e1e69f5eb3d6533bb0444e04c8cf2f2866606c2a1072b2a1231ced158d397c28

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-08-2024 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$APPDATA/seemao/config/Seemao_blank.html
Size

7KB
MD5

8af864c7116d77ad668ea8b370a6262d
SHA1

e03249924296ba60b7959c205f4952b9361fb7f4
SHA256

a026e139bfbbafa2781ee152b889095e29db9ceded0fdcc70f26b112d6299cff
SHA512

b1151c3d93004e4e1796135472a31e378ac7154cedf1cb093c89cf5c3f543daa84552b7fd005664ea275ce0d9efa06445a872aba4195e8385ca170be9896025b
SSDEEP

96:pI2OkRe20XGknAQIRI9TM2qjFIWYwbOG4FUzJujEw9Vzw5Q7F/b9:pI25f0X3AQIRI9TbHo4TEwPw5Q7F/b9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ce71c5daefda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000025f1950eecd74b57f850556749b827610d9b7c5e36c241ea9b1a65d96d0473b6000000000e80000000020000200000003cc76f70f247e327103be74078b0fb040077592b4ff7587ca01a6e21b3059c1690000000c7edc6c688858093c1b3c0535af1861f7573be7db79f840cdb562312a2ff9b9e743d7411d2f5c7778b581ba4192147d9f6cc08baf3902c0a63e75ef00cfbaa1bab4f44608aca5e06a3c39d3102ec06e251dec633cc6fd813c7f4539469cb5510ecc0cd1774e54567851e9903ba0cac37726ad7b05eb26698f61b1671e9a6cb94d697b426edb263566cf30e4d38dd45fb40000000f525b1a1b1fb767c286a867ea8b5d8cb907329c483a49252330bcae19b161791b94836fb1f778d4782a700c72c7ac9cef86d2a16e642ade58063784605156996	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429974421"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000250001f08979c19f4b813deeab99cffb8a505024b06527550ebf1eb776c38275000000000e8000000002000020000000e618ee52ef5994d368947450e1e1cb4fa298c8fc2b774c208ed9dbf3d6cf1a4b20000000a182dda24e019dfd7eeaa93ffcdeddbb2fdae397684ac4a86bbffd1b00ed37f04000000019af7514fc6c726420eea1b13b0d9e3e6ea34a1dfa91ecfb1b67896157daebb48d28569b4aaaeed2dfd429fd86731837cc172b111fff8386078c3d6d348b4f82	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F0E15FE1-5BCD-11EF-BC5F-FE3EAF6E2A14} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2052	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2052	iexplore.exe
2052	iexplore.exe
316	IEXPLORE.EXE
316	IEXPLORE.EXE
316	IEXPLORE.EXE
316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 316	2052	iexplore.exe	31
PID 2052 wrote to memory of 316	2052	iexplore.exe	31
PID 2052 wrote to memory of 316	2052	iexplore.exe	31
PID 2052 wrote to memory of 316	2052	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\Seemao_blank.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be69255ef4cf05d42ef55bf261b9ef73

SHA1
931c41cd589e38d49660cd06e5f53b070516b6e5

SHA256
9711b093ccd00509522181d83c920adff9740fb65d757591b10a33ae176ee476

SHA512
fdce7baa024cde7b005a9f3c3641dced3c41d35c3cfd09772ae36612c4009cd5a2271508244bf79f99c62e2cf5ba83362e1e1079d58a792d5f14d37c28432405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53381dffe221adf949549fa27e52483e

SHA1
3e5fdbe6d0656ee1a7752c57b82d319417c861a6

SHA256
a5f297956865e06fe0679daf5d132587ef560a0bb2b87d91eea0d8e637360659

SHA512
1c2925563280efe5ae151e20d29d3f12485c11c37bfd9b95d8de3b92d199d02f0dfa212fc368673ea17707902ff77ffce2d5c253e62d8a67c0f9053f4eea14fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
155028b7cf8eccedda5a259b7e79467c

SHA1
66f60814e22fdf3a1906b93e385f2453ca4e6b96

SHA256
07fa1091cb9b12e63c15ed6d2c7f3f576ceb9931b5ddca96eee4231df98b7c4d

SHA512
adce6057f212a744e53d97a067d5e278946191d96df007a8e3d39c143acdcc2091adbca271ccaa685a28001ed8dd73aa0c8436efd21b040a82c9e673ef4e899d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0a1978f57c0cd24e1ab9860d09ad47f

SHA1
5d93f521133b7e263cf7715bd7ae5e4a4dc61ccf

SHA256
711dd1cce30e22618740f6bcf86f45aa71a042980e2adc41759a1c1d27825dc6

SHA512
835e1c5610a5ee427c34d68a92fa61e4748a96925dc2c96f8a5162b44b98fd80e74107421649002d9bd952a4d1912727477a4a3eeab2d2ee6e658ba1d05c6151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6d669e1c573c90c861df922f268ab67

SHA1
62405d8da1b94e7dd5c14ee7f5a686ce767d9148

SHA256
46c08b629200e166c8b6c0d90a0fd4fbd0744df8617fe7e23e5b2afa9f04abb2

SHA512
2a32c6f944f91de5ec3d93f8b25deedec8595a00376d8095577427e49fe248de3cf3aac1093a74a76650b76494f8a35e3a45adfcc2a3b3a49021ce1e802f50ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed0e53499ea922220a94dbb4267be337

SHA1
d2bcb029a1228150d2207702dcbacdebab355c6e

SHA256
be4ab0a996e514fc1bbbadb8c660d32c76f8d5c5d20b8d5d56ceef111625bc65

SHA512
6b896156a7b93f8b0155cc5ae4b816161d01f22da8564042c8d8b23e107f367dee08285109f9e64029d8ef615fe3ece9c37942307867f930db1b2f3d8fbac18c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab623c772a7ad87634c0b0b2461dafb0

SHA1
83445529960077735c1c5b008ed75aa527b98540

SHA256
021baa1d53aabefa0baa38ca0047411db2c10a0d17a4a60d800f61b60e0fac82

SHA512
fa61319db28351e2e7ae7e0c2ecab79f4e0204df07a3616c5b11893ec602d890d9e9539b64626e17a8d07ef25ae765d1901c937dc30c422f4c713f3f75a210de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca71f9e251ca0a8461963494296478d5

SHA1
af49d8809b3d8be6915edf2805edaf7f355a0cdd

SHA256
b376a4db54d9e8c1c6ff9715542a9cddc49f0fe4d427802cd682cad180c72bf2

SHA512
e7010702de4890c05eda2b398c14d9edf04d1a6e6b3d255c832b9b7c96809b16d82a71162d6c250fe3d88f4c0cf95a892cf81036e01aca19f6a75c4302f05c06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da532e00d4f63f8b710f0c35d097d4f2

SHA1
7859e88f7a11728b7685339e972d5ed97d94e1a8

SHA256
e68f13b45cef5103dc63955629a165dc07970d684193d5e0e7e2abac9135d260

SHA512
43e6c72bc6cd7be36de263d078916a5a3e15a50d69aeca5eb67c1e98d17188d7825b348967d7b888d1bb3eb8a9d4709c4e5b410126b040dc9d83e6d2a81b79c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db1702819376ff8fcd80536d44b4300c

SHA1
76b91eccda3123efd46a815b49d282aa39d505de

SHA256
d428d96fc254de7f9c28369ffd54bb2c88eefcf58d3113f94f860c0e884e878a

SHA512
5a540f88bdef7a4c69ded332662c5d99797324c69d0037b3ee40f8c926a32e9ccf23def16dcc0f8148434e31e733c06088fe34365022b78fa3d6b1245e8ca363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d492c96582667c55d2cde5c10b537ad1

SHA1
2e17e037d9ceb95f014e1a83aa1bef2cb63d96f8

SHA256
74aeee729e1763ad4b92f0234ef3e376fa09f85b28ae23d20495c0408f09b325

SHA512
f27dc4801e34bb70914b01dbfa6507286575e967a11ab3f523776719f78bda2455dc3f66a8b4357f8a096efaf35b52ba8ca666c8763936f0d0040d220ab93087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab784f608ca2cec27d5f95984d97136a

SHA1
654a632f85bb5615e8d2e2fbd765437e0969ae77

SHA256
e9a95d1066aa0a06b3115c614de6c66d5ae0467a657382546695236cb24a2707

SHA512
cfe90f541e1679450fa20d984df049f2b0e92d98d4432e0000da6e2258352b4dcdea95c7d3317973bbe55c1fc607ab10157025a6bdfdadf2f855d28250c5834a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e23d8b80da0c267f2a9bf302b2e9b0da

SHA1
54be96cc0ddcd2dd29a6720cad468495dc0b5216

SHA256
49f97de7959211c38b0145cfeed27ae6319acefacb430ee6fd2b21aa28a5712e

SHA512
12164554cd80719e341758176add7e9276fe3141a15c50870c1be973464301192cf00cbafc9fcac0989e3be1e0b1ac34dd310b3ab3af7fbc09f323ce569ba25e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c280f3ad14afb806b4d0748c0ccc1b6d

SHA1
67717c5d667de629c962948e4b02a2c506f3dfd0

SHA256
0c0cf2928754d09960e249c139b5c38933c243878520e18b06fe76b7273666df

SHA512
2a25be53789348d74fcf8f4c49c26df94772ac7e2d6c90b547b0963c231551e55e9c359f4cba1b358765c74b56357787041051b484e453493978c727c4c3f65f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ddfe7ca859c9e10ee934253eb4caca4

SHA1
733a64a5bc478157b7a33be4107be3ed70a84180

SHA256
c9bb998f663ac88b3cd7c920b2e2cd476fd1e5ff6f824e7ff6638dd5b5263e05

SHA512
bd2df6112ba1b5901e740490a4d8ae58fec2dfa1a3bb86b8c7479d0493a7e17565c450d0c26f6aaca5d3e7c7adcbe54dd308bb58c539957a374f063f9d87a970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2483e1d00dbdc59ae2ff34d9558239c

SHA1
c1936c9e563812a32a95889f63d901baf3e8c760

SHA256
eef3cdbf903144871b0656a10cdf5f6c769e788b0f2a4b43e8b3a0ca29cc945d

SHA512
0c9d0b8be9470bccd494023b57177338325a305a0ac314946534dc668774744029cbea2d3f5832b3ace1649a4434fb75696dea1d86cb2852f0f281779e68fcab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc9822704fd3b9ab229cb14bf59dc4e5

SHA1
77cbde5c70b81e5ecf0b694b84db291adeab9db3

SHA256
f7734ed1c339c1d173d823b298018fe595f01d99d4bcc4e96a3fab0269641fa5

SHA512
fbcc633765d75c32609cecf9ed68eb2411655790a2702e9782f54f7b8dfedce5518ee680a30b4df90ea3c4ecaacf28959b46b679072fde114185e37be7134461

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar40C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit