8d87897242b12a5327ce2f4d6b5087a9a7c6071722c34e849b95730d6b7c1134

Analysis

max time kernel
135s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 20:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

l2text/server_help.htm
Size

1008B
MD5

8ca4068d7cf9bf1e6cecaf7236b06df6
SHA1

810f62ae006d5f5f6c187a285322ae42b2c9e027
SHA256

3364475c70b49af969e0611c88bf02e204582b5bbef8835ebc42783e54749efb
SHA512

e5ccbe4e45bac2cbf74705ce7c8b449aff158041b1dcbbd3fd38d7f0dae5b1a6791c9c7308a0cae7f57cfbb98e6508753389dcc8ea7d0d7189929f32e70b858b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d7a1a2e2fd56a40bd46e7b5ade0785300000000020000000000106600000001000020000000ff96376d2bdc08f8b0a9606f3710b5e8eca31d6ea11036ac2b1e0b4af7094f40000000000e800000000200002000000028153a3e01d8b0a52b1b7cbfa8aeafb1e7ec3a21507659547171136365116815200000009344c7021f45f9c11f086f56a6c534c252d1f874f1b2ae7f47e449a26daae20a4000000017e5d2e2895537132ad60663c68452a64ab512b156987f846d7b1671fc8f8410da61e56ae5a8443b06b5d371e3d043457aa44c1daee17a4404c40e017dda1cf3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d7a1a2e2fd56a40bd46e7b5ade0785300000000020000000000106600000001000020000000462825cb123af85e463515e2eb06a1c79094dc5f09ff986054cf7340ef72c60c000000000e8000000002000020000000e86363ca4775927a7073a20939249765ecae02cc837377d04a37769c16ea47d6900000006d89d9d1a82c82f7bbd9cff495c68aea869cf3b9c693dfe9396002ebaaf6d1cc525cd9863a22fe1adcdaf5dc5951f840cce23dad7559d79366bab99229ed55b59c51ebc5e8919756c839e965117abd93b0e159b6be55488bf58ce07fcf995288a6b20aed22c2153149505ba4b06699026f9e338fb1b73417d571161c81de530c55690947044a3365c9b522a374e85b6b40000000ca95aca31185fab0608d51987e474beff07b73b2aad0aaa431d8f7cc086ea84f12932cd8ecd840aedc650ac9c704e78930d10c182a3944bd497d4b022fa0c59d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA33C9A1-37EB-11EF-93CC-729E5AF85804} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10cacbaef8cbda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426029027"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1680	2196	iexplore.exe	28
PID 2196 wrote to memory of 1680	2196	iexplore.exe	28
PID 2196 wrote to memory of 1680	2196	iexplore.exe	28
PID 2196 wrote to memory of 1680	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\l2text\server_help.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deafbdcde017d6891f592047cd9c2885

SHA1
69627b6a2773321ffbcdfe9820b19a3975f189e3

SHA256
d028639baea143390c9f66ecb1f1751155f99aaa03887de2ad9da0ed64fca452

SHA512
2625ad43da1aa4840158f760a59017a8c98fc5b8f88624381f630c3a834447641ccbe5fd2d18124db2076a7bbc0586aead613403bf5f9880cbfee20d5391f137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90db843f04f762db60d758a69cfb6b0e

SHA1
1ac866f5e1a22d25dc20559bc0b5c874d78da450

SHA256
a621409a603c677a753ea4c42f19a1f48f8669d356b729e0de86a68636bf0827

SHA512
3b6a278b72a7cc61897e16753d257cf6db6ab0092f8c83891aea3911998d35697be5cddc2de73e705700aaba7d73be487ee005808a19b9527d3defaf9af37103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e133e17df73b42a54fbbafdfbce36d5

SHA1
1a2cab8c78653c995067b527daf78208efc27678

SHA256
a34224a13a03d7b38e63976cdfca70ae0a3e9ce526dfb92d4494f3323f45d363

SHA512
3de4282d51d8d1d11f4f834d7a778f536d89d55afda23788ddbe68f0dde0461bfca9f6f426980ca6cbfad86a66a598682b704692687dfdbec6938ab8d2622168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bb416b28f2ac55980cbe3ed819cd097

SHA1
8700b18e2f65307fc594806815f7efc44486608f

SHA256
1a73eb508ce11e2d22a899a4512ef3c211e490c344d9fe4d6772a7e8ec6ff0dd

SHA512
5712b7e6783bdb6b41c9a26ccd0c9b12972fdbed1248f3368b288aff0768d420e89adcf2ecab2286b299c330fd21dba2da9b1570cc5dc0067569e30835df903b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
441d9bd19faf2141b5e8de8fca637d96

SHA1
2312932a341f657d96cf289b6791b56693f586fc

SHA256
697409e2535f49e8ff3a163b874da04cc4702a4009f3d57c06307278c552080a

SHA512
8dd3289bd6bb4d1adb5859ae42180d44d1c7501dbecfeaa8aec632450294ad9006ac1994598047e0b9304108ea4f536ba0f9dbfa045a07a63f27bf1fb5bcd393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a5fff18bcdd0e3529abaf744b41ee21

SHA1
6e8bab6a8714cf34fd94ea6735539dfb6edf231d

SHA256
e76daff3d5e1227abbdf7aa4313928ebc8462b75c1f0ed49deae4d704148c135

SHA512
e3b542a2ffa05c7bfc40a246c484b9921f36f827becdaf8fff96fd6471a85175c71c756969278e24e017aae06b5cb657f92b89936b3b996f9e19e40dcb760279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98200d7cd881b015d6bba197c284a930

SHA1
e5cce35f1ab990afc744d65667f53d79f944a9f7

SHA256
968ac1fe631499b0243a5171623e50e76b2931a25cb1e273bcdadb7bed15c397

SHA512
9c46730a4e712af956564e7e2575a7b3daa1a71973fb673c4161a8f27dc4f0dac778bfa04269d4192910b4b9b1850c0e2f50daec7cd9ac5a05ed41002d41e8f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef97e4af0f9be9e8135bad89ef5c1626

SHA1
07816d8a09f6d0307b62a2458fd45229a4e73c69

SHA256
c6cbf8a7016aea6aa3e84e7ab8fb35be914a47f1b2a4179e97fc32f3e6e3b80c

SHA512
8d10a0becf99566ca8c951e013fd1f6d1902ffbec59e5cf2591d38e0ccf8e7d04f621a6551f41c6880cb7833a631db226729ec778adf620bd57465202c415647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35596806c9a837985ca4ae733e4c4a85

SHA1
8078b4f70f3d4bff38fb0ae4db70d5b16318db6d

SHA256
661644be4634fb922d32043d4b5d73b29bcb8f497133af4da409c71b4f7b10c3

SHA512
4c4e3860f44a6f554a05f237325cdcfce37fa603ba95e7dac3a03ba317a09d88d104a6927d107a90400b13174f85711a7813f2991585dda49fc9220b085560b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c13d578d92e7e4fbcfbc677bb88227ed

SHA1
759cdb4d3f3b95525f1c4f8859fe9b297ca28403

SHA256
6400313ed9cd7637436705b52ecc104e02e716791eea3fe9a56ed3fcc347680f

SHA512
12433c10b23bdd619566b04e57f9f50514d909cd2c06a0be35d4d4034046d32f30347fd62d7700e5881bb7015519f5bae70ba2ba5ffe7d765b1dbd6e1d4d29e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53b9767efccc56f622a8d0680ef428d0

SHA1
6eb86b53c2ede2cc13185b34b4d477ead44076ae

SHA256
b0a7f994b537cb330fb45ccd2e2deef15d40fa22dde0664f74a424a9b0b8febb

SHA512
e20b58421a2ecdad1bac754c78ed3843247a530fe89bfdc30375403d21e7a053f8ee5653c9decff1304cb7b66a29f026a7179b37725fda2855aa008a83702439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ba1218aa97eb01d96caee0b559795d2

SHA1
766cb982840e7ec93ea1752aa989eda22d88a01d

SHA256
67ca502affbd246f00625811fa30d233a8fd27ce6e2f9fa5ca945f99331f986a

SHA512
8504f37ee83ca6dba5948c568fd7d2320c7ed49fd34a975e7fb75680fea7678fb073b0ed3e48ab8454ca7967180615fa066ec3754c5452c0d939f07fedc6a4cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
926e504aa982c5e8345d2c1fbc98b108

SHA1
9aeeab10e2256e9bc5f4deffc5e469f13dcf28de

SHA256
b409f13226e0c9a1fe30554b673890b706cfd5ebfc6979669e5fa513c120f1f9

SHA512
e1eb1cccbf9e86e6fa3f097ebfbfde5e2d4533408e892997dd69f2386a0f7e71f5035053b0a6e5269fe1aeac89a57e6f48d144402475dcc5fe1f4de88e5c0006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6b2620514f59877a62b6136b6f24248

SHA1
b1f91f596e4c117c138680ef627b57bd6072754c

SHA256
553e51be24789d65526d4e0f6a5564c28bd8800d8dbb328186f9b8d01b0d9516

SHA512
c9c2ef37502c3c33a64ff1c1e7c0884d58128d08fabd487ea5409f308ca7dd71dfeb2d7f42b8b3581e4e88c213e053d59a44f4cbc4682d97fefe8d78f309621e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13cd87631f8327ae20fdb6eda7aabc8e

SHA1
1875ba668d834b8385f7770150f7aff659640862

SHA256
5535ec0020c5df9c2f1a38cc4c9de6d959cd5ff3c7ba83fcde478ee539eb62ef

SHA512
e9da51522e9a4773ca30d8e3741994d1e29697b8beb52fe62481eb971c6f519e09de9e907412976da5b9dac454a16f8d977a3d46ec9bb028c683679a008a172a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b3f58a8eb9f55da059c75ac059c67a7

SHA1
ce01da7353cb46e1885a5b8dc4bd2396f39e9989

SHA256
6b132193b18c5fca19783fdb6a37b1594537fe74d189d2598f03c75acbc3ce43

SHA512
c5fc8997fc230ccbca96be400d74ef16e916dea6cd17a151de22d6c7c14283b037e972e224d3f44ac7a4bff831fd82ed0ccbc783bf493fe61ea0c480c2a07e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1b9f59a900129212eb85cfc0a2faf44

SHA1
9f9b1379abfd41fe2ddc26d04f0d46d2fe0f3a8a

SHA256
666ada932ebd898d3eff5863098aee774535be77cee6022752b72d473796d47a

SHA512
c7e2b92aa79d96f77e3e68f75a29c88e34f58a3f4a39445a6047eb47a0feec5f658e0c53ba0bc67f56c0205a417dfb807a8227dc11b8138cd707ad39a9c3af06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3831.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3962.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit