894cff0d47641cf95c7a56e1ceff4791391bc99c643d64d8d168527cc3993e2f

Analysis

max time kernel
143s
max time network
138s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

admin/fckeditor/editor/dialog/fck_anchor.html
Size

5KB
MD5

96508304923c41131dd2ecfca4b751aa
SHA1

d04d2731d4117d6411b521d13df0de180bb1c891
SHA256

013a9369f59db75a43050582a385b9e638292120ab84abe79c60aef6efab436a
SHA512

6a5d197db6e1cc839b722e7b2fa6784e50f34fee81db8eefbdee1ba1089a8c8e1389b5b432bceb1bc73a9b97031d9252c3304318fc4540cedc5f62bbd550375e
SSDEEP

96:ow+IlIhoImIboDQVjRzO+r+oNVaqdq8bA5AqxyTqyXXkln+UdaTxeBdjh9QfCf:eIlIhiIbDzdrUAfbWn+UdaTMdcfCf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000003c17a0695341c1cfc58f9adf5638afd23fec0a620045fed97d4990b79cceb9fb000000000e8000000002000020000000be0c90037bd7921f1c9c58aa066405b46534f7a2271593f437555892ba633f97200000000c82ad60671bba3445517d8e9d193d13afeacc07ca1721b5d4aed2879fb35efb400000006d8efea32bf087006d2694e23904c550a4d8809efd220a2ce28f7105f7f431e887f1eb7c9f323a608c1c3bf3f8204e3a63ef5f42357081d6294f0b0d4db77ebc	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E70C741-6261-11EF-8CC8-424588269AE0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509de8f26df6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430697350"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000003a18452387675fa786f6fcac2e58b04025ca40f15776d37ffcdde369b47a0871000000000e800000000200002000000063f30abcc86efa413ff407f6823d707316563a064e6033125cd1a9bd919460a7900000004be9b74faacfd7d013875ab05640bd2c67c56c3dca9e8cf5fcff0ea98590f00f4d80a993280828b1736a1f6ced14a40b49a1308631f2cf5a7c1270007ade57ba3f3477aed2e7ac3c35d2f5b906bdbb78f9f0607aecbf0df2044f198b69661b3c76aa149320bdaf14706cac07d51a97bab7878ef937eb3c13cc4401c7696125af8b3a2f59e20716c74052f0b3107190fe40000000a88e5381d4caa795bd4a5b8fe73104f28f1ede1dc0f0da2855137bcaf74bf0836d92ca28e257995d69e96f9f9ed88221fe92103584fd6399c3d6c0a0d63a931e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3044	iexplore.exe
3044	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2708	3044	iexplore.exe	30
PID 3044 wrote to memory of 2708	3044	iexplore.exe	30
PID 3044 wrote to memory of 2708	3044	iexplore.exe	30
PID 3044 wrote to memory of 2708	3044	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\fckeditor\editor\dialog\fck_anchor.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21a3751063517c8219b7d2c20e71c2a6

SHA1
1b8fa9c95f20749b12a44f9896c0f7ea6fe03fd9

SHA256
fd813c911083771a522f81b841d2e69c300165ba1ec915af618bc9c2f9be9b0e

SHA512
55ce54939c38968ff755fdff9a86d68d1f88ee75786734fc2aee00609885e0f44e7ff910ef2c3153b58a5f877a72d1bc40d33d4afd919e4b6916933c4f8a45a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14a20cf8b6d59b6acf02c30647f59753

SHA1
262ea6f6d9e493be28a406abfa707c9dd2e7167b

SHA256
a945893b776af4b0f47ce1af70699f61bd4791f789c8365a566b8dda7762256f

SHA512
8baa871ef9782edee7bc37a148bfff2b12cb42dbcd0e8f2c1cda0b67435a5627a828f587cc2bf061825c9f6a5cbd85bb5bae91748674395f3a6249d2975aadd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
614ed6711657dc4a7be0ebc7b7b62423

SHA1
947d0e8b9722a0d11af5ae78b5109534c8110192

SHA256
6be140025273bc342d1514f1dbfffeff741d62a24b4886ee523ebcba6e09d4c8

SHA512
51c5a9415e01f50d185617ec67a8a0fd5d78a408673cd41d197d0e4e4d3e46e8a58da473b2de13c6dd755d2c4787fe1d3138fd6893531a724016615f25814f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87c62d9b5cbfee252fe21bea32262088

SHA1
be3d2b5e1dca08d1733bde6af4475262659a3a29

SHA256
75c17de85a8d4a06ce779dfc3f54cb06130e429de08dacdef5d90b9a424dc5a1

SHA512
a340750ebe97d657ec13ab6f8bf20ada2b74a6964628b9bd27b326ba042297dc86c5aab3edb7390601a9db90e4d0467af1a1425a5ac803c107ed9daced97ca51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73979e32e1b86d9a67cb79ca08051855

SHA1
d84ce8cbc70da5f1020d1c5ad0134567f99fd804

SHA256
39f7e1a25bde2c6898a4e27c17b6f9270fe5d8491ca74e682499825b48b672f1

SHA512
c9a6a1a52d05ec06e0a6623a73b0564c47801424071ab78d125aaabecbbe78e7e3ba5242e35fbb59b590e76c626f5fed82c391410c48f20c48bc716b26b1a6ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2a4e753d2c2a8dc058cc350794213e9

SHA1
28d0bc01fc6dba4dc118d023f42af12ee8bd3068

SHA256
1b00f1d41fa5ffe67c8f4bc57ef261dc8f8bed0760582f022245de86d397fb45

SHA512
776ca460dff953961dc14ffa5605ca59465dbcd6c41bc4b6c75f9f522c2f6d5a93f65bf5f4abb628badfdb4281cbaa21fc78646c9829d5cb71bf0d9a8c4cf68d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d96ab74c5334415ebb56c47dea2def87

SHA1
c37e6c70976d29c39e68d9c1cb8626ac6638782d

SHA256
6890520356090f7fd4cda6c8a4ac3cbc422882b3972bce12f034d8074cde9bc0

SHA512
214ba575dbb8a81a7c3ea393fbc4f5617056554dd470bf5ec6eecaa5639bdd65110c53a00126f86323c8eda7fb353257190abf5d46e241db49bbddd968abfc67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46393f2dc7c162331daa13b468985af9

SHA1
5d5e4c31dac4391111a01f162ee1c4659b03696e

SHA256
abeeb49364792b3e210077c34b80f0ba242ce8961a35d040b4a02c519f92cf9c

SHA512
2ccf47c1a6782d7a5f7c0268f986f62f2577a36930b92c60600996037d444aa8228088be502b082d243e5ccf75bd057395ab7774a4590dfde2db1961c5a93439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6692a72d5f7e112b3318cb3c1a2fe38e

SHA1
d040d83690d26f424276db592a42cf47d0bc2bd3

SHA256
b5dc5076c0d442dfedbbd9f6b5a99e1bc34e5027118bc6f5d2de1953d824bbba

SHA512
fa7516f42c5e990841e6bfdcae466f317c0ff1ac23075dd318fff5f8699004b426f07477f2efc2d79ec706fa9d2e03b20cd022f30df56b4e93f6d54aaf5835aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcbd61ecc2457af3ae30e00bb9aa5f13

SHA1
43543f60dfbef97c7ad0b2385d4c382485463fb8

SHA256
565a754d161e8d48c043331070923abe5fd11a79dc3dcd2db26c0620b0977c26

SHA512
5151dd118d7b326bcaf2ad320afa519cfd2952890e6823a615dd498e94fd1ea39295f3ba5f5d8edce944d85be77bd81537ce3bda02884de64b8f46997973bc07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa9d559438660b89a9efa1058025e824

SHA1
a4d31829a5f5edba5286089bc8ef1e0eb6ec3be7

SHA256
8b7637656f99c6ab3227aa96d8b60ac7205267b3e3c4a89a77f160931394fada

SHA512
78f3be00de78be600347bd68bf3ee63aa9c8c80fdefb21b8ad6b0f7ab7d2c94fcd85cb0571a599fbc931224408fba6ccee8c7dda825c0cfe16a3f47c32f65212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e2902d77d09e50512dff958c0d5f782

SHA1
80f7ed82da499606847ecdf562068f7963ae08f7

SHA256
f126e28e7f65435e2d1f6ad39467113130daec758a21342d6b4458fa8b8e696d

SHA512
c468bcba8892ed76c91f30acaec1dede14f66d4dff23c74cd6025776a22d08987128c781d7263c184f7ab50822b2d66d5f6ad49855fd1496ded7ed9f5980f247

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7b358fb01419dc642983f339134fc37

SHA1
aedc97629c7551e2b544944e6738c158aef0ca27

SHA256
4a38add06414c9d687b38afff2b8de36e429be954b5f01a9b53027e88fcbcdd8

SHA512
1bd4c7883508ec6561f933492e836b62e9052d06c4ba43e06f1874e29a091c49dcca1489cb3cc0f46eb859c96e4ecae93f6f5dcd55048298a3d94eb2e4241193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bdc870d1cf63ba99b59de671eba4c52

SHA1
c4f0e9a5a492af57a3bbfb7ba1cbdb4294534858

SHA256
731d3422d957338c6cdde5dd79387f402c091ce98dd1814566a1d9b4bbc7696e

SHA512
24092c94d36beaf8fe0eb40920101eaf728ac36cbbd21acfbce74e0e64710a03a2877e598540c3e7e721c78206972448dd58eb323922d4faaeeb28d229cd0cb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39e698d227eb4155c581fc8ee8511c4c

SHA1
d85759bda757943b00f240fc95b5a8bd8bd0f77c

SHA256
51170ba09946e3868cff7edad164d673f888f3181ed481bba2679fad783564f8

SHA512
b092d4be04537a5e76d1b2d43fe35fc282422111d96e16fb780c2a1a1b9c99314b097af5ddccc59787e6c0d5d4e580b864c69a5dae663c4c9b57e8a2caa12df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d4468a2df56af17307b51484a651323

SHA1
22578ba29018d544dae865dcb7b733ed7f3a97e5

SHA256
698e7880d6f04ed9b93f5cac4d6bbb2c9fb8cfcd733b7e900dccc84d8a337582

SHA512
c284154a52bbfb68a455497d9be510946ccfe6bf1f4961a41b03a2184209f830a1101ea7a160278c059ff3c387d53faa9a14831aaba4352b0bf9886255e3be28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93fd004c24b967092b862fa88a50f64a

SHA1
b690309136472c364a45267e2474621bea073807

SHA256
3e9f2c390cec93d486c70804c660bcd43786f95afb0e6a3cfff488e85176b09b

SHA512
63c8bc3b9fe90536656b84db8cbea4d4bab8f0246622fb793fd1c209b405e3624d913ec128df34a86a4e016375fc8f640ff90c1bfc80724e722e892491363672

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6896.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6944.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit