21b34d3012e356d254ddc341c2593b5ac33839bea026441d075506903127d548

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72ae470a7698d336cb7efb00948ebc3c2b4a62646565683536cd7b094c3bd5b4.html
Size

25KB
MD5

511886e382799f9801813aa792ebcea4
SHA1

61eb50b47b183791022e99835702b658bdab2304
SHA256

72ae470a7698d336cb7efb00948ebc3c2b4a62646565683536cd7b094c3bd5b4
SHA512

c978881322d96718bf2683908556dd495f8846373bd72aef7811b80831aac7e761ee01da7c0373a8afb9b56111b1d41085a55351e4c174079c76613a23c8f370
SSDEEP

384:anA4ywmwmp0noGztvukeKXXTupwO6wtqkYLIWQQ/U4cR1LeeIYECdG55LkuxOk7X:y1YqtWkek+dbU1k90t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431520136"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D66BBFD1-69DC-11EF-B6DB-72E825B5BD5B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b4e7aae9fdda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000083099c033d6c2149064004651d3651d61dbdc0ccfad5cf9926eb466623a4eeb1000000000e8000000002000020000000041b2faa6197c56e16145517ea990a9c51fa7ee93f7ebf043c9e9454bb39e35b90000000755811651420bd17e79230fda76348f33ca095cb70417a4cf799cd28ec467a4c6114711b9c87bc376f49704338ebe67069c99c32aa338ae8aeac714dde9f63e172290e284005ad3ed95af6c17b71d688c9499fb457e449b3c3eb9148495c2421132a96dd2829a370b4a1e8db92fb8f022716564c1ca32872e080e1f0c9b850ee2943215d352835d974aedf5c1cb60e2740000000810c3b86df3edff188e43ebcf9de26100c9caeece9a8e62342f64d49f9c1135cd4d1bd90e4e6036faf5d102f56cea6d1779ee0b57ecbc7705f387ba429a021c7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000004022d8c31530488847a640bc684ab644d18385507bc89ad838c40c0c2a780b3000000000e800000000200002000000094cfacf1347de4f3a1794f869cf188574f9df1bd0f77b02909d7d771f595d4bf20000000d4171c75cbe6f346f6ca76d3c1c29c09d9e9e379178fb339cb4626cf81a7e47f400000007cb1c1180d6f8ee716b56818e804a01e8bfab93d7e63ca0d46cc9d208ed8fd5801927f51213f0557141910c69b08703c1317739dcbcf83ba599afb6f2ef69527	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1676	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1676	iexplore.exe
1676	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2140	1676	iexplore.exe	28
PID 1676 wrote to memory of 2140	1676	iexplore.exe	28
PID 1676 wrote to memory of 2140	1676	iexplore.exe	28
PID 1676 wrote to memory of 2140	1676	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\72ae470a7698d336cb7efb00948ebc3c2b4a62646565683536cd7b094c3bd5b4.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a240789b9f6230d4df6be7e7999b2d05

SHA1
6b86b45947faa743a7b1a0280ef92b09656bc451

SHA256
c50b21de7d16adc1f7ceadf2790d56263a577a515d926ab594ff28ed5e64f3f2

SHA512
dfbaba79957d9603028659cf652393b7b772d0e42c333ce3e621f1081113f1ad790e00a1c15785ca2143ccd2edb353932461ead8b0b159b97123a659ed73c67c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
565340d562abe0404396ddeee8827262

SHA1
768c234e178b616ac8942a69fbc10ac135621ed7

SHA256
fb30152de9668d3845221c4708604eb94f9fde9d7f631127f6aeb29cf7e4d7c7

SHA512
7f7c31936b6612b3b8c39c40e10bcffa9076af8c587b27a0d91bdae1f31980351a9a530a49a8dc5a26e8f5c9d92df7a209bdeb9b3fff66190adc67ff105dc924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c89fb166ba54f13f1c5dce9263231c0

SHA1
94e5b31987d42fe1087c8715f971a46f79a3e6d4

SHA256
83c2e7159b18259caeddd50cc62b7c638cdab438ca9bcb933824275fffe5b3a6

SHA512
a56de99698f71331819985fbd35b2512bac5593356936ea5be611676d2ba71d8dff5724661cbc6eecb2dc1d1cd1d34bf426c7e61e7d259d245057961e5dcf7e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c56ac8cbc5c8cf1c5640d7806abf28c

SHA1
eeb268857d640dc84a387473ae55944b1f3ab379

SHA256
ff3046ca56f131ca3ada0a16640ff50646c923372461e06d244e21ba1c9bde74

SHA512
fd1c1db6fe7be536a3bf5f36537baebe50a201a22fbbd16fe0f378d1779ab073e289822798579eb12b8e754fe0f6866db3905411f1dc10b0c20b236ec3b1b10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02fc660d2dcb8033f113b992503008de

SHA1
296646e5f8f9c347584a53d021f058447e62739b

SHA256
d672fe94a41dd8f4757300e67adf78e36dd6165b96cf8149f8e4e3691b1b120b

SHA512
f4c6b1988ba2716cdd30ab040330a1169be0f549d1fe2420fc8658c561f3d14e792014bede7c411769a5a2902abcad7d5096d3be980092b1ab0811a8a29045fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f146eb4045c680d5e05f49f3e83e153

SHA1
9f246340222b7dc12621c1a722906f2fe346e60e

SHA256
4aae8f68b65e640131f627f482de26046ca4ada140ddcdbba9c67bd0dad7d60c

SHA512
4bd53adf4fa1c675355a235f49205f6ebd490aa49cdbaa36aff27813885ffcbacd60120debd1143b9fcaab8a019c62eef6231fcde5b7a9af17b69e62fc52675f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23861e176d13e87a8e5e890e5cd94731

SHA1
44800224b4331b7a141d81278621fa5ee8607052

SHA256
c2c60953b42d42eb6b34a58c50eb6e3ca989cbdc71bc4076ce1efcf3e1e21b16

SHA512
443252f715d374c7755286089e950dd0b497ba2cc1ce845b132e1bb836386676c6a9dadb6f784c9f1b203bde651d50a2e194bff1538f0042856da9dafabc57ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1294743275a08c90cb924c645ec3e29e

SHA1
f5db31d0a2d679383bb4baa150e1dc7e23f71562

SHA256
22871ae1d1c9618e7059ece27f9bcb5e9e00e773b0e365f608be5e8dde7cd41a

SHA512
06782a6d8748f837869216e123d1bdc8170a2b50ec7a45dd02e61d8b29a687819a6205333522ccccbfb246e77b6ddac96bb56a04c4816b6ef1156e2ad9d2df90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d86f021dc3cb403595a4a2bf0970d02

SHA1
85d189fcaff302a72147e38a9d73d1b0ffda2068

SHA256
ff3d6695325f8db9f58f7e0b544b5a8e4bf6aefe520b1cf562815761a5e6a1d0

SHA512
75a9114660cb0aad0c327f4d1224bed953fe6c681251f1df71770feb518496e81e3563827699e27903b3dd0d2512bea9e01d277f2e3ba502f1d8447e973117a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c635f7880937f253adcbe4b76b29da4c

SHA1
3f9b0036b1be31e97c53ad2168b03f2c37c13611

SHA256
ff170cca3d200506506051ed3345ac5669ab90da1167c166497890132dd97c19

SHA512
8ca8812b0597f4431924c9ca20ef5c74042d003138b90a190d4c23aa61303fea3349af1122cf6a351c1de2234658749c16ec922ddee50580095812ce8b01b6a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f07f2d359d092b6231af8c5e72f684c2

SHA1
f9be6763245c6727a2319af56377821686be4e47

SHA256
f80fdcaba49cb470c63fb7bbdac299f4c85156d13b23d0b01966a9965d3c343b

SHA512
a48ae3b4d9920c2f2fbcb3ac184b96de627a964773044f04cf9cd86fb926722e1df0c234eae3e51790041482e49e2f3cb8a2633fec944b521e70e2e707c12821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
523b5469c2ac7612b8bd58a72aa53004

SHA1
9b53579c3b3b11972ec731b52482eede2b09f76d

SHA256
01bdd4d6f8c3c4068041fc9fc1eab935c6595eb397e79b815cc9f6f82e4131ce

SHA512
de2e5b678d2b24a76ffbe5e47eeaaf780dc0d2e1861b098fc609b07ba4a3072a9d126b6cb9998e14a11e82e86d9f038924726d0fdf08bc1ffd1334da3fe091fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d81d29a1f461f6b81d4c03431524187

SHA1
3b46f87b6d4cfbc7a22f10fc67975d4e37dae938

SHA256
41505a9c649ad5f277433919feb3cdb50937e68fbeaaba120023f6a6a876e59b

SHA512
f0724dc871a2da26c642b5e5aec45e924af74e013aa4c8e6f7be5b1b538cf1185d63f762b712cc0bb38a5407c0122146cb8b088deb06e240914ef4a572db80ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a03bca5684f4a14814523f20b7f7961

SHA1
3e72d94766ea7416adff3ee8f7cd9b738d751320

SHA256
512849e3f19711dc094988de0206b079dabdf12bdbb078b19e476978ec757af4

SHA512
57e410a7db6e4cfcd202c22c7fd0b8e5f96829aac541999e00988e1acf537611dca96d3229c48142300c39ea55d8efce8629d9809b8c67daceb1c41cb0342c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c93e65b8e3ec3fc722e46e3efb017af

SHA1
2ef0113d7a0b93a23b1150286bc48df057a12b38

SHA256
bc9240fea82d991bcfada14c4cce90cace84cd69d68f8f734439c2a02a132a1e

SHA512
efbe832d692eec0c0ac9ffdec9e3ac08dc43f07c22539fee6226961ce8d29834fd3207c460409749606aa7a26e24e203fac441208c49f2832a197fb36d3dc642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
700c5ffbbed62499a19b51adc1568b40

SHA1
803e6e9e2f7b594139ab2bcc77adee318809094f

SHA256
090ca52a6413ac2119820bfcc4a3347986c422507709de4d762578c9cc342a6c

SHA512
4856610e6334664183525f33f314575ab1d248a587a0d9eb05ccfcd7bdf1ed0582eb47770db8f96b615b9e349e8ab0c664a0122fd3b5054aa589be4b8ed1c756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64c1f9c9d311e0690dd03b94c8b39dc5

SHA1
ae03b148ca54d7ae21b71dc1b0eac4bca170172f

SHA256
9fde2dcc670484e49d05d7a7018ddecfe2d0468a123500c7b9fe7dc4c15b8c39

SHA512
4e24f208e5fd3d2efb2b11e9add204662bc19afedd0cb4e5fdd4398421b422e101d409ab81fa10fd7260fb208626b97bd5e54ddeb22f8fee1b044e130b0c856c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB492.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC114.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit