578993fcf8d57252bc34536c01dc853a374e60def68f60b2826c3de0826ea00c

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www/plugson_image_list.html
Size

12KB
MD5

1bb7db835bbfef8d24ebe94db5eee3a4
SHA1

f50efd65f01737d90ede00c17740d8d95942e286
SHA256

55994e2ff5d37ce0292e5d52bae8fbe9af5722b329fa54b26675b6408005f893
SHA512

30f1e7672d5e85729c1cd0164a1998edf3436cb0eb7e2b0cf559386943fbdc986167c4688e012a661e7faab442b477be08c57dc836ed2648e8d18e2e7b806372
SSDEEP

192:HiN942gr4n7A2Irggm/WoKQQypc/nJN8R2sd8Kt8eNz:Hgu2SsAkYQQyp84mnex

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428809052"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b76d6e41e5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9988F671-5134-11EF-BA91-7AF2B84EB3D8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000051880e2881a6c679d80853a8da77eb8749d8b18729f4754866c9d3bebb749313000000000e80000000020000200000009931e043f03633051e04479b0b45c88bc2cbd27fc539ef79bd75b9030f0e60a3200000000e64f37b43f3e21e0ecf96a126a2058adcce833a93965e6755eb19bae6f071ce40000000ba9ad44fe3060dd2466bfc1c96c322ea110c39761997daa9e5d82d469fc6a92e7c067c9e2eb2e86bfbe0943ef86a5d9d4e94bc324f4b6e60ce98b219ce0ddc58	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000da9ca4d8135e81e2facfc6151c169cb1113daa61b9174f6590aba8bde14b8345000000000e8000000002000020000000e9e95b26b97d8620b192e1f52ae99aa7737bb992c03e01f4417e2477ea5f6d2590000000933651b5e2a64ff82aa4641ebf404ca47c48241f816155d2650aa1e8af6a51fb43e924e56a7a62129823eb68c572d5db8e90ecf42f1b31d5c68d7967df4431d920b61eebce7d3293fe0eb0db231645c99dd581f773bde979ba868b9f127736c87f0af9a2d39b2245301f8c2be9a6ac5a5bba3e52440648e45ddf37a2cd83a93400f066ef066cab04938738d090def9694000000022ab012d60fcae1638e2b782c55ecada76ff1d6fc5a564d919c2182b512c95fa23f77e5439dd826c2c3446ea70cb8090cb1ef9fde66d7b01c4150f6568b65757	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2472	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2472	iexplore.exe
2472	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2588	2472	iexplore.exe	30
PID 2472 wrote to memory of 2588	2472	iexplore.exe	30
PID 2472 wrote to memory of 2588	2472	iexplore.exe	30
PID 2472 wrote to memory of 2588	2472	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\www\plugson_image_list.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce449c998ae18bc9b728c0e1cb62e6a9

SHA1
2bfe26c3b96ad502d6c45622b7be635eb05ce944

SHA256
5a3273b83323d4a8467b02239ce8c36ea1222b63fc6632b8f41ab168ead9c1b2

SHA512
612d9f7ef56e644bb9840c650fb51a96728982192379dcc176196ad0a7c0e612d1a8654aa40c408c126c0d3ef1fb15effa8b4252c36fa970e3875edcae7c94a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46235777761d03020a7cb2ca8d5118f2

SHA1
4c6dff35c08e6cbe149076af85046066e9d83801

SHA256
55b1302a3b93a9fb52e5464f30092ae8fb29007a298d59fc785eaa1fffbed84d

SHA512
fcc112e999db79820bfa6cf172d0aea06b794a335acf0c7565064c65e8fc610d83e867338579d28d045137fbc814f6fafcea79fe5e54bb758bc7c88f675fd25b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
145287fbf154c8e67716cf852071acf0

SHA1
34430c3f1485d71babefce5cd116c8142fa6154a

SHA256
e3107bb08459151eeb6862296cab2ec7c9034a48acff4b94f30063098097bdc3

SHA512
65acc85d4fcec25c44d3072f1e4052bdc51fe8e0ebce773343dc47248a1ba460fe7d25cb2b56120694286c3635ee06db4ce7eaecd8a60e18d01acad988998b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d8f57bcf8b0ee1a055cd5a49e1fe99f

SHA1
9710834574cce94e17ef1d6e31cefdd2e0b55347

SHA256
da7866a2673f676bb878fc570efa704c6e81d4c4e2e5362f8543e2dbb1ae6472

SHA512
c9191796b1fcc0ecb7265a1538d8f2c2f6306ecfdc5914de8155acb0e9cda57552469830cd7dc766e3dc24af115debbc731b8808a300493c3d2845a9a40c0642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46b1521620e8586e6316e5a0ceae9e6e

SHA1
aafb0ed1e8fb575930f9b94f4f52068a111191ea

SHA256
28c1924c489929774120460000ca9ed611db490cdc899a165315989a484471e6

SHA512
eb0aee1220b3c99098adc09ac0fbf03c6cf2b50cae64ea1e30287e0a70c4df3caa4ac4f3826d17b059a4fc34dbd656c0193c136a3199fa653de584d60a9dfeed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab8b5c21ca746ccf1e8e1fc3ef5f857b

SHA1
379e15f1ed1abff5afc0ccb2326cc0cf888ec71d

SHA256
6b0da35c2feaf26f8c0bf40f89d692af82af0dd431a1617699944dd0611bf21a

SHA512
bc91863baf8a6a6d962fb09bbf976b55f8747e20eae29089b1b2a7e0b76412eaf4815b5ab85102cd9cd6e44327134425bbf231cb305efe607c0a2b957b22bc97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3480fed58102987f9a9493addb5f47e7

SHA1
e3537c31d78668cf26f9bbc8ffc2c12b30ca36c3

SHA256
8a8772ec7c8428049da73ce016867b6c675f1428522f705ce231928c6b1e17b1

SHA512
a77c0aaac6aa2c579585c6571f961643c3a719ac7d8c99b7b73223ccd3f48e1c311d2e0d589af8c2916ddfd723d8e28d1d9a39e6ea2cb30801d136d1b0593731

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bbc359b1722262115302ab9444a66c7

SHA1
a7849efd19eb123a02ef7ab2ba38105d353ec027

SHA256
2e91b0f00db13ea94640ff5e0499abfa41774071c7372fa2c5ce2cda58287cf2

SHA512
ec85d997e1fc369b5b06deb1de0da6b4fc94888fecef8b7bdd97cc692116ed900fbfcb0898cad9fc3e7a385a54f6cbde435f0da0237e8eae4e2dd33d1396bd68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17c0daf67ffd08b5cfe84abcd1ccf9e1

SHA1
cf51d54c36d364665dffa295713e9b8ab727e5cd

SHA256
70501ee1b800f42fb7cde8eb570b1b51f46654b927038e23af00492f3e3bff16

SHA512
727e6eae0c653b662cde098c559cf5e0a7b70f1aa45206537489196e20365d245c64216a205bd2329f4f91a47b286286555da471497f68a045cb7aeeda022a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ec8365ef3e3efd7bc2a641896e78e71

SHA1
62fdef2ae56b2e89148069b13482aead7def8935

SHA256
cf6ebc8608b38ca3c2455965745880ad17f5b2daeba43bfd222ad37e8d956c6b

SHA512
488572a8f6fb72db98f1a64c409392d90b10670fa6629d260646880d131e460333f226d4a8f0ee7f8f09ce7de2327f863aca7ef6589aed73b3bc7ff112804f2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2f7f06e738904ac2fcd1549d281e9d9

SHA1
5b5f92a7d4e212420ec3e67cce068e9dbaec48ad

SHA256
eb7f26c070ca49de985232f2d7e313f30f7861dcf358e96c5ae4c8d2f6823b4e

SHA512
18a5b500f805cc70a7d3b98af3815ba44eebe5607a26cda997ca1f3ab3633887c80301d22afd957ef412a6773e633036b7f3a968557819216913565fd8491c03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
836ee0dc4c1ffdb19bfeaeea921531d4

SHA1
25c5f5f0b69f83d1b048f91a530eb7dd65ef7055

SHA256
ecb9d9ea6041894656f439825494f02872797be4039cd32ebeab9178b5871d8c

SHA512
0da56c53183468748dc21a067a17de9c7bdb263c3d752d4a3c5adf20b0c9bb1ee8c73e5390dbee1f39e000398a507ad43bcb81a5cc3ff56cabaedf3a6f1784dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4128d15c69698692474a272ff65930de

SHA1
d3afd60d9b19a36b8b2f1c13d8348f59b968d7ae

SHA256
3a392fcf9fd303ba24bfaa709f0c571f3e413e804f841eac7dd819aec1255071

SHA512
05f15eac558723874c13d773a4cf5525a086c308c97341cea4d8e95c63d3b69710e6cfe4a3882598449c497bea05a3caa6e7cf06155e0ad27fcf8b99fcacdb3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a18248d9a74c63a623924cd0fd1e78c8

SHA1
d70034ed6250d4626d4589eda45a0a7397cd6f98

SHA256
cccae7afc1db72a57e1febf2b1efef7a6757cf6973787b0c34924eecd022b48f

SHA512
1553ab91434706b0d595bbf6a159b3c525be2c7be63a2cfaa186cdac476e636b741734e56313cf258576960bba7d0e138bdb1bcf72f8f1c68c84b89bd6b6a9ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdb5f01a9fd6a6d288f9487e56516c6b

SHA1
8bf025677534f48639d240f8325501c9e3bba929

SHA256
89c598b2724b85b235bc385031eefc7884e5b78257420f768d04a8235d13275e

SHA512
b810b47d6197a7c0bfb7f8192f9ada6a20368148332a4f9bb6b9698d8bace26324bcab3772473ad7a576e7d8154c0012d8686d13d5f47bb9901a8d97d7fe5ba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b62a88eb19b77a402d4f2abd0e885eb

SHA1
27eaec13575c489c3a05d03bd69f5bea38bfda07

SHA256
fbc5a597572e55fa68d1486b024e09cd0b299e5de7fa051b970182a12d7bd66b

SHA512
c48413a4383c62493bedac3c1330ff4ac035de6b818d5fca6e99b139ea5df634e08c47330aa73242959d9e8674cbfb086a9234a519756cdd4f66749d63674ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c3b2cf0189543dd3d7ca619ba4e9051

SHA1
1eaa85a01a893f770c26351455ec97c9a4a3430e

SHA256
0493552d9ef5e9d252cca95e3c2ef9f3a349ed25a5ad9e72699ae3054576df52

SHA512
c915136f246430c8f96b31d527de0ba79a70226236f8f79bfc49aa1ab5fee1dda7b74e962d01b0a1e610c39c5ce0911fcaf8ea62419d062d7f696f5de973f116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E0C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F09.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit