8df05e255ce1317db4abb9d84c00917f23d3d0ef9ca0bde0cd05e1d7d50efed6

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMPfolder/DomriuAdoej/RiamgIro.exe
Size

116KB
MD5

99fb02b5e8c709549b572ca088ef2afc
SHA1

28dd044a1ffed7d4f3005dc5470f71b631d3de43
SHA256

2f44957b1bcb8a6b46a4a4ab0040e417697e0821cea4d400f84f97ff88a7225a
SHA512

8e0bdbd3f404a05ecd2722db9bdd2d7487997a27d20bcbebfbf426434a0caeecb1ab03ae85aeee9fefa5fdef17163e82e96b31726668aad20731af5e69a925b0
SSDEEP

3072:J/lW4FO5E8Z1RydXR532Bs+llHIWGRrPXmXQ7X:s5BydXX57X

Score

7^/10

persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	RiamgIro.exe

Loads dropped DLL 2 IoCs

pid	Process
1576	RiamgIro.exe
2772	ipconfig.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cmdrun = "cmd.exe /C ipconfig /flushdns"	RiamgIro.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dnsapi.dll	RiamgIro.exe
File opened for modification	C:\Windows\system32\dene\kik\senb.dat	RiamgIro.exe
File opened for modification	C:\Windows\System32\dnsapi.dll	RiamgIro.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RiamgIro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	RiamgIro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RiamgIro.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2772	ipconfig.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74\Blob = 030000000100000014000000f53e693ddabf57a88a9b12b608b09b26c0608b7420000000010000003d0400003082043930820321a003020102020900b522f9b72eb992f5300d06092a864886f70d01010b05003070311730150603550403130e516f736d61626a205a69746d7579311c301a060355040a13134a6f6b74616974204675637075696c71204b69310b3009060355040613025255311530130603550408130c5568796362616d6665696375311330110603550407130a5675777a69686365796e301e170d3135303732393134343934395a170d3235303732363134343934395a3070311730150603550403130e516f736d61626a205a69746d7579311c301a060355040a13134a6f6b74616974204675637075696c71204b69310b3009060355040613025255311530130603550408130c5568796362616d6665696375311330110603550407130a5675777a69686365796e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca4b086fec8b6077eb80342e9e89684c82c69e0b2fa0270b498ddf79792f807eb4a37b678ab76723220fe5d4d731cc4d844d864f209138476de844dc01fb6bd053db536b0ab7b0966dd11ffb9ef68e0c46f42a138d4e19c262d1c445853cad35d7fb344df3ba5b8ca4eb165eb86a4ca42f9f348f52c6c2644b52e65c510b8b604f9ae33fdbcee9b505aedce5db2feae46b8145bf850fa075b78eaf9f2997a06527d4cb9d5b3e08c44e5da3a862d06deae1c17787113fcbac928bef96cac1174db4b2ae627ed62251527c3915ff618c45d34903ec088c105bd357ade281328794091369bcc3ac6b73b27645c175a55ac04636d5da6e9d48c1cace8fbc4e43f8df0203010001a381d53081d2301d0603551d0e04160414f9f7f8a7e3702dc6f19e540571c8f142dffffefe3081a20603551d2304819a3081978014f9f7f8a7e3702dc6f19e540571c8f142dffffefea174a4723070311730150603550403130e516f736d61626a205a69746d7579311c301a060355040a13134a6f6b74616974204675637075696c71204b69310b3009060355040613025255311530130603550408130c5568796362616d6665696375311330110603550407130a5675777a69686365796e820900b522f9b72eb992f5300c0603551d13040530030101ff300d06092a864886f70d01010b05000382010100865c953854b2d42898f7b5024866d830a138c98ca04f95aa6650301346e1dcd5fc26a579c83e451227d28a2b6ad5edcea01cb56e4a8518fa433eee470c5d727282c04ea71731e210d47d76f6425307dfd665008cc1754ea6aa681fc82150ec8f2eb39d96dd2e592aaa1cf4aff59834b58f63632c5f5c2e5508945c2102de73befd3c5cd891547236dbc9700182298df31be15033a70c689800d10a24930932e4db2844f9914400626da05c6769f883a0de29f0b87d83b9494da0425911b090e5f879192d7f9ae91c46e0a7e0b6ce5092e1ac833681c1b1ac451b17e4d70a241aac3c34936f64e6a70163f9be4e484a79766dec4da6bd2c61b701c9b11f2e8445	RiamgIro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4832D1BACA6156C53A74A472BE8678EAAABC8CBE\Blob = 0300000001000000140000004832d1baca6156c53a74a472be8678eaaabc8cbe20000000010000002b040000308204273082030fa0030201020209009a6384a61e21f893300d06092a864886f70d01010b0500306a311530130603550403130c4b657a646f75204f626f7467311d301b060355040a13144d696a707920506f67716f6b6b65756662205375310b3009060355040613025553311330110603550408130a4779666b696a736f6d793110300e060355040713074a61626d756667301e170d3135313233303039323531365a170d3235313232373039323531365a306a311530130603550403130c4b657a646f75204f626f7467311d301b060355040a13144d696a707920506f67716f6b6b65756662205375310b3009060355040613025553311330110603550408130a4779666b696a736f6d793110300e060355040713074a61626d75666730820122300d06092a864886f70d01010105000382010f003082010a02820101009c49c6ee63c5fe00dacca54e8f9d75ce3eb48c9288315c1d0b775703a6d150774797d061d519b7bd48b683fcb737bb43b71becf6ef6defa02248e892c299b679ea022f180234259a7ce258fdf11c55883e8da19f1bc0e3cb92fb6859ea302f466617b50f54d25af0ae92ea74d722c4bba94128a1e97e37e7be8de8221b14ba68b235f0f3a8248bc90ce9f49a35a22511b75e9762d8ad6d8c2f80a41f092c2ac2661cc2e45d1fe11a9d5376bb9feca20c6093098d7f06e1ed1eb74ef600693f61c12ba60080f869ea0321f8115db61f46c6c1631471941a2654e7acbb1bef00e30c0601dd9368fe1fed1407a8e6cfc1a1b4674da322965ebff202f04c1a1ebdc10203010001a381cf3081cc301d0603551d0e041604143ce7e354ae5e3cb6da3a4c97f166fe9d565adedd30819c0603551d2304819430819180143ce7e354ae5e3cb6da3a4c97f166fe9d565adedda16ea46c306a311530130603550403130c4b657a646f75204f626f7467311d301b060355040a13144d696a707920506f67716f6b6b65756662205375310b3009060355040613025553311330110603550408130a4779666b696a736f6d793110300e060355040713074a61626d7566678209009a6384a61e21f893300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101000f234662b2cf375fbe477f1c3255972e487e8e882b6a03d4db2791a5e600d313ac52a248959d519292afe4e7db0325d240d731a187e06c31bfa8468fdc0f3a016b3b52761713149f82ae53e42a49ded2c3f59614bc222e0ab7a507159312c8e8eb392f19c3be5de5702f3b0fefc72e11a23b8b85a557fc30a4982959f0c2eff53cd255209ae8886bfee0faae4ebe5af4c1eb8c0259ee3735fa8405798acbf021a43e5febda366cccd339c18de577ed6ca07f9d11f60d344fcad04de6ffadf0b49bdbeb57db399d6610c42e771e0b69027e30d62d7452a951e1a429b91e834a579b634378cbf7763a8d2b41e7d0eb5d6dfbb289dc862072b48900db11e899d18d	RiamgIro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A68AC15DBFF229B82DC7783461B74E126D5C8454	RiamgIro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A68AC15DBFF229B82DC7783461B74E126D5C8454\Blob = 030000000100000014000000a68ac15dbff229b82dc7783461b74e126d5c845420000000010000002e0400003082042a30820312a003020102020900b7866bdd82cf70b8300d06092a864886f70d01010b0500306b311630140603550403130d47616b6b756d6b204b65677075311c301a060355040a13134c697765782055736f6f656c6166796d204a79310b3009060355040613025553311330110603550408130a426f6a6f6171616e6a6f3111300f06035504071308566f716661756763301e170d3136303231343133353732315a170d3236303231313133353732315a306b311630140603550403130d47616b6b756d6b204b65677075311c301a060355040a13134c697765782055736f6f656c6166796d204a79310b3009060355040613025553311330110603550408130a426f6a6f6171616e6a6f3111300f06035504071308566f71666175676330820122300d06092a864886f70d01010105000382010f003082010a0282010100b0d1a3094b23a86c7754fdd12f4897a953bfd4627e2777e368ac624232e21538fafd3e3540144030cafa45dbe90f4c6cbdd53adbfcf23db1a61c00ddd78aadb36db6e44e65509b4289253d39e721e192463680f275ae1317fb26cba19f91eae339f53cc0edbb754f3ee2e455e3c27f7cc1995578df287d63b67d79e5aa81e0a2bbe458953fb3676343d71d55f7d820dd81ff34f98183d54537c46b51ed19c9e0db8e5020c3adae164f0038e24a88f7684b84703e1308ee107bc0ca88c64db922f0f4850f74dae295be289b61b53f192d1b7f91c30e623411a213af270fa29da0927bdceb15463dfa4c43f079edd8ddeca920e71625614ce7bb0d1de67a06fced0203010001a381d03081cd301d0603551d0e04160414d925d67a9fd3bc33930540e0ae6c3c5432ae164430819d0603551d230481953081928014d925d67a9fd3bc33930540e0ae6c3c5432ae1644a16fa46d306b311630140603550403130d47616b6b756d6b204b65677075311c301a060355040a13134c697765782055736f6f656c6166796d204a79310b3009060355040613025553311330110603550408130a426f6a6f6171616e6a6f3111300f06035504071308566f716661756763820900b7866bdd82cf70b8300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010034a63a5a9f7e5562151c25346b065be4c95d43f57e8f89e1294ae41655e1b12370f0291a042760e80c41d4a2ba859c601aa8136f1a58f2630388ba15991206402337fbf2bfa51da5fe76ebef379b5d09ad881e061dcded9bcb4754953ab381bb71760eede33ce20fb8379ab8a06ff00e8f24bb994d8316d2fb6272f14186e23c33a6631c456e9df7cf49caa6410da228e58870273de18c24a96376e9d38e9c9ee5ae15c57d1e6ab02cb8629cdd64d6792bdc7608590db21c2ee50a78c79ad83d3b87fc9886e65f45e701233a21866ef2ba56c79a63c96819f5838f6f13dbe74c1bf906af13e03bc332931b4fb9d45209d9e090f7e2cbc9354457541e388fc5ec	RiamgIro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74	RiamgIro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8	RiamgIro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8\Blob = 030000000100000014000000d830b6b8939acb4928401060203bb648456bb4f8200000000100000037040000308204333082031ba003020102020900e734ac7fe2d2a7b7300d06092a864886f70d01010b0500306e311630140603550403130d4572656e766f62204162616e64311c301a060355040a13135875646c2053696f61777379726a2041777564310b3009060355040613025553311530130603550408130c4d61736e6f70676f6566676f31123010060355040713095769766e657275696c301e170d3135303733303039323134305a170d3235303732373039323134305a306e311630140603550403130d4572656e766f62204162616e64311c301a060355040a13135875646c2053696f61777379726a2041777564310b3009060355040613025553311530130603550408130c4d61736e6f70676f6566676f31123010060355040713095769766e657275696c30820122300d06092a864886f70d01010105000382010f003082010a0282010100bb993d717e4db3b3c1afae8c665c80400249446a1823d7ceedad385169b93f48f116011f13bb16b705d580389c05c01822a2236871ff3b8b8799c7293cbf71472d4a2178b5630ac3fd4943d3ec90059dc6e94c33a3e338e7900d9d4e2d2be8cecdf4c31149f4c761c3322a328d87c7a63b348c75d11343c5a320173d5db54c261b03c6625e93cc7ae52fdfd9314bd892df03a59df3e0dfd8164575e1874de6277e0f8d7997f23a3d034f0e02e6897abdebcf8e1423daac8efaf238f6c6f4b239fabed016269485bf6ad87234d4df6287b9d1e4a3a56c1c97ed79c926b1b26f8fa29ebc6b4cd39c5ed204a1e4c729d244e9bd97d9c6b0707fdb2698b00e34669b0203010001a381d33081d0301d0603551d0e0416041447a3215ee2af8aaaf7517bbd52253f948678dcf93081a00603551d23048198308195801447a3215ee2af8aaaf7517bbd52253f948678dcf9a172a470306e311630140603550403130d4572656e766f62204162616e64311c301a060355040a13135875646c2053696f61777379726a2041777564310b3009060355040613025553311530130603550408130c4d61736e6f70676f6566676f31123010060355040713095769766e657275696c820900e734ac7fe2d2a7b7300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101009251eb5e3e7f73799f538a758dadb759de5595864fe208bee7b9f04d3d44f041c582753925b84875ba0141ceead9745d606286e5e0d6ac8cdfe2d942edadc671897be611298a2cf670c02999c65efb10d1d35a9b5e994a9b353193afa4ea6d15c9dcc8686ab18db5cb5cac3eb1d8f371f30e49fe6c23f2bd4b7f2efed190990944785beedf3bebe190031b32eba669921844aa228c7121d3f4dd46a5601a8419f44ce7812c928b9eda1bc978fd698b8c4ffd335e72d803c45b70599d3324bc46216e06f5b4d27d18195c3edcf0f302934c71eae7274a6a45412a5c7c16d335aeda7931d26ea22d9dc5a163245fdef16118fe3865e52bc5e3ce46d160fb296ae3	RiamgIro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6	RiamgIro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6\Blob = 030000000100000014000000a7bd54b233b5b2f70af86f5bd1a0c0a772a59fc6200000000100000028040000308204243082030ca00302010202090099e03027519fbe3c300d06092a864886f70d01010b05003069311330110603550403130a4a7577204c616f6e63653121301f060355040a13184c757377656c77205861726d6f6d7a6f64746f69204e6967310b300906035504061302434e3111300f060355040813084265666c6f616674310f300d060355040713064d7563776569301e170d3135303830393130323733335a170d3235303830363130323733335a3069311330110603550403130a4a7577204c616f6e63653121301f060355040a13184c757377656c77205861726d6f6d7a6f64746f69204e6967310b300906035504061302434e3111300f060355040813084265666c6f616674310f300d060355040713064d756377656930820122300d06092a864886f70d01010105000382010f003082010a02820101009ce93dbe9d339562eb762248d1342083156f73335fa1d64c16df1c9bf1566e55ea28cafeada885f862a152cc2ea1c526bff9782c1f925cd1d160cf4699de03766a83f697e707f6bf4a5a348fa13cf83825ca29cfd01cccbf9c9732a68383e7c7aac08e5a443cbe84a9c6a944e6ed93c5557d21c9564099b83ba15d6767b60605286a83a8a49310f99ede9e3e36465bb4ab4655ab642a06a50a80bf40d4807931ae2657f86d374ab2c2aeca2033e2d8de23ed6d8b786c16bffcf3816d80e68ae8231f9141d417e33d478f35f304fedfa33044589a418b9e678eebdfffbbec5ebd744de53e38d37d0ffc91ec474b8d6976c7fd0ad66e02a1c9279793c4ed5dded50203010001a381ce3081cb301d0603551d0e041604148b28b362de18f6f48228f98c02bacdfdfd3d595330819b0603551d2304819330819080148b28b362de18f6f48228f98c02bacdfdfd3d5953a16da46b3069311330110603550403130a4a7577204c616f6e63653121301f060355040a13184c757377656c77205861726d6f6d7a6f64746f69204e6967310b300906035504061302434e3111300f060355040813084265666c6f616674310f300d060355040713064d756377656982090099e03027519fbe3c300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101001ee038133cb95e578467c8dfc3175eca3b46d9f3793a8984a13739b40a3c01af874ab03740d45dbdd2cdcd5a941a99fbbdcb10e761c3a68f8dbf55d9838589b448a4b2b530c4b831a2a1cbbee760e57ac02bb5135cf3ed2e400b5eddd0039d6df153467a3a6a494249926bf96d9f46811e5e08629828c87735df91e0254423e49e857d277ca04b69bbbcd90e050060dfb82cae38c40d560ef7738860403c78009d10303171de8c88cec0959d60320fe65573b9c853b4215624e9711cd41a89f39f64be5f6262ef66dd7acb51b032e0afe337f6890817645b11c7ae43e438321ddc29b92890d16a74a5e4ca91ad6ef7faf62a26387e74d2e7b2067877fe674fa3	RiamgIro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4832D1BACA6156C53A74A472BE8678EAAABC8CBE	RiamgIro.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe
1576	RiamgIro.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1576	RiamgIro.exe
Token: SeTakeOwnershipPrivilege	1576	RiamgIro.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2772	1576	RiamgIro.exe	29
PID 1576 wrote to memory of 2772	1576	RiamgIro.exe	29
PID 1576 wrote to memory of 2772	1576	RiamgIro.exe	29
PID 1576 wrote to memory of 2772	1576	RiamgIro.exe	29

C:\Users\Admin\AppData\Local\Temp\$TEMPfolder\DomriuAdoej\RiamgIro.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMPfolder\DomriuAdoej\RiamgIro.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\system32\ipconfig.exe
  ipconfig.exe /renew
  2⤵
  - Loads dropped DLL
  - Gathers network information
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\dnsapi.dll

Filesize
264KB

MD5
a8ce23c04516bd5d4d1c4a9e62b43a1f

SHA1
36cbeba1499fe2236ebe98a1ae463654dd012f77

SHA256
bafaaab3736c1e3d9e1b38f2fc76476e5cd76d31bf8dea8f4b092c2ebfe36271

SHA512
a16425c814bf29f9267c1c4c0c912da6a63b1fecacfef101ff3488fd080901d583c5a1706b3b27c324215b5230bca59816b0d580b538b27eb4fb80317c965069

Download Submit
C:\Windows\System32\dnsapi.dll

Filesize
349KB

MD5
1260f0aac29fab9ebd48c76803cf2a28

SHA1
489ebc07226618bc37564a471d14232873868d22

SHA256
c524dd903a5a6dd36e35dd2663f967c8d259f875dc8ecd3d85bd894efac6b954

SHA512
6a5469a69add3ca47104ce77ef9ae38e86c637985a01ebaf5e12e4ea7fa9307f532de476b92cd4889ddc0d20b10abe8bb67636e57e85b9bc89b723fb3ff348d4

Download Submit
\Users\Admin\AppData\Local\Temp\$TEMPfolder\DomriuAdoej\RictiFahr.dat

Filesize
1.2MB

MD5
ffb0ef3bf23f1a30171edc95f1b7b30e

SHA1
a863db9f08ac0ddb04b24ac2b327418fc02c03a1

SHA256
44d2b37b8d0f5631f8cb78d79835024f9e409e2ead05a875705415e78754a1e9

SHA512
e5692ab4de4bd0db0358c52ebcaa7c38e81b8b3ab6defc36f8840e98252a8a1773112f7153e7920b8d9ba1d35be80c16a2a32da462b073e662750e6c4e4d2a7a

Download Submit