23ef4926e0d3e77b38fd3cdc0e7c24d95ae29b1bb296d24e18d5650fc0e27386

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$DESKTOP/ԱմƷ.lnk
Size

1KB
MD5

3801cf5240ef322de5fb53224f763068
SHA1

e4286f9b6e5986b6a237bc70fdc03e8a36287e11
SHA256

23dde6d591dc39c8b7901a49ce2edbe1591ef2b68d69700a4c81fd741f2d714e
SHA512

3d26058c20050e236cb78533485dc2dd02ed6be0ab7037e8eac5916b75abe189d38f57ed45899787cbe69318ec4d6763633d1a8a96600fd0b20b83aaa9f03ef4

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000004b6e9dfb602e7ce69977cb914df2618d236ca3a9da05c29dd31a1cb059f32756000000000e800000000200002000000055ce353bcf76d936f75225ea943aba0fc74d7a3d9c8a614a75190799810c46b1200000002e2e32dfad018b2a91571bc9328925112939fd64abda019c8985d28d99216856400000009f7b8ca72dd6debec0833922b5396c8a7a26638684b2aea50f385b453752ce4aa787d13ccb0b40984942c3446364080df1a3949c3d273a1c302977ba3c51ece5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000c0cb96b20520395bac32e49365ed8ec70f73077317976adc7643c0ae2fb2d2a6000000000e8000000002000020000000b53234a6f839427f6a012fcd683dc3e460df12735ca2f87dee97c2a12b3ca828900000002ab9712e5849a54c6cebe57090b6a1d78878a00c6a06dd17215108cc39fdb0f03f6fed4eb75e6823c6cb6cc7cf7df79bd4b03e5cd154a8511fdfe640dc7fed855a9901617144228bc34840ea9e1320bd7bd1ecac12aff6efff07b4371bb091d77306e07c456ad6ae026197b7a25bb866d9b9b698e293587790ec4fdd0d71379768a3ed65bb46dd93c6248dd7584fa7cc40000000cd3aa61c6ea315a7b66c5c577f7e99fdca8fa82bee934c8e8b9cc357a438e2b37067fcdfba334b1665d5b58ccc53c97b46555d63d2878c66557f1b5a6c6461f6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429795449"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CF60131-5A2D-11EF-B9F0-E28DDE128E91} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7057da173aeeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1716	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1716	iexplore.exe
1716	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1716	2160	cmd.exe	29
PID 2160 wrote to memory of 1716	2160	cmd.exe	29
PID 2160 wrote to memory of 1716	2160	cmd.exe	29
PID 1716 wrote to memory of 1652	1716	iexplore.exe	30
PID 1716 wrote to memory of 1652	1716	iexplore.exe	30
PID 1716 wrote to memory of 1652	1716	iexplore.exe	30
PID 1716 wrote to memory of 1652	1716	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$DESKTOP\ԱմƷ.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wagabb.com/taob.html?desk
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd5f6909bcdc1fbbbb4089ea21060ad6

SHA1
7ea505cc8ebea0b49f35085c0f655196e6f84298

SHA256
e9522da13c398bb56b564878b1dd84598b6bb7e2fa20be130e0b59c1f59d7ffe

SHA512
83aead73974335650a2ed7f0092a59162a856f3bcd26ed5b747bd9a4b67cc6b23ad6f929a20d866dd064bf8920ebdf242325cb1dec7a2f3dfbdc76f65161bd35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7fd0448e232f680aa76514fac36be0c

SHA1
def68f223479e2b485c615c3cc373232c11147bb

SHA256
153e1bddbc65a164c4aff736037db4ef040bdb4b9add421c1fc7cfaf5af84a89

SHA512
84e07faa75a38b682258a2dcf509c7e68c3f716a5d8b7506f420d7a3bb231edbe32ded2f61615ab3ddaad046fda9453370ae5238d19ea63702322df7461c5aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1d3e18e0d5136e2e2fae1311ebea1ff

SHA1
8c3f1f4458336f38fa3179fc89c3934996d6996f

SHA256
070c58b7563590d960eacdccf3b179c47839d713bde2f371cab394b0c1459285

SHA512
62fcf6e2a66ee15b8b14bd087cfb9e0b97bb62630f367e6d15ff25f675c2fbdf7b57a75b502e498f5d67fc61ba048fad3faf6a26c3d5e7873f2ed7f2f14d038b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5a46bd4268eb984ab533fa2dfd9fe5d

SHA1
0453f15bf60c419ec4f13c7c13a0f51f5ed25e80

SHA256
d8ccca7d2bc9f9364394fba4c1ef7cf32231984d9660a42dec41dbe1e0736e6d

SHA512
782973a440c07ae6063c9cfaf3a6ab5db4122cc1c7254f566e44397b2984441445825c9332365096d961beafbc5fdcdb47cb7e3bba0271a397d6c64679854600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c252a6fe06a4f28116f70156d07e4e57

SHA1
263458e18ff0bede0dbdddd55654061911f56988

SHA256
0d054b586fbb3225ee1de93d6523778086789dae9d6889300151bae435e731c7

SHA512
9762335cf2e65723e93e5ffc62729aa3fe356ecfbbdca92a17d4eefb9994420422bd6f963c58dea871926f223e13a91ef3bcfd71ebd2cef5f3a61cc045eb817a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
125bf2a4f1d0395f2fb8f4ce0522b615

SHA1
1e5baf4f60a04fb35492767ccf3054012dcce570

SHA256
2552a9c58dbadfcbea410b9b7df705224e67d859c770ef73239812753adebe51

SHA512
69bef118e25baa5996b61a42f0b26bc574709bfbad6a31c9e9a36b81b5bea6ce5812e05d72103ad73a5b6b51af4bdacf038a26c422c4ab4b57f61c2c2db0231e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31cf9e004923450132b3f52f7df2bf0d

SHA1
ee8d1c3ae91ecaa49fa1db492acbb899ca2490b8

SHA256
32074cb13a1bdc7627705384a2dee1ea3f99d9b708a7ee13ffb43f23c8f36d0f

SHA512
247e44df5c110a429ad76efc7bc72039b6bf48be96dfe9263b4b9bfdf300f7143a844baf4999796112ae3d3caf6de2bd92812659d543c34b8ee2be831053ea13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b99edfc8b8ca358815e92854da62b43

SHA1
fa95abe9d951056e9b4d61c1c96bbd524cafcfa8

SHA256
37c5747ec001bfc057bce83a74c64225147335a3741e87c32defc321102f9755

SHA512
31af21b27f8094414817789725b6715ab7616ca179db9009ab1a748428f34d28f2d07e58853df09db1df03b1ac92177770f5c40c9a04d23c16747cb3cfce7b5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63937eba258a4db1adcd6bc8c9894598

SHA1
70333eb4b1a1f1ecac33246e9cc76e7fd9babeca

SHA256
3c062fdc1d0af080fee44dd8e4dca0ece32866863437f7d687566d0f31f7e1f0

SHA512
2883e42fec40478c84ef466adeb2695bc631eb29973a0fc027a32729c85f8c256ef96704f0d8f30efc26235920989d160cb4de1d14021bc833ba1b5eb5f88d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bd4fa2801d694419a31dc58c67a632b

SHA1
735831ec6329f95f34109140abc86ec787119f02

SHA256
b3cb593a806532ec08dafae6a29c9b1c4fa6d6df270bfd0c87f8ce8010229e69

SHA512
221fdfb9fb46e9c13f9d5609f7899f5efa4b971495d52d58a9b49da5bf37ac7fc0792d947934e7c81397a7d0bc5bd36a099d6ba2b449eced261cb6ac3b85ef34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cb8abd5a524674632bd0ba0313be7db

SHA1
cb3f6373c28334613c4f3808a5e11c7f804afc61

SHA256
a5a6a64e01318f1a8caaab7d74d0c34d18c2f9bc5e2546753246756bb587f900

SHA512
210ce9e3e73969e1f9ce2e52f8c3498a81c58450a7f3bc17385f8f7b42fee735c121aecb9c33891ed0d00a7d045045e2d02c31c3393fb495cc9953d34cc9a908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ae2348374852e6280579b9939f0911d

SHA1
c43ef9fe155ba75012346cc7713cbdaad08b9820

SHA256
01e2fe9da1729af7b476531378d2cb6730bb2a2a61d18d2405434c65d9a446d0

SHA512
6907caedf8eee5a8202fefac514a0d3da4f375dcffd0ad9c82a431701b69b127076e7d66fb5d552a2bfe9fd4c03838afe1e93e44e7538b584c89927176012b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a063cd7ce783ca8f04f6b1d70c91ab3

SHA1
6e2e8f8a8624d23d282bd116b597ac71bec13f7f

SHA256
a7d41ef0fed4a21ea9cad2a75bea6c6f6f7339fb7ea783e5373abe5a90956d63

SHA512
6bb7e5458cd7ec644b4ca4c89f36002b1a14454f20636d16250c7332e8e37cef2f0d7afc1f5ad36f078af1cb60f1d1acff560e06f23e4079497abb85b02a1733

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e3a95e0d84ff4abfde5ce03326e04bb

SHA1
b93fa518a3ff260637ab6e899a94d9e2c829f16e

SHA256
5de6da0655f0c4246ab6360ea6e92567be1dbc6329777d0146f1a3212188fc12

SHA512
b6ede93d3efb9bf26201e3775398692f7df87c8f7a620f704df90c6282617b9d4f7bba7aa38c8ca58745c12e4ed61bb12f23d17f0cc45a090c0305f0d26efa8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34b40bfdebc65e1e1a91b405dff8fd47

SHA1
35b8e56a11f5d0b80a7c4c967b61f2ab1284104c

SHA256
f96a701ca93c557680f80196cf9f7c2e7caf6cccd965af2e08d0c3cf8c05a677

SHA512
c685ffe2cf685605af353949c3152b98ecc021a3e76ccbfdd1e13553acbc0376b2e7e8a6a57c212d239fde6c7b26cb9781e706fce95fc8afef8e5c64daa461bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
517157de4e9641aec2bfde5f7738a8a5

SHA1
1a7a96ef3f1145b8912ee0d0fa06d6d997594a45

SHA256
262eff620fd402e2517edefaa842013f883d9f1636fda32a0c0d220e8b022cca

SHA512
dce73ccce403a9a47c266cd9fa76f431e503f1853588846e5eb2cf9bcfec7f499e9d81f44f8b2d39697efea17d03e7dd24a7b945e99c5868ed2d5a1db1b45f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f703dbb33a1af6fcfa40a263b1d8d737

SHA1
4105076f8ef3e68348eaa6a8a7054424f21b56c1

SHA256
d0e9b417ce9b06422b8c0c9d4c93092c00da72dacd03005a5d6f48cc11e276cf

SHA512
1908d7801c160c36d026effaf1e8ffcf52d91d59846cd6208ea35f3611511be162f3aa66fc61e074cd5366825a247c82d0c2cf3bca864caa73572bdbebc305f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF200.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF270.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit