c37ba933318bf6d0199a02595f07183db1190a39b3b4c874d61b17ddf3e6c714

Analysis

max time kernel
137s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

▶ 🔘─────── 304 43_1939360351.wav.html
Size

2KB
MD5

3cc0a316c261eed45d507140186ad569
SHA1

f173175c5e9ee9b0481c0e06c56403c14807a2c7
SHA256

9ffc641f47e0411465ceb888892162b9eba8dda093e1b37001324b560c2cfc36
SHA512

6e69062e33144ee6a8cd60877874e6d8e97e0bc69b23ac2f2cfd05bbdde5c39e2a92371302cb576baaf319d3ad00b9cd9734bca29d0216cb65ada4d4c5fe7f94

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431835531"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30454103c800db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2ABB7091-6CBB-11EF-A17D-4A174794FC88} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000072abd1f216fe92b11db0eb7a4ec458e535222d7cb059b12760ef90a66bb78e42000000000e8000000002000020000000c01a5e8bcc5f0943e99928003c7064fb6927fe10c866976a2466c8761afa961220000000efe63814bfd6b8bfe61bbd277404fe48ece45ad3fa15695ebb858029960ebf6340000000d901aef1a42f3e5983627f8c9540ccb5502d180d84ddf59a74b766dd66a9a5a41e713b1a2b04f124f487d4ba2e3f46bbb3e02a126f5fb485962f1d4416632ba2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000e2f2cbab3dc9705c559b5876b9d04753b31243a940d7f7f67d2ba455c6f657ab000000000e8000000002000020000000486db0c9df90f0471dab3fa998cff1175758adadc241081611550245a872eae1900000006f8769b866eb37eb8f1dee3a5752bf9534df460bdf37fcc1380f73a3e9676dca3cc18ba7116b9eb5bc99a606449415461a442d86dadacd62d74866797ff512f8f87cc142e0929a5622ed8492df9e4034efc7f2deb7aec5fba1e6e2cc5fb5c3212bb96c36fb882dd3915e2e116fbb59329db74dd15d9bed9bf73aaf79125c70d7a4dd42b679c7549f20743bc7cf3936084000000017f604e4dccaa79647f8fd47e8cf2298227ced9b26268a3ba3243dc062a83821e0d2cecb70794ddc63fa95804bfae82ce14035ac48fd93c82a7fb4d5a904241b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\▶ 🔘─────── 304 43_1939360351.wav.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9415553a96855ab5dc4a0bef6e4af5be

SHA1
6ce15584b0e9e6a4384d08e479a82dc81e313648

SHA256
e2b37ac4cf8e43b7a8fdc6b53338cef97616aea9a7addb4a07c1672d00e6a7ed

SHA512
4f8486b371ea4ac759b2d46fdffd6613c2155a651912a87cbe08f529707feec7367276ff7f8e133544f51014f8d12f83b913f346519c2a8ad5fa26ca28094be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d423c6597a1a92b541cb02d8df47ba9

SHA1
c989500932463f75863eaccea82f19d391e71f6d

SHA256
3695ade79297913be24e1601f2da61d95fb22049ee694958eed6f08ac5b9dea4

SHA512
11c8b304cb719db1eb2a9743cf5b7ae91e43bba9230dba8d6a8ab8a2cccd776c1018ec537e096a240c6cde3df14dca6131ff2e9fb838b7952b75c5cf56fe975c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0552bbf8612ce7e3308b1521aaa12768

SHA1
2c5df19d56570006afad979c5d9539ad8be5d429

SHA256
d22fcc045feb9e535afc35a229ea6b10f86146cfed94570e5d12f32b229d853f

SHA512
9c1b4ede782749f3f5dddeb72a8c12f3dbad691562cbf86121f576f0e9e762d4b8f798dcf52b06d974d37e6a38875d3ced8ba6c45f2b29708cb2c99445553c00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afcc50c94e48aaecf95394feed5c3209

SHA1
410b1808b41f1b0125cf5cbf77e78cb08117e3aa

SHA256
84dc454f19a8821c3345ef86ec032387418689addefd0d7177854036ab01b3d5

SHA512
3d24123c38d3491ebfd99bc6b96d5e8a4fa1b979fda749329c4202a6ddc80ca51b919bc44d78bf2069a28dbb8d2a7ff0750954c3c93db154e9fd2baa351e6feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c326b725c68c73b4236c61913edde7c

SHA1
6305042fd2a833535c4e440573630e202172add7

SHA256
dc9be3ca7d480abd1bd1f5b2e1132c62d185145818582d88ea317c7b92cb3de3

SHA512
f47fb16d24048d26fea781ef06d1895622829e9d4cf4a0d73464019e14aafea10883fe91cc0b2a1571605d4926c5bfa1d63c0ae5999bfb8d256b15b35fe50368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ceb4f3601ecf37fbe93711a3424b8a4

SHA1
53bf318426bf788b7d2a2e74ae0facdf4e9955ac

SHA256
de03546512cd1e6230f1c6d4b4063cb8ccb804621d15f952aab5c75a0ac1c42f

SHA512
244ef4eed48cfd7a2516f33b8846b794e86a672745b2efd66538af329af93bc7b514ccf26e42eac6e2d0c49edcbe467329518f6e87f0dc0c214aeb47e22dafc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7673d88043f98a2299b89ddeb273753d

SHA1
d237a40ae6037ddd312b7417029e5f3e1554d819

SHA256
21a3565e1bd1a0f0d6caeaf7624553cdbef17f2bb1e8e968fd66d93c81ed44c0

SHA512
867e0060328dd82fd82df850517593eb5f02c9783c32fe583bd87c3d2c7a913df0381bbbf6ba712b407df7bb2c33f97f84ad8df7272ac7d6d426fdebc3b2d446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c8fa3a23f72d49a5556f18638eb3711

SHA1
1560fdb83856de0321ae1590ef83398f4f93d2a3

SHA256
0d4adb8f2ec1fde8839663354ef42d05ccf0d0b2981c2dd9a6de3ea2c31a7403

SHA512
d830be49f0de47c702ef0461968f0d7eb7681e79f4028d054e84ad4cdc35934fadb285581587a54323f29c8afd5dd2f9f5de01b5a0cd6f21ee6f02467fa6b825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6f22aabf7b81e1b1ecdb0d8ba0dae75

SHA1
42ae6b624f0bd52a7b07e0cdc97fc24acd03a701

SHA256
4173e73d17d401d1be162e225b3a85663c96499a5b1377e0b4a4e266058598fd

SHA512
2e26bef70b28a1f292d897688babb37ceb87883462773e7fa7d4393532fc6016008d43152c341d9e725e89d4052fd9f74a7462bae864ce024d2923cb572daff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b60e24b22620f052ca2fb64ce3f7a31

SHA1
681013c0c31ea97b272aaa0bf50690cf4a945da9

SHA256
9fd23d4b90c4197bc0bac7a66933ff409e948bdccc5e7f24573385859d191593

SHA512
56765e8c4dc7c091296fb8580afeddaf81b9516ef8e07d2b6c7230da97ada4a440a98e7f2749a5a045bbdd4b819faa4ee9b7670aaca2cc0ff964841ac269b550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6266a98517e301cfb841d21c0db1e5a8

SHA1
aebf6c7271c52433f1ebb7cd8294477637d673c5

SHA256
2719f05ddde6e4a90bf491f387487bc1add6123f38bfdaf0803a5029885e2b25

SHA512
bbd116b0df7b8db65b5488322be58ae183c176ca42b1ab66ea368e4f4d2316dfc9768bc350bc1afebebd1b7e8c16e69c81690f66616b18615db88f45178135ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd26ebdd935305d1baf917038b08c0f7

SHA1
4b434072273c863d7dc963c6f4d72b3c63d17bab

SHA256
19b2b38ab673ba3be32f7c7f46782933961c8d0ba172285ad28a5606dc4c11c1

SHA512
0cd0be6517cde8c5edd80aefc5649d8b7de586d0a8aeac06129a773e925e1afafaacc54d5e605b8ce1f776e342bebb1264d14603a26db0e9730ad94f000402c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d2d8ed4a25bec5755fcd6e49b6dea22

SHA1
25dbe3ce6dff7ea8fde2c579f21af76b1220c2c3

SHA256
4103d19a2495749f236966135b0d7d3d212fbf729862154604899bf5e696f750

SHA512
3427a986267ec8699e9246cab7fd50f738fae001d31cb9b0a54490fd53dae67107ff699cfc8db3befb5d8caa7045a931f6b007af47e582e38b6b3f603898e4ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58d0eb061711b0de1cb7b2585131a489

SHA1
e4990309d6eb5ccf933d7202a326e27a246f1939

SHA256
30610b8a2c1a847d0075c85d88abeaac497c486b4d46c974023a07c9b1b45b95

SHA512
a7f72ce33cb3dd4661c0684fea53a30766a8b39a7b1061cbc601cc6b822df27fa1dfeb9d24da75f6c57f9a114f4bb337af2b602cc90049c31618c977d2d6130a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11aca9de10a3bc340eb9b4e8ceb68af3

SHA1
b83d07e4f14f4307fa0ecc71ab67626ad3b077ed

SHA256
49cb7eed476fed398dc794908bd9b0aa7ddc1c9e02c64f5f2e9bd08624304e5b

SHA512
1b77ca43ffb1dd886069ab6b2d5f077e1a8094263bd35d6876b7f57e47a453732d5b052a83ca1f9e383f3f25d9dd14d0ce0eb85319746b21f6b5795cd24dcad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88aa27de45f3ed532b1b5aa18f9b4d94

SHA1
47ada8bf3026289dcec0f045277a8877b28fcb6b

SHA256
1467046527fdfcbfe16cac43ce781ce9c8e1bd2c0cd363dc8995545cb5eaaf34

SHA512
1dbfba97fe3504179f00486d0b512f9489a244fefe2c99d93620c97bdd029ad1fe91e1c865da5b82f0f8d5bb4f9397440eac89aa70148f59248e24d7ccdfe8ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bc8507d5c1cddf0d73a063afa80522d

SHA1
e61650f45071be2e8b00ddc2d6beadced4c2c8f3

SHA256
845ac651ea4cea518c96e361d82a0bafd0fbb2537dd4ba0cfffb96f60c978eee

SHA512
16448e2767782b4104973c29957be225ceb3c3c53aac2974d9937ef346a2fa116434322fc7cadec4b4d49caf1e733b9d4d168ad9708ddab6ee4b02ea0f914e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4A9A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4B0A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit