20df13465b09ad3fabf707cdc3b370864ad0fe7e7ba550abb8b96cbd347283bf

Analysis

max time kernel
70s
max time network
138s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cudatext/data/newdoc/Redirection.html
Size

540B
MD5

504202c9f32c79c71988d78b99e1b639
SHA1

f5df6efbbeb6c21af3230df1be2614b349185b4b
SHA256

bfeff2d3ef317968d999473c6875bda5320ddc6810c020c2a903c1f3504fd997
SHA512

72f967beed3246dc57393891b4daf6d4291dcbe199257548e2d2c86cae0eed4dbf60afa8590106a22c59529a47c414eeccf11e978a4b0c7ae81d02d3ff8e0bcc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93191281-6835-11EF-A251-667598992E52} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000006d5d06171b684e6002ea1cf396995109caf177e4dfaf4c14989c22d05760642e000000000e8000000002000020000000d70d6d945f467275f630f0e09038e29ba9d4dfdd2d46494f9e64fd8cfa0adb82200000007bdf6b97189e9e627087ace7747295c09eb614818172407b8438b0d2697c4b3540000000e0a37edb0d3411b2e17c9612d4247bee61db5c2537b7a5f414ac6238aae3f6f1a5f4c50b1c8fa9ee6c3a7b38b99cd111ba6c7ce7d24faedecc05c3123359417a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d09eda6842fcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000f338694e47c317914feeffb115d2f1d83c9d1c7fc68c792fd8b6a23a31e28ec2000000000e80000000020000200000006521b0031295126d4fa50253c77445971a50f565618c67867f206f6b2d6272af90000000541122ba2ce15ddfa312cd90b6872f6bb9e1a7d7d97d914b67c90b34b3f4a9874075fb1750612ca85214f2a0e19b58958e53df27b1b6c8322d7bdd2af77690c2568bc7d8695dcd4ceae9f89bcaf903d4ac222036b28f786506a03c56b2f6ae718dac8103a5d7323e4c323871cd4b28e9a9e31af0e6e1919c4f07c8a4d3ba9ecc727709d0b9a45f82c8e8dfb5b33b29e140000000e49d5eaac2be45144b0620ced9f0a6a3ffb333654e015f542509826917d8af1eace25816d4e5aef915b7171352c40a77422d03417fb299c641c947b5a7acd781	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431338348"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1104	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1104	iexplore.exe
1104	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2248	1104	iexplore.exe	30
PID 1104 wrote to memory of 2248	1104	iexplore.exe	30
PID 1104 wrote to memory of 2248	1104	iexplore.exe	30
PID 1104 wrote to memory of 2248	1104	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cudatext\data\newdoc\Redirection.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
100eeae1a0a933cae59f0700fc830117

SHA1
9b44da3627141769bf933e6ff64c1af9cd1cb875

SHA256
01eab4255cee4b7c1ba6684e5625d46d9b043ae8c3448a0ed106ebcb1334ee12

SHA512
b3864aa2a83286626b51a040199e6bdbbaf9b1039222e82f3082626719e7f205759a20be8224a277f233f8aeaf1cd48390148a9c2ee928419d1af42a981cc4b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
593ebd00a72c5f119d8bac2cae2f0b15

SHA1
357486d2842410711f83d796f439d3f302f7ef93

SHA256
57bc61dca31adc1bcae5e0276888f4af446addadee36dbb2b64d8151af50cac2

SHA512
49451e5a21502865428d31c786174ca8cf039700ed3fc53664f147eaed83f3da2f120ec240c412ee1fb11731e577259fffb032d3969edf28e280a846fc816e81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60ba0bf8660020a01088a93dc0957e5a

SHA1
8c64c15fcb762378833c8907a959e8dd31ece560

SHA256
15561b432c13a9fd08f64999f724cb26880f72aa8390ffdd395edaeca94facd9

SHA512
cbc3e4b25cb18138257013d6cd944ec4586074495b734b3dc72be754c92acd5d049b9e56c3df46f53c7e05fdc41aaba33c20a2a614d10ae8eb9e3ed713099742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc4b6e739ee9d995bf6374d4e2dc6ded

SHA1
5fefb0d7dce8a21909fca114f4ee9685bd10fcf9

SHA256
89297a7fefcb7f23d8d1644ebd914a37789a2f4f726df07f6fc2d473009c6bbe

SHA512
20bb12073681bd3f2a8a5370eb798b927939906d88609c7ed289b28650d1a20f7495133801c35de58d823272346a643a341fb374142570031e5408944f9fc642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0f75f63fb32ceec0f090759733535fc

SHA1
3b2ece4a33597ca9acbf114960e0b04fa9083bad

SHA256
02e3fcc0bcf06eca18be88ac57da871ded6e918fffa5bcf0a558c10a39f4e64e

SHA512
844bc129cc70ed4b4f5325c1f0647cb179f76d437e7c00e1d4d2a6fcb90ee1cadb481e9f8a8e1246795a02f63d5a6e9f0f1dd8aeca4e802f601b7144be424a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de1cf487aae1f2124984335d58313ecd

SHA1
936ec6957aaf38034707926c0fe9f2b063daa4cc

SHA256
74a58e263f788e5e782f84be51ac15da6dfc97f7fffd05a3b636db3d51d3fe27

SHA512
ca79cbd699c889b14ebe0b63d5b7e87bbafcb347bc7bed47463b90313d50e905d0dbfcba69b53820a9a52b79b91e6dea94deb32570ff3ac4bb46c80e78838130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76c5097901b0fb26bcacf5f8e3b0a255

SHA1
81ef422152cad42fc0a3e15e1359fa67dc20b2db

SHA256
5c45b3207f0dfce9e1258e82e85023cb267c4632bcf6d5885f2b8a8231cee95c

SHA512
b2a2d91e440572b542adcc38693bbaf5380e4927c0efbab2e480807e8e9242284c433703b47e76fa55c5c9a98cc6c291e5e8862b2ec3a1e8f71e0edb5ed5ba3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37ebc80a08924e0466e2c37229d9053e

SHA1
c72c3e8103a2f68f035c95d66b27883e904a0941

SHA256
6e1d182f6746b417bf1d39d55418fe9c05012e9c09c1628a0db6a48cb51053b3

SHA512
ecf9465cc0a74c7dd28cc38fef945a3ac1901215b85289b52833669debdf5f7ff84c41a851f32b517cc320f3b6d46cce1cd3871e624d26657d74a40a432fb6b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
495f65e22ca98e5aee11bda772dbb524

SHA1
a58f88b781ba990709f87905948fd758db9e3760

SHA256
ebc7bee8eb5d92e2bd8023a4740e9a6d014fa41dd963114ba5c8a6090d445912

SHA512
60da93c4b653f5dd42428ef5795888db847b0979ee0a5f5431429fa349c5a89d6a6d903253b5f06cb1be4664cd9d9eb338752b3e97164d2f8cc007fa051348b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afb9d96c822ec167485ccce3733fa66a

SHA1
f073cd24a7b829e60f127820d501a0d799f990f7

SHA256
f1ce39529e1f7ccb1f2b6aa82fa2f1d5406abcb61d4d8c432a5fa5d0a0b33e64

SHA512
31a0af878e8ef3c4d17fc8dd14ec756c2ac204cb21da57dc37c7ee367a0a0a9ffb93c56ee19d6134627f55607e4c85e8286e51c4acdfb016eff2046a8c5b74d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0415f1aeace9458c0d3b93d11bc8fcb7

SHA1
4a946cdab6fb06c548f4baba82d3e6cdf4076e60

SHA256
b578aee2cbdf8d843f3d34c727f983827c79b37511a5daff6db4e5ed485c1388

SHA512
0e7092349eea4e863a5b3e6072999521a91b3fe6a3ca01858d91e4f56c540adcbc81efa188d6ad551472fc7600327f87e6646442a414dcd6a8319f0e3ab22ef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e2ec6f521ce9fd7a2bbab93f608520f

SHA1
61d7220fe72fc2b01c0751c940569642334f535b

SHA256
15018c70f11b7fe6d7ea02835d5b560ba74c40855b278109201d239b700f3030

SHA512
6735e89883f667d69ec73cf0960aac39731c068beef9b5468ed698891194e4326d49181cc87f41ca072f6a4e00b20b9a32c5eea80e17bb38c915f16b2563ebd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8034c2d9d49991404cb04212c0723d8

SHA1
7584729092e25c603ef274b5581119f5a63e8ca1

SHA256
f270f5b866f8ecbc9c32c442867146e25ce7a9486ebff14e98ec8d171011eeaf

SHA512
f913e71987c4f16d1086dc419af5c6c83a301ecb39b5daf0e4117fb1daecd8a5402dc276eadaa8d085c69e2192bd4b91216c51a87adadc0f71ccb638be11f137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1502ef7ebd8c8be1da7f797f21eff643

SHA1
d32678a737b94f38db28d03dd6998181a46a6feb

SHA256
4aef63402bc7086649ff9fd98d55ee4f65774c474a94348424516c70d7e5f928

SHA512
a3403b2a8d44f537bdc97b7d280d48c17549f4b4255c9ef98efd32b015fb38931c39ed9c2ad30a18a909811c6dc16d8e77bcc6f062d580d725493a8c16ad7063

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0510cae335fc6afd158b47ba9c4cecd5

SHA1
d7696ff7a7e31919fd89813d6bff7098dc6f71f8

SHA256
2bc1fc64bc288107dc0fd12629b6ef7f24b1b5812351711cd4bfe20e3681f9cb

SHA512
7ada58d885db0302d5c717e59cd641594180f81b5111481c00f604a1ac866124d6bbd42a23ca554667d44b7384ffce038482bcc6a7786f2a410ed87916e691f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
867b1b349a801547ef00788ce2a8a5c0

SHA1
e4086b674adaea7a7d68b3964b23b18fc8cf9363

SHA256
fb2de18142b07109bcf6dd0c643e68b1018184e496a9e732263b62a191de2fef

SHA512
7d9f655616cd498c5c60f69616c5e8032aa98bffe43628dfea169400e7a1a74e5d32968a04edcb7f36b45995a7c8085c36b361633d199abd699aebf96a3aa9c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a3b9c607c1479e02c34a277a93b8a4e

SHA1
0f8bbf1c11ac9443684577b819b1788df2a18307

SHA256
193ab1de1ccc4055f024f7f4ebbfdbee2b8329301be243612597aa1f9c115b73

SHA512
789a152e49b0d6dd1bccba1ed032ba435730d6e809dd33ec9098505c598396a3c9b0608c6de10d8f40d00faff68a5054e691108a634190f6863b9998349ca113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d6288971317fb2850457998f7b9c3a2

SHA1
27d39069ea36e56d6cccd2d2f16d0890a4221b2b

SHA256
47208480ca293479b48edd3adbcbe8cf7ad8997833056a167ed2a51a66c47b1d

SHA512
1b2ce5750dbf24113e59422c3c8adea99ab4e1536b3d2e3937e7c7aa8dae90bf2196eb2e8e644b7065c21142d9f3d215887fa70974c41ecf16c93f1920ca4916

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE409.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE4CB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit