80cdbf22346591255ab82f9da3aa765a730460dd893dca3f11fcdb4291a8ac2f

Analysis

max time kernel
134s
max time network
130s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/welcomepage_noadw.html
Size

5KB
MD5

e46d56308f9812a43b025832521fa69e
SHA1

627b206f3bffe6f2d5e662101c155720615ee88e
SHA256

09f863f9bf5940d35976453c5266a9d8a1ce87e07b8dd513e7574cfaef735d34
SHA512

439c73dba7fd17da848d9a4289b9b7f25e55c4fc3e98d6d3eeef160817a8013a796ff65e12b30e41827bf2110e71bb4b8358ca182783b3f22502707a69d8d7f5
SSDEEP

96:SI32bJbWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1Dusp8SNy7Pt:SI0bWEM6Sf75ugffDtIDHEBDzwfF//4j

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430386974"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D40B491-5F8E-11EF-93C1-E2BC28E7E786} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000e6acf5c736620c07e861911e8aaa1e4efb73a28c626682621d3f617e25de72ca000000000e8000000002000020000000f5890344cc9fbc3b7583f3db042d74c68e198d6739a406c18e1ae42ab42d7f2220000000b235499269121792cf757ab22fbd602db8106ce3e0c40aecf675580f58a5141d400000002db6ef4f4b35baf4d6990aa185c083e222b2e166bd85a6baf970b4c241f0cad8b9606a0f1cc490571398ec33f6dabc86904a081e5d9223922f62e5e3748312d2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00ad9519bf3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000141f8fd5b663e1b10efbdf4fb95c85dc0697f118388d3f844f3b0a857c31d9d6000000000e80000000020000200000003fcd80f0f89770d122aeae3a30d86a2e15200654fffc056e30b9b277790f7c79900000001f144dcb8e73658ae127ce062feda9610e3f8e0dbdf3d37aafa20205c7a015f425e9104c3264fa245d6cb3b4c39d1d4be6c035a848666de9cb5101ef0d70513e846f273f8755fac90ddf0b989c4e60b979f1d4c979b29d56020fc77cf4160899e16d21212ef1918409e3a9dd495e8c85c57f569b9012adc0fbca25fc448ddb1d08068b45f99b5461228540e27862cd9840000000ff863b96f4bbec79254e5e541a9e809eaae83b306d2e38ce83b2912a0da69fb23bfbed79a3d6db4340cf8c07de7150a6b98390e790c43d9ae5aebc8b7cb1a5d2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1988	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1988	iexplore.exe
1988	iexplore.exe
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2636	1988	iexplore.exe	30
PID 1988 wrote to memory of 2636	1988	iexplore.exe	30
PID 1988 wrote to memory of 2636	1988	iexplore.exe	30
PID 1988 wrote to memory of 2636	1988	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage_noadw.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f80597ff6dde85f07af9bcde45bec29c

SHA1
ca1c868d03485bbc3bef58a7ce274fdb16d273f2

SHA256
95c22abc7abb6a142f495ff885b9cbba9f54d00f9a3732545497e25e4c1a6b67

SHA512
7ff41a67bcb76d6968d966ee58acaaf21f1480bd6e4c44455a33dce808cc0b8f28446cd393e3944c2b60ce1be2b5c125cc3499cc6413f1158c1c9cad19fc33ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7db3b4457dc239926fcecb07cd100ee7

SHA1
9f24634eeb0048bca47843c01a5e91a95e0fef06

SHA256
fc7101adcd9b1c7ef1e402041ed15a304d6e7cc756a8d399d31edd259c8c2280

SHA512
d74a206f09633a7273760e36df6dd19824567933b33ba4fbc0282501a94a084e99ee2ff175fffa755192da3fd94372c133700f613c0c5e28f3f96b7fa8e6bed9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26f34751a662d8e67a366af4464336d5

SHA1
da84754d556fca1255e18545b101e1dffaa23037

SHA256
e8b02c7e3ce125374644cafecfb9c7cd97b44c6b340aaa381657104d40ea0b5e

SHA512
b4c306ee1564475f1a2ff98f97a278cad56c42e02611af412560c492d5ce4578d668584956279dbb4a5d8d5081dd80815abf1c1ff0b58f0df11c4f6404311b32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4ff29b726fca25c09da00ffb1e5d677

SHA1
83f65523c7a2a614394bbc22df9b259b850496ce

SHA256
27cdf5b87c54dd7c9e34b43ef6bcf107e58009d5c61e07522426ff142e3877c2

SHA512
0750cf411a3655d947d093a9c284fc6eb4bb2e5cdf70df9c0454c0fe96fd0f9cfefcc57aa73cf0d4f6eeecdba8d5682f5c2490e61ba9a15d666c0516dd33ce3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
180728aa5fd078f291a6804f2cc19504

SHA1
a5424a3599dc980e6e861bb422432596f6712a7c

SHA256
515c2609dfa232c85aae08d408efcbab7aad15f4048b6b797b9e40827db9032b

SHA512
b6965aeca95e3e4421edd86359a21e9668983ca8d72f15dc17359225be52af0dca47b64789bdcbc7999dce4eab573d760cdbc0dd37112bae0733e33a7e5b9c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
096be59d0cfa1794c934dcbac9638bae

SHA1
03facbd05cfe28041c1f8711e5fb81fe1874d7df

SHA256
3cbdc1b4ae727a3900e84e3ea071b1c6b3ff59262d8b036183b39f063298b685

SHA512
c96db0165da720b7b76afb2d183ac6f3b798010aa0a3021660a1bc6d1f8a169c7d148370e27af1222921c03a1088efc203ad9a94d62429be0ebb6c8d3c12326a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f8975c74f91c3c501efcfed876bd9b7

SHA1
6c29d1333220a83fb8eb7c3c8d04fc7934a73069

SHA256
6da6956eb3f0e8924da5e57836d23c3744bdbab89ee93af96c355ca9a3440296

SHA512
652a42b0c9aa94d8b18c9dd58973d84ec96752fc2292b256c610830b83f7de4229acb432397c3e183e4c29d3e6eaf88bda579b418e4f441f512a3cf6e32e1ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c6daa1b814059cf933e796235a558c7

SHA1
a616a19e17e564f15821e06c26046cd503cd07da

SHA256
50f4aae90df4100c59fc6ffc71a0cda8cf8095ffa9cba367742867eb6788d23d

SHA512
4a087bd8cf43ba5b6938527644d1220417ac155dc304b4bd886ae69ab7318a01111c6f47b105df3f4f5d135ea3c2c8417b53fd585c9f70e2505568de9e158f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b316b52ea6222d58de08208ece63c6f

SHA1
ecd2ae7ead3c2b41eaf21e6eaf27912fb6a27efa

SHA256
2c06ebbaa1b53239a80aa55ce75adfa77029ed804e25ca70677a15035f5efc2b

SHA512
8b007945e833a7b42ce03b37162682cb2c6e51be52d8a297e054440b50e97ae7ea02cf5e30bcfe26beccb0fedabfa36f845030803e9a7259519a5d03e16cb32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef53072dde85bae90dae355732a7904c

SHA1
28c22146afe5a1d03454628bead687844accaeb3

SHA256
2a642d8a32c72d5ff19e8c7b6f04291213e1984977767f0c04e5920159d798ad

SHA512
cebaf7d6e1953fcddbfb78b1a33726e942f64ee898d3a838f98c844084e2c69ba09e855f6131fae03a70adc6f045cf6ff8d64f3b4709c38a1d3c3687dc0980b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d324e9b2270cf1d10cc32aecd6844ac

SHA1
b468a9f4e69eaefe1375bc8fdf28a768f42452e0

SHA256
b0bfe29a0028a2647d068873a76b35e0b69fc0976f678a8997b165239d5b51d8

SHA512
15a2c4d301c8d4a8c12deb182ddb9ea5b9e3fc17f9231adf16ba3d705274325d76f541bcb4a0db6dabe47e39df2ca3f1a63aed0235a35e70ebf180b61e9e0b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f9096997c15de81402bee8fc73b4d4d

SHA1
f9689939084ab865683f80baab4a89ab7e5dc018

SHA256
53954e2c4158ff94167ae71f33c3e2703b0e124362e3b032aa5285bfb43715d2

SHA512
6d41322e272cd702a48e5dfae00932cd21b7f7e0d946e96641d82af18a499c8cf8207f634fb82917a11dc5868721a113005c37c59c54eb897baf5961d36795c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c505147b3cee297e7d373aeab0d318a0

SHA1
f0a91bf696a003be44936f6abe6f909b06f4e1d5

SHA256
3fe7e077a0c72cc04b2ef0afc6692404c75623d68c03c9f1fb8a18576b8c99bc

SHA512
a8b8752acdbe6e566539490d697ec0ba1b894bf28a901fb553f0e9d8180ba7d707bbb49d6c324a9aaec45b560dd4f9a235e63b64d40fdb7ed65ba015546e6a40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2adc1ff7c2d7f25d6dac9932201b6a6

SHA1
cf0896dd169cdfc8e45ce68a2122010a64346899

SHA256
047494b1fa365d9138da96579adaf0e06989dbae24a745f42d2695e0f088d39c

SHA512
80924732d48ae228317d8d691caec738bcbb48713d394e234af2751741fd40698728c4eed5a7e329e6cd3daf88b2c9f1594dc3b989c25880da896655d46e60d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9502f28614c68228f274ce2ca035676c

SHA1
6aaf7950a11caf63885e952ca54b25685b8d947e

SHA256
bcd5267d92c6cf54534f3da4ea52779378c656c4899007bd170762551ba95065

SHA512
27cd3c3e2cceba2787bc44c8787360b228f78da47d7ca24b7adc923f99df14a634cd070c47b438a9c6040253b04f200ff3860c69af96b3ffa239f8034998658b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57e30afac22222ccc23fbd08a32d4510

SHA1
bab4bff9d6ddd8a5e9b349a6a4fd1eeb4e1d38fa

SHA256
d106e184a0146ce37ff7c041fbda5a2913cfacc687da8b7ab55155ae196ba693

SHA512
a37fcda468bd477c07c70300499fe8742694ca62b7522420d04dce5dd4b7443ca264544c8c04b36c150e040f4f93b10a71dc8e70f6f392719d1e3db313dfbed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14403597ae00234c3603c4a5eb886d3e

SHA1
3b62586f7dc36d82761ea5f9afef98e1f6e4f25c

SHA256
3879ed357dcf9ebfff14ea8648428458828c0e41888568bcee955a0eedfdb9cc

SHA512
81c2253e92522a197252fe0409f16085776543a85ba354ca4ff683ed770576110cec2d7f34a46af447ada8a7f1939569c2d4ee6e562cc17639dcd758dd8a8d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3565.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar35F5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit