of 2540	2056	iexplore.exe	28
PID 2056 wrote to memory of 2540	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\WpSvc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5b76bc8603964cc65d7eff118d04ff8

SHA1
5e6d1158c889d571ed27a5026ee0898bd2b75e65

SHA256
bc556772734aaca60409dcae750f70316d033539ecb76c316288204a136c2538

SHA512
ccc15a91f22acf84dfbe4c81f6dac9db5ba7ae0ae5c9e6bf448df2c914f908f6f906063222bbcd89276ef48832964214162bac52d30a1bb0e0d84e091f36d2a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d325de657646250133f605e7830884f0

SHA1
bc1cdb1bdd50e63f7fe7c5b9c58b779299bddff3

SHA256
fb19c31e3b0c13282710574259d6eb490eeb7f30d6d69a39ce1e32b71cd3b548

SHA512
ae7a68a0c35cbef0c8dee0508fb8db83f35c45f901f77c23c8c397581eba08dff0ca3fbc5dd62238042b3217645b268bcb85130779bd6af02e308932c983324c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfd07b16ae4c70d4c125e5bbdf94a468

SHA1
5bdd4e3345d520a47ffedd2a85d9590da53a6c96

SHA256
3aabfcde248012de937d8e4ddd05adeeb7b509ab78a85f05d8a239f000762b68

SHA512
1ae56317ecc27b5d8754681edb5bf8379ab7977bb6cf8e5367ba01d15bdf51668a1bc98d2a337e8df83390efbf971cced8a333a096ae46f8d74dd3f9e74e5f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a8aaf353d0a168a0e9f0d5c05293290

SHA1
e67912c6c3face877a9f7f3905c99b01ebc5bf29

SHA256
c33160997f91328649fb7fdd7f530fcf5bbdf05fab95ccf0703a4b528da061db

SHA512
64863a5e10ce4f143de84fdd7da9b2277ebe3d2975e31ce0fef2b2028ae9ea41aea55644ad0744070564954dceea731e090be38e16c66e97e87ceb0f7b0e8f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9aeb1d22b62d305bb195f107d491498d

SHA1
3bf9cfd3a17a88821fc20a5d9e2b94c6c1ca644f

SHA256
54d5c8cdc646e2505e8d1225ddf8ae801929feabe3c5e173bd6caf68fdea95e1

SHA512
0dd133253d6da00c3ba84c7be7d043bb284464a2dcc153c3424a27dcaef0962b06f9fa17d111d67bd73d12f94e71371b2250f38dbe7f8f33e2017181c364fe44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c19c3ddf003445f408a94446d19dcc7

SHA1
3376eede3d71a81aed71d07dfa571f12403eeffb

SHA256
f6fef7f73bc9d5f264984f525de95cb88270620e9faa4e451bdd70f9541afb72

SHA512
e0ff7881227d710433da7eb51d65a7655e78e52bfd3228b74c9b365dabc9f6d41dc01c3901c881bbd21c205bbc78c2a5c35db442cd508b89b05cb8257defe2a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2672c3141cd88dfa68f035b23446880

SHA1
f5c0c50fe0c09958b8da23a7ce06afad5a3840aa

SHA256
f2b597a97e5fdc0849d5b6238b94f92c101f6267f4c8b10d7a8596ba003524d5

SHA512
5e1011131163c5dbf500b8b67c5c255236f3631a629c8c376b92dd502a7d8c014c1cea8aff68fc8b72f6228d63e2596b2b3bcc6f7a264c8920cd705f77a439a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a1983532173b1be7284df4873f1b801

SHA1
76614f5261348ed58f9f46e6e532ced8dc73d131

SHA256
9a3376f8297271346e812b8514805234841b5903e16c2280e5a997879c67eaea

SHA512
b865cc4cd173fe446c76f948613a16e21c3efc6f64f6496d5fc056f8b8ed50cdb7af712a96ab81a33575e9585cf1c916e828c691506d9f5683b79666fa10c9a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c9f555e6f66b19922cc73fc53f315d5

SHA1
d785e30515ef987b690e089cdca4f93a00fea641

SHA256
2a5171d842611b435e079dbb0310c19ac743c4719717b6292e0622ec4a1449fc

SHA512
25cd9a428604163e0cec34d8fe732b8ace73cfa297a60437b6ca2e8d1a8bc0c9a185b147b19a64375d65d2c47e67648eec154dd6e107d35b5a44bdbc187d1a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b11941d7caa109433a10f234c0b45ec3

SHA1
c610cb3e572f6a8b8e4c04b4e4674c0a98589570

SHA256
f7c2e7a959f78df4860412e0a4432dde39fba4c940718a398e10ca5663f08f87

SHA512
a529431f4f628bc76c01b23bdbf4c4c1c063e91729a88c59527dda2e7a9af61aa822cc3b3024492d174f936d26487e29468c3858684bc5b2a10d7d004d9fbea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e851651a21b770c06f8c9511271401ff

SHA1
5c4bb59123aa5d3d9d2a43118a309f61dfcdb7d5

SHA256
2c723a8ff87133647090435f82cd886f452cfb9542aa51f1565548f97406a7b9

SHA512
e55623bbd3c16ed69c52ce7ef21f24abc92065b1eb7e47e57f51e08ea63e581925bcfff568f175fb1712be4c94b64c9bf13c6f113fc13c0c9047f16692d633d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52d2fb34f221e81c96d3b14df5db88b6

SHA1
71f8922c6ae959961238ecc60466769bc0dbf044

SHA256
a0befb57661e6103161373c314df00acfa524cd013df0b41e175bf06ac9b5bb4

SHA512
9a74aa1fe332daada7f9627eb8ad1f13a4bf5c0b7460686ae73f583e3ea9625eebc9b6472ca984290b6b60bd6d11c33261637ceac34ee6d82dc10f11b5175042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fbac882b153d4f82ccfd993269dd848

SHA1
b15950751d757247fc6852991c899dcb393510d9

SHA256
6a3464348e9c9613de40ec6ffc6307bf248fa8874ae9946da9b2ce76f76aaab1

SHA512
59c0a2c6788aececdfa16e71e070426cf13d0e0bf547963d7e3aa5d3acf21ae24ecee81e0ce5b387246d7961b6fa99f21511a5498a2c5b31b73ada09547b5305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ffc352ddd57816616c8b86775010401

SHA1
d14fdd791e0bafb1e72694fc22a718d464ddbc2f

SHA256
6b33ea64a1c0bc316cb9d89344b180fd77cc63af48c94c903fed131a757f2855

SHA512
228f39f705a8365b0ad3662382ae469a8b60bd54ee40d637bcaac8ead3386104e646aa7e5ccec854f678daa2e1fe1332e13315e8fb0fb1c68c0d81282fd669b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60adbcff762cd8afb65e9fb6b9d6a6ea

SHA1
67132c2d6cba49f56d97cc843b7c34004f0d5ace

SHA256
db2cb6ba93e04f8d10078433166dc8580013acdf034c8f31da23e7b6909c453d

SHA512
59699a283c6a51404c253b6cb6fa4d17161a5f898378aba78473f7269acab3118aa1b2abc173fb57078ae7e60d7c512310908578bdc31bceb392ce05d6b382de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e964689d466109c27a49491dc11c7cb6

SHA1
b4643b39cd0f311f85ae4380dab3d30ffc622571

SHA256
98040f8be73193d3154808004b18f14dc9ce58884e9d1c7b1ac1b34edbb51e9a

SHA512
0193ed24072926c1452a541ae50a5fe534ee4cd2f17364c422987621a4006a302462379d512a9c77e8b9e9109753857b6b80ddd969abb9d682598edfbdcfb46c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a2acfcbab3759013aa8751a3f17b8f4

SHA1
6faf689157ac4c645397086f39268ffb1fefa98e

SHA256
9cd251b70798db4af7adb3285ca74b516a859c4e824b97d3cc3cefe846170222

SHA512
2cf069273a5be0e4f6d71db45a2bf67c509db5dc14bd759d8bb7689c57d5402795d233bf45769a46eaa24da9c7f4a62a68d29d209bcfd32e0bfce8b0da354501

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E2A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F2C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit