002f33fee7b8a159058368b7e93e492931c4ca72e90660bdb2691bcd62fedd3c

Analysis

max time kernel
61s
max time network
62s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Battle.net-Setup.exe
Size

4.7MB
MD5

f7fe24cebbc4b0332c77bce563e11b1d
SHA1

744968c9193e5a1b96941695600d3770e61a6ffa
SHA256

002f33fee7b8a159058368b7e93e492931c4ca72e90660bdb2691bcd62fedd3c
SHA512

a3f1e0d1a2c20dd1c40b5039085abf47a17a313590f40785181a4559c6b53a6622ab23a540fa9d56604ce4d008861558636acf798232de2d6b493e4ac4c71ef4
SSDEEP

98304:F84BwyMWieDN4+F/8njOyiiqTrAGlucx:FAEwnjOy5q9luc

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1684	Agent.exe
1172	Agent.exe

Loads dropped DLL 2 IoCs

pid	Process
2144	Battle.net-Setup.exe
1684	Agent.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Battle.net-Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Agent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Agent.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Battle.net-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Battle.net-Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Battle.net-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Battle.net-Setup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2144	Battle.net-Setup.exe
2144	Battle.net-Setup.exe
1684	Agent.exe
2144	Battle.net-Setup.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1172	Agent.exe
Token: SeShutdownPrivilege	1172	Agent.exe
Token: SeShutdownPrivilege	1172	Agent.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1684	2144	Battle.net-Setup.exe	30
PID 2144 wrote to memory of 1684	2144	Battle.net-Setup.exe	30
PID 2144 wrote to memory of 1684	2144	Battle.net-Setup.exe	30
PID 2144 wrote to memory of 1684	2144	Battle.net-Setup.exe	30
PID 1684 wrote to memory of 1172	1684	Agent.exe	31
PID 1684 wrote to memory of 1172	1684	Agent.exe	31
PID 1684 wrote to memory of 1172	1684	Agent.exe	31
PID 1684 wrote to memory of 1172	1684	Agent.exe	31
PID 1684 wrote to memory of 1172	1684	Agent.exe	31
PID 1684 wrote to memory of 1172	1684	Agent.exe	31
PID 1684 wrote to memory of 1172	1684	Agent.exe	31

C:\Users\Admin\AppData\Local\Temp\Battle.net-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Battle.net-Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2144
- C:\ProgramData\Battle.net\Agent\Agent.exe
  "C:\ProgramData\Battle.net\Agent\Agent.exe" --locale=enUS --session=14302421463220841644
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\ProgramData\Battle.net\Agent\Agent.8806\Agent.exe
    "C:\ProgramData\Battle.net\Agent\Agent.8806\Agent.exe" --locale=enUS --session=14302421463220841644
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Battle.net\Agent\..Agent.exe.26.2144.temp.27.2144.temp

Filesize
297KB

MD5
dacbd6fdf0f6d10dc98ae141e13b8849

SHA1
10cdfe582409b715a4a4e351d98f3e907cc34605

SHA256
2c520f3a7ba52eb093defcc92db0eb6c13990dfb9947f95d8d8dc44762b99335

SHA512
c2977e99a5712417a3c7f6d40e386c503bc409c2c2766c387f7ce1e18196b41a5920a2ed1b25138aaedc1817aa46a0367058f63cefb77db021950f053db402c5

Download Submit
C:\ProgramData\Battle.net\Agent\..AgentHelper.exe.17.2144.temp.18.2144.temp

Filesize
1.2MB

MD5
c25bff2a228d29df07d622d02621f1bb

SHA1
53ad00fcd88a6b52a3de8d737b3f434b242610fd

SHA256
01cabf8c2d26d2befb10356294c80b8b39aa9710287161cfcb14358d969eca3e

SHA512
d24e0953cf3571110af6ff7d5457976a49c620bad2797b1d602450aa755190b93aeeb4cd3804f81b7b33efe8ab35349fa38c530573f6a20d5a1025d76383581e

Download Submit
C:\ProgramData\Battle.net\Agent\..Blizzard Uninstaller.exe.11.2144.temp.12.2144.temp

Filesize
1.2MB

MD5
39bdb3bfaf3ed89fad4865e7c70bca6e

SHA1
347cedafe1d0a594ac00fc7f512b420c364a07f0

SHA256
44ebf0cb8e9e3148a57e8767d3a0eaa46cd0180137237b7771fb62e2e9e75dd8

SHA512
01a1cbe5cdec64c496e737a4b698eca8f3f0bb5883b463304942789898343d7b91a1d5b475f4ad992eff2e14ef0eebd52e135a99aae8887b59d4ab0839d2349a

Download Submit
C:\ProgramData\Battle.net\Agent\..BlizzardError.exe.23.2144.temp.24.2144.temp

Filesize
448KB

MD5
19e4267e5d1685d10f57d49890defa15

SHA1
5b5d3e3503dc94bf1763a793bbf229ac07d9cefd

SHA256
bc1e5933220c841a38d211d9ffd0a2e6a239169f28bc0be755365bc995ba56f0

SHA512
c7565468ba414e8af3a2b84c291625d55fb7c752da0d7ad0ecb66140250788c68107fb7944d1a6cc83bb2b0943a602e16da1726d42d5369bc38c1c9ff3c785d9

Download Submit
C:\ProgramData\Battle.net\Agent\..LICENSES.14.2144.temp.15.2144.temp

Filesize
3KB

MD5
38419ab362517167eafa313b5821d163

SHA1
58f2483b959fd19dbaae51b291273556b4f62216

SHA256
bf0e312d933bc2a2e3869a05b7d760fac5e4e569f4349572c5269683f43610bd

SHA512
f3cc716e19b18a99ffed9ffbddbdb5246616f19deffb048ae91fa3463359134e1e043c20ee6308e2fff59ad868be839806e89ba9cdb4a59e5d7483610941b3ce

Download Submit
C:\ProgramData\Battle.net\Agent\.Agent.exe.28.2144.temp

Filesize
617KB

MD5
bac9775735e1ee08fabce69ab993a3cd

SHA1
65b3c6f611a073f26fd3ee2c0ae1eef5a9ed2879

SHA256
874ed99329c3737e0f158f5194d710db02696b5b3f13b05bb4e5f37e10d80835

SHA512
0c164769c37137305b0c94995d57397fd8b8fb04fcfae1752027eb787fb38635cb63afeb633118423eac544a37f7fa4f6f995d2ea2c057dae11e2d1eefa55fcd

Download Submit
C:\ProgramData\Battle.net\Agent\.AgentHelper.exe.19.2144.temp

Filesize
2.5MB

MD5
ed05d4dc29383bf73a4f4d22b63893aa

SHA1
a5bbae9d3ce03566b46f549f5bed530f371290af

SHA256
573e4a6572c45027be5ff69a31f748ade2566c4f2d6bdbf0749e661832a165e1

SHA512
60fed7e88e076b352f727efd74deeb6f84fa041de6c69947959ddf1daf2c6bf6b7586f2c01d7e86e8e16e6fa41e133d1e1d04b9f5ba9e5fc206b33f1d84af40f

Download Submit
C:\ProgramData\Battle.net\Agent\.Blizzard Uninstaller.exe.13.2144.temp

Filesize
2.5MB

MD5
b8bb284b7cd26643df6876d665fbde02

SHA1
998d87f733653d1b44b1f2359892e214faa08fce

SHA256
117420f75d1d5db1b3908e0728f748198d37894af980f7614226480c7dd7baeb

SHA512
fc2e4cd8141b24f4225af40183f111f6f27e237a9bae10c896554081b4dd0151839d0e19ea2ae4a0a0c0d72d27028dbd1f79d8aaf3ed15e7c05893d69953c0cf

Download Submit
C:\ProgramData\Battle.net\Agent\.BlizzardError.exe.25.2144.temp

Filesize
877KB

MD5
a44a76265f9f22258d7665ffa5262cb6

SHA1
473f7147369049810cd1299ecb7406594e088b89

SHA256
be2394ff7880e403a92ad773c675295a47e9fafe330f01df21fc886f5383b21a

SHA512
1e7c044c64e7ea1c8ae0ee68a688366831d4ebb6353d03f9819ff0839d09b453acb2bf9c109fa501355c6f70e835f2da4fa22b2785faa99c188a0d3b7adf5f6d

Download Submit
C:\ProgramData\Battle.net\Agent\.LICENSES.16.2144.temp

Filesize
11KB

MD5
e60c0cc3b71baecc5f08c6158a711c79

SHA1
c6a430e9e65f4a515849845adec5e6c27e7318f1

SHA256
4fa74fbb073874153bb338746857bf75ed7be0b436bdede1d8625eed2e6c0f3e

SHA512
33bc4707e85ab5811dcaa10dc5734630732d7e507e4bca71d0ba47ce52ce752bc4a564332fc49a9e026a168e39f6642a15dcc639555ff568f777bd1ce9920061

Download Submit
C:\ProgramData\Battle.net\Agent\Agent.8806\..Agent.exe.20.2144.temp.21.2144.temp

Filesize
2.7MB

MD5
edb9a9f825a0baee34b0d79c17eba0be

SHA1
a20aad319ac419867f9fcfb60207383c2cc60779

SHA256
879294936a56779b369dd48d243f7035403035cef6e9ac74b196c454ae61e3dc

SHA512
9b4354d1c4059eabb9dcac339ae29dfb352944bea45216fec0a9e3f55045a4ab57b2e1559443f9e7162b63a7d50512af1d1384e7f0acc226cc2a49be5162bfa4

Download Submit
C:\ProgramData\Battle.net\Agent\Agent.8806\.Agent.exe.22.2144.temp

Filesize
5.5MB

MD5
621bb5298b678b1d9274315dbea26a2b

SHA1
58c336c2d5300c4a7c004738a0c523b3bcadbba6

SHA256
c9cbeaa9873a91e26f5b3ba21356981a2db4bedd2f4eefc4f64782b77d20a4e2

SHA512
e2bc8eb987ebbb8e06ebdb395f283c1fbba51649b2e4601164247488e6973721b256beea2e52f4400d2ebd2ab6904d30a75c8c4309ae883104bd1bd90ad84d2c

Download Submit
C:\ProgramData\Battle.net\Agent\product.db.new

Filesize
193B

MD5
9e9f23a393ae4e71fa995ab75890c4f4

SHA1
56ff1d9a7eb7f6c800c05984867c1bc4628e0dbc

SHA256
69992f48d4c023543fea017170a89c9ec16282c41668588dd751f3ee0149d28e

SHA512
c043d778e2b09c942665df06243af2c47a1fe335aaedf164768d74591205e129589a76c3c363a1e1168b410307edd24e18f9593602a84fad4b0a6e86b6a0f047

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF652.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF839.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit