90c069f975f125e308ec1da2e0789da2e963d277186e5ace1348f77aba445650

Resubmissions

10/08/2024, 11:21

240810-nf71dsxbkk 6

10/08/2024, 11:15

240810-ncwg7a1cpb 3

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FluxTeam/FluxTeam.exe.xml
Size

184B
MD5

13ff21470b63470978e08e4933eb8e56
SHA1

3fa7077272c55e85141236d90d302975e3d14b2e
SHA256

16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a
SHA512

56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSOXMLED.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000093c169e4a3ed2bf611d25d52f16440b5f94377022c87ede370a743f6ff6f5044000000000e80000000020000200000003335a9158c729684bb1e7b2e9aac7701e8957d3d40a0a68c8ffc7f3dbd07161a20000000686224b257afc7c3f756650e27f91360c241c22ab74ec51e2123df0518d06d51400000008aabd4edc5ec7233d4e6f13c21135f9f702bc04154427c0862007da29b67c43810986a9ad749cd34d4b9c08ee287a31b435ea76e493419b208494d76bdb41088	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000000e72c45abb068eea33b7027bec1eab3e1ce404ceb0f88aa005ee05695c6ff472000000000e8000000002000020000000b648b7aeb2330830dc09dcb80e3646b02ca7d73c27dff6beae264a7fcdc50ac5900000005b3d08f36abf121fc4118237585e32d086c884dd9e1a641652b34860a7fdfa2a10d3155c0be480b060b2fa7a4b1d1e3ca1fcbe0f15dcf8761aa21f1d13782bea1546fee9659356ba44e9101a2c23313901aa01ea9082d35585c2ac9ff766640043cbb1d5e2500b31ecb0032279341ece05eabf11ceb9e801e13a29a26a506d49f2e76acdca9f9805bc8509eb6438fc244000000057e8b4621c90eea5f181d213ab23d257011829a9a7f9f57dedab2dbdf702f130c4bc5d210318d54352bdbb3c86d6080f4cbdb250bb7173c11d2ad03c4319c4b5	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429450861"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 107ac9c217ebda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE309711-570A-11EF-845E-D61F2295B977} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2728	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
580	IEXPLORE.EXE
580	IEXPLORE.EXE
580	IEXPLORE.EXE
580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2920	2924	MSOXMLED.EXE	31
PID 2924 wrote to memory of 2920	2924	MSOXMLED.EXE	31
PID 2924 wrote to memory of 2920	2924	MSOXMLED.EXE	31
PID 2924 wrote to memory of 2920	2924	MSOXMLED.EXE	31
PID 2920 wrote to memory of 2728	2920	iexplore.exe	32
PID 2920 wrote to memory of 2728	2920	iexplore.exe	32
PID 2920 wrote to memory of 2728	2920	iexplore.exe	32
PID 2920 wrote to memory of 2728	2920	iexplore.exe	32
PID 2728 wrote to memory of 580	2728	IEXPLORE.EXE	33
PID 2728 wrote to memory of 580	2728	IEXPLORE.EXE	33
PID 2728 wrote to memory of 580	2728	IEXPLORE.EXE	33
PID 2728 wrote to memory of 580	2728	IEXPLORE.EXE	33

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\FluxTeam\FluxTeam.exe.xml"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14ace5c5d8b076d86d0b781219001566

SHA1
38bf4f2748d5cab28bee68a9bd3ccb84f49f4690

SHA256
9b19b70635f292dc3c92730682161c74dfb97e4507bbf18e327bece1a36255f0

SHA512
9ff4997e8c1a61f0a023cfcd03f5c6ca0cb048f7af8fd578b07bd2c39316c92b62d0ff66b65acaeef8b13dc29c8ce6c9fd2f93205598c565a9ddb6aab62eb4c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
582548f9818739ad78c540c3bb4699be

SHA1
70f89066d9c7699ec11f1f1e88ecbbf8a3b2a67a

SHA256
96ff4e040b491e9cb44b99d5dbaeb598019a083b0120a6f5ef6d2b60e1cf05a0

SHA512
66cfcd57913e90cec8d6a6f9ed0616ac5cf4c66967e65f8582c1e637793995a8e1e86f2e8e3f07b29f91a288831354aeb524a1e25099fd741f7f079e2d7b064f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e401bc7849e73936d19263cc4287f7d2

SHA1
d5e320fd3d60ad46251a6b0a32c6c8967ceeb9f0

SHA256
d5056b5f59d8a2f183d6d7a83df8d510a44c2c5cad0908e21df0c4cb5e757e6e

SHA512
df3876a146a790a83f322098499a08e1c8ace3ca1f1116fa93aa255f8085b2045fb54939d808b2ff906be56ceb7d6fde4a6dd586c1afa8ba7597794b8531da1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdf0fe251d1db36fd0992ba638537f13

SHA1
487a874434b9c7aef7b56b8a8ed451a24f767419

SHA256
bce6a224b4029d79bea233dded850a1d6d3ca8d8fbe7782eb637ac8c183920da

SHA512
9acce4ddedb2c902f6a1b350dff45353db6bfd3949f0801dbcd8b689cc8a57f60fbb5c8e11aeba150aff79d3e3e935ea87a795208b2955c48b06a9b105c93475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
479268fd6a5bbbe8cad9a8d065c33911

SHA1
26ba515b8c2dddfdbf2174731269f13d83160f48

SHA256
e4b63c49f20d3dcb8b526b9f35ed1bf8813fb4d7b4a1af78fbdd95904077495c

SHA512
4519f45ac707224048c0666356dc98793c0ce29984a70eb2beb4e98d77bf4e70694c961ba94d38dbf4777f7208e06a9fd9fab714d033577e28d1e7395afbc6de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddedd5d0e38c0494f121e9da6460c6bc

SHA1
4061336664f0c1cb826116ced2a03286b82c24a1

SHA256
e31c7c0cf66a9bfa4f53c582ddb240b3159ebfee8516c6039224d0e8cd6286d5

SHA512
23753a7b69aa69379be83592c5233a73a022dd2e37dc918513941c0ff5560199b9c484e5a4a569073d621d6a39b12cb683934332af32294219ff78b685a4cf28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f56e892cb1d5f19327b69206062223d

SHA1
52a36c4994f344260796a8bad8a375774bddf3be

SHA256
11083d31fc2f86beb6f25ba8a7354cc7d9af10c171c0326b3c018c4284ddb690

SHA512
fcfe86f04397493d5a0e3e9f627eaa5e4f84a9fda98b43ffdb0b74552f4bebd444b4cc945f086230feb1b646a0819384c36f177d289f25467286cfc632b32a32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bf168510b4138ee6b718ca1e3391b46

SHA1
849dbab172f34b3b433f97ac6824becaf53ec55c

SHA256
5c49b83f230fdb89584341ae917ae0af4d3cacd2d47ce25faae99fd9262e3d55

SHA512
caad4b62014cc533d794b3fba5e44d0001a171e5c515d0fddb7f32a198442a38db1cd51396dcf4cf83bf71fc5b116bf3e4dd4a4d9c6d610986f2bd8bf0778380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27928467aaad69c0cf71e7df8fc15963

SHA1
3af7c65fa4b49a873e07aa9712d0eb7328714455

SHA256
c29450585e11f956d05ab96f209e9a887fc8db5cf63e221b41fda3cd1b3c0f98

SHA512
d9e6a7ef7d5b65362acdbf1c31518349ee8a0068a298ac9664f00e9f3585328c72871cc49fe4cbc221a4f3a7831dbed51fa563185125b0c94f338a75659b729b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4f9b84489e60b7aac210c11cfaff951

SHA1
6a9b170e1fcc527f0d413f233007fe60b04bc200

SHA256
732c8ca9cdc30a74062de4eb66e6019482914b4c5a612c48e2963bc70a41940c

SHA512
5279c45bcb0f571164df0b9f3a034dc91c514cb5b1ef0fde6d85ea9dbba65ab3d1193e2fe07c85b5299325121ad77c364d4111f621f3c8ba8d49e456f7ffb304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236bf474280454ba322408bcf88e7d0e

SHA1
f5b2f617f4a569bdc83d84b1ae407e32c2ff378d

SHA256
6345e6e7afb6995558d76cd4c3e458b4d2d1d458f74f3f2124fbd33cce4596e8

SHA512
b79f48426d3c57964624de550f3bd46b6d6dbebec676ddcf15c5529a6577bb72de16a16a02ef45c7d9ac57d051d17ea027cd66295af1b9a69b632265bfe69a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
149575ccbf0b7ce85aafd96fce94cf75

SHA1
a49b1db50e8461907b201fdddf95092fef041b59

SHA256
d83aa5bcff448f51a036972422ec3d6c0547fcdcd031ce2c061c7ea6bc41e4d9

SHA512
490183961ab2dd786809035d30c18c7cfe01b098c63facd4b6f921fa7f3ed6f4c075cc4173d6e2946027e4f6999fcd6024ac3a5ac09b9314b71539af364a6ea6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45ab6ab943358e0b0cbc59f14431a9f2

SHA1
271afc1022267ffe9dc12122d92edc2dd3e9012b

SHA256
97a75cf24d0ef2334dac4cb02067b259b206a6ae39a037bd246595cea333fb55

SHA512
2f8b89252206da0c11f019cf43c154c07e6eb6e5f2c53970a4520b4c19818a499e485b79a7a51accf2cd32470b3dce1db87ac55963bcd34720e0deb6ddc4e2b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df7e94514ac75304ea1f84392b0213c3

SHA1
369ef851f370143641e2b692e01dbe33fbc6e643

SHA256
3a67f47d798ad41eff3d2014aae5c41ee9bf5c9aad3c052955cd7b2ba8cdde3b

SHA512
dddbb70b17872fd2e938aaa14480141e4d94bb302df517e10bbcd8e2a438739ba6deb3844d739287914e257b4b97ed604c8a5da4ac3bc387927b37fd6e7efa89

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCBE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD30.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit