fcaba01f86c46e8df3e3852ead1114762087d2bf3dcbe64a9e75c5aac491cfa1

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

quark-engine-quark-engine-f51f777/docs/build/html/contribution.html
Size

11KB
MD5

32818fbdcf8bc3a3e66259e25fcc1bcd
SHA1

cb248ad9b5475ec6272f392c43e7ca9fe2b7d7c6
SHA256

4dc71029996fd2b743d531a431259a97ba8ada1ab9540fd8a94f868face3d825
SHA512

a83ea109626be97a9bd4773ceaa9fec3a2b2f327675633b0fedbb9275b7cacf90e9ca154360865ba72189de424600e88842f2790ddcacd8da56d4cf26516a47d
SSDEEP

192:Fl966vOqj3fbgmS+OslgvW7v/axXHhAMjHppXjUrsHc:FC6vOqbfsmXb/alHBwYc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431478467"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40627ca688fdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000a71f08bbac8068df02d449132fd57a1b91190ac1b51e74e75f8bfc53086e5b80000000000e80000000020000200000003b3a25be8d8476643c22c713b3dd5dd6b17480ff57b9f07059290d66e187b56b2000000019e3d03d8ae0194891f2e3b59464f86da53bcca96ea90c2286a54e7af3a099c4400000006ab061e4b91ed093a039472311ff84cb7fd482f5322b7ccc06ee5673812d4083c9886ab81501857595316524ce4fa9a9ed97f98beea5a54ebdee91693fbb74ad	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000001cf19cf2d2b17c39f226de913d41f6ba375735d2a372bd514eb56fa4e88daa88000000000e80000000020000200000008b00006932f4b8dafe3da0e49ed39868c14dad2966966dada38c1fb993000d9e9000000014eb399fcd2a19e327a750d96b1713239d9bff30840aa5d1af3b0cf8cd68b721f3387ee89651f81f7100e3ab71e9b93a4955955f361cf8db2e0e54a1b6ae04b837930f5a1752af7dc28efbffee2d0fe3c55450e868242eab263dc6b5bdb5ef07f6fc5947343f3f3e374bf9f70d79fa40fd5f11f755030212a93bb1af9379e588fb96bc47b48d316776ab2a4518f69979400000007a38ac642deceedba6e80ed3c2cfa158b9654aeac161c489e03cbea73107660c835d54639aa28371f7b809a2576f56ed0f4f77203e1290e5fdf5735ff73f3c3f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1EF0861-697B-11EF-A24E-4E15D54E5731} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1628 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1628 iexplore.exe
1628 iexplore.exe
2404 IEXPLORE.EXE
2404 IEXPLORE.EXE
2404 IEXPLORE.EXE
2404 IEXPLORE.EXE

pid	process
1628	iexplore.exe

pid	process
1628	iexplore.exe
1628	iexplore.exe
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1628 wrote to memory of 2404	1628	iexplore.exe	IEXPLORE.EXE
PID 1628 wrote to memory of 2404	1628	iexplore.exe	IEXPLORE.EXE
PID 1628 wrote to memory of 2404	1628	iexplore.exe	IEXPLORE.EXE
PID 1628 wrote to memory of 2404	1628	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\quark-engine-quark-engine-f51f777\docs\build\html\contribution.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
844e73e33ccf5096cad061a20b9c8965

SHA1
d432b28ac8947bc6cc0c285eb3e9c9f20aba802e

SHA256
2be90f600437205c4ff252fb2dd27e713c60f56fdb39f756f446979c417700cd

SHA512
ae583ff97b41cbeec37a6185f384aa786ac2389b911b2185d1792a77a44b0ebd90a7d26020ddc056c6ea3d4567708c0b5fb60e8ed6542b92e0456f6eea996ac5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f701fb0f897c0f98fbb0fd67c5782dd7

SHA1
0a26e256ae669425f1a1877dae4f2809ff6aef02

SHA256
6b53ad25c9e68047e3ea3399ae5651890fec58eee432c16e7a0a8a706eb16a78

SHA512
eb7e4ca0646dbc2270125e89e02edccdd36c73b316f0e01233ed0805aa06ffca2216a25de0c6053cd975416cdccf7960b0598e51dcfef9c5c5981c95305b5e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
57b757f0c275a801287db519593f27e9

SHA1
dce8a3c7910c83d04cd4d2fea844d06028feeac9

SHA256
c99ed2948c52a7a6973ad2ba87c061dfd70ad095c83ea49cef31ae2f666dd151

SHA512
12c18a364c3d605d987e38d4ce0136b406ab3a103045ad80e66e9ba424857e11152daa5813c73f50ece4d7053d191c8f0e0cd6892a397a4ec1ee11d359222017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7f0ff0e7c3ee07bb6de439c50f1d7914

SHA1
a61f52016395bb958af9c1e2d5bfa2ed5c767ae4

SHA256
5380a029d81c266c7172d585fb72b7106a2de8f76f179ccb0c82d7e5c7d7fd6e

SHA512
5c3a5658e84d9d495b948523fb55277560639b2e8e9eed80dbcb172e4a133253006ef21e99d872460a85db1aed2424926077c21109947284a336a6e847c22c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
56bd08de1d36147aa9c4b361cddd95c9

SHA1
1accb76f1212c4323f082ebe3d9678bd13b07618

SHA256
8615c77ddb0d2f5ddb0dda179131d3ef026de163756c43e0251075abd7040761

SHA512
9a6da288f89e119899d0f6b0ee8c187663bf9d812cee9a02c9c51055448072d7dea930894d56e36e1ee24827b441441bc1b1cc63dca191809e7aaaa03f1abe48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b864eb374cea251fc387cf295a1c756a

SHA1
f0bbd51ef1cccc8ec91b54794733df10c129dfda

SHA256
f6be7868fb4e47fa07fb00ee9127dde0ec5c94f5c3f6b473e81222096f49de7f

SHA512
4749e2f1a765baa8302e66a69863cefb2d666412b31f30ec033ac88b3b106d85c23fdde8b92a441cfa9777980827bb7b5532f9f78c50fd2c5c507ceab9a548e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5f90939e395bdc3adafbce4039faed0f

SHA1
0c74bba14e11527f3451777266d3c06fd1dcc0a2

SHA256
6ed3351a6cdba826572e4d28ee7e86bc1ea848358a88ae3233056dba7c8b45bd

SHA512
78b1b58a59db434866fe2af89a9dffc8215ad63308f2f6b7b4f59454665a121c799ec1020685b014800e61f7bbc303e63fc2cd68387ccf54ca4cdcf066c867bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
052eef8f1874eccfa56f2f3af2ec7455

SHA1
5e03196559698e6a90dc4b8d6bd7ac983dd0097d

SHA256
c968088f25ede003ceace04491ab2f10b7699b610f4303e6c8c21e5ffc135e4a

SHA512
3c1a0cc95d55910f14b93fea5c8cfa78f9fb9d5f42380fc4d1e2c0fab948f23e3d76727fa2eb57b5cbf9a1d85727e68ff71875caa08ce05a3e44750acecd5231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f716b8c97994a90943baf537f5b0fcea

SHA1
e2308e650c6ff40e12bef42350698130503ef5cb

SHA256
72416a15e1765cf785f92c539d4fc6b5911d046e671e6520b4dff5795662dbeb

SHA512
6f9fbc3242eab153913d7396e7473db5f3aed51b14291d8ffc9a2c4c52f08e4f5ab987fa63b6c5819a7ce919ee0d6b2b1b94cf130150491f8f74d60565e3f282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b83480fb773265e81c26ae39142e78d7

SHA1
1a5b13fca42c73c0ccbeee8b5ce6aacaccadc48d

SHA256
cb33c07c6e218fe5747898e5d458cce75d94b24926970c5c0ad209d665077bb1

SHA512
f7ce4e1328386f04355746e747f5c59da6f3fafcfa21d0e7e7b57eb7a3e81da9041249c59cf14745465e513573173d23d07a341dd6bc9f0bff7fb28541d18f82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e19958697bdc07f013890586b876bcfd

SHA1
063fa3341432a92bab3a01e70d630471a5768771

SHA256
fa57a68db2237dcc62875b7b87a5b35a222dd6f12a9a5da971f87585401462ab

SHA512
8e0bb4c5e5d65f8dc1eb864efe23488335b1280b23b9c403f922a60ae35f0d74f4ef811d41c724b6d72b8ee5b7b4c5f7e3bf0852be3d683476fe988cea572527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ed742b1f02599502c3f3be6b60ab6cef

SHA1
282c1bd3b2aa365151334330014f2cd03999409b

SHA256
0d41aa35b08e7e998ca9d7db151b24ca02beb7bddc1b2457773f234867ab231e

SHA512
2af9897870f04f84419b235a9a1dd8ded8eeabd3d1530f22167e201d62ab38c6909f4faff71090cc9874cd53f7ee9080401e31c73d4e0ea13ae3500f986f6c1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
862265fada9d71e012f363abafaf283a

SHA1
b48e191e8ef9643110a651824064950689920744

SHA256
c1583c21a1436050aa27dbf4f43427d2eb2a5941d45c546418b42bae15910a38

SHA512
5ec54a619d990d98e09744ed87403a44e717b7aedfa4bfa499f35113418ebf226abeb7b93dceb8a827840c58bd57d2be6f4d581b3c0aab8f4486834a5fd8d6a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
772bc15831e2647c11023551482e2779

SHA1
3a30d3590a015a4fe6d7f39d9401369c5a790d5d

SHA256
1604fd07703dc2be64cee03c192e4cff7221a7265d0ed977236cceba43467bee

SHA512
729b78a0a02436530fb5f99e3798a61c336d21fcbbfe230bfd4755214694c906bba1df458e92f0cbf539237e767acc4eed6eea15b00e645adaccd7a8b85eff5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d6cb10e267458ac53a86b56b4fd2ea1e

SHA1
458b41e0a1f3c166ec2788af6be5859f7deb35d5

SHA256
64a35de8980bf94da566d6e6dea7f58916e4ed93245189586ec799e74ac4db9c

SHA512
ba1d8b20599d571f5630ee55943991896add959704c3a5fa74244d983f41d18eedf9e36c3485190586befd391382418d85f2129d2a58f86e482065575c62acb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c96559b8cc4681758773b95ba5631738

SHA1
7a1dc7181a6ea9f8beb07cf939958be74aa3dd4b

SHA256
b1bd6b3f82626516ae1ea1fc066b546a3f18613f7db133bcbfcf5db603092c1a

SHA512
7b4634e304f97510299f320a89f3e4ecf93fb10d8e16ee8bc5e3c4e19d78fa8daa81bd8a6c53c202d79bfc41462073c7a115bd1c2aa8674f35d8b133549fe0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA595.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA634.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit