0f81b2681475f1014dddda909b1a95b2b83d3f70e502bdc23256016a8d188d4b

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmblog3/upfile/fckeditor/editor/dialog/fck_anchor.html
Size

5KB
MD5

96508304923c41131dd2ecfca4b751aa
SHA1

d04d2731d4117d6411b521d13df0de180bb1c891
SHA256

013a9369f59db75a43050582a385b9e638292120ab84abe79c60aef6efab436a
SHA512

6a5d197db6e1cc839b722e7b2fa6784e50f34fee81db8eefbdee1ba1089a8c8e1389b5b432bceb1bc73a9b97031d9252c3304318fc4540cedc5f62bbd550375e
SSDEEP

96:ow+IlIhoImIboDQVjRzO+r+oNVaqdq8bA5AqxyTqyXXkln+UdaTxeBdjh9QfCf:eIlIhiIbDzdrUAfbWn+UdaTMdcfCf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200a2ca29d0adb01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000004f34b2b475b52225fc7cc6ca399f65a9fe62fba7b8217ecabd59037b7a5c7725000000000e8000000002000020000000f5175a155e5eefb27b4b887b3812014420365154293cf475440e94c08bb9eaea900000008cb20f8ba40a6f2947a5a3ba0af4198abe02020e62677c280da7622b38a4db4e698349347dc9fb49c4899cf6ed7f16258bfe656d5cfa0281a3008d0ff8ee5bf2d471607e25529f9446e2867ad7119425eded782efb9e33b8f24f63711a006829084e2ae408e6ef32e38c84b7e61b1437586ed24402b9e7f14d0e63df94ed845382c968c24efea18ac6b825c5c249ded940000000faa7603881ff06e8b154602954a7e84e1ad5eb35743e50e56dbaf28d1a15c0032223f54c6c5e79680df8250f873dccb6f2e1307a4cdb35ebc2dbdaaf9c4ba83f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDB0C911-7690-11EF-A364-FA59FB4FA467} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000e6c1e6b7b13a93fe66e9ea76b395830c433a0e197ba064824078a11c47a6b60d000000000e8000000002000020000000a2830029391ba019e587385a5ffba3db168131ca42edcdb95003e331248175112000000032f8324fc28ae2dc4424eb42ce14b7634cf7c51424b8a6543e31430aedec7e8c40000000e2343ac6b473e00fe63e8b7de8111b76436ff154ace008ffb8ee9ff79ff90c0d583a874da6043208199f58962900423d557bd03cbebe3d8958c9d752c9ed75cb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432916844"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1404	2072	iexplore.exe	30
PID 2072 wrote to memory of 1404	2072	iexplore.exe	30
PID 2072 wrote to memory of 1404	2072	iexplore.exe	30
PID 2072 wrote to memory of 1404	2072	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tmblog3\upfile\fckeditor\editor\dialog\fck_anchor.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05a57f42c7a34af4dae28d4d2ac0b2ec

SHA1
ad276f17a457492866fd92f2e96b17be8589e253

SHA256
b44ef329317eea55da0f5b2f1524ca297c202eccf34d4b9854f6039674d789c5

SHA512
093cf561fc2c43c9b7638cbf21322855aa700febea7a54709f4a533b482a521dd8f1a03d363c5b0220f869034d07d1f3332e7f4037a6f21919bf5e5f62ac951c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
767dc20c7b67e6f188b03927a57862c9

SHA1
814f1aaf931b8f5b0f5f0928ff6458197589f1cb

SHA256
0f49dd2c6f1e0d50d73061473e61f8fa24a178ff847b2169b5cda52db87412b2

SHA512
f70808b5a7d3c2ad0644ab252f7ed0e8dd790c73b0e99f71b0f286dca6bcd86651ac5e15a24c11ab8d569dd701deace6eb4f9dd13fb46b0d9cf23b8058ab80b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f69ee9f99da742f58f95da06f216a085

SHA1
d4790147f14f43774d07912559851a5764d9bf9a

SHA256
0e80c177b47d621935b514385b4fa58766c817bdba03ce1eb7d0be6560ce4a4f

SHA512
207653be187211b181d25a817e7a99d336410cff13ec73670baa3d142530706459740b694a3cb74fee202f2b9e5620a4ff883971cb7fecfae4a395386aaf5c30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e24eb032de2f00dc9860d7ef519545cb

SHA1
574342513c8bfcf05d433aa87f80ece0c202e536

SHA256
dee71616d952cb19203230dad342d88a5438d3c3b0de23e42c41cf7fccb006bb

SHA512
0e3d858a06ae1e50d5ffbbfc1c3cdf8644dcbc7164bc9171004b490a98e0c8c475cc2eda94b4f1ff4cd43b2857efb38d4e5d15ac1e2834b61a9634aa9c817881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4953b23171694adb0bf1d5b10a8ee11a

SHA1
28127baa529212a7216090570d850f03f3a110ed

SHA256
7fa6a371ce3f53a1c631032c6924f59d0819eb67826c07309a098dd99c9b8ffd

SHA512
9d01017d19b7d893baaa1180ac6693899fc0a68f328270192fc0e13dc7ce91bbd21ba5bc3e6ba92d85305c7b32827679ef6ea43b7cf10d424d55feee2ed7f5e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77a0be592a053b6b3325aab824cccca4

SHA1
b72f76c9b538e4c5039cb81a134ef8c1e70bf230

SHA256
047ba698a3619fa7022005fe99d8e0d7252ff965db7eadf1b25eb6da985e62d2

SHA512
1e5f2c2af02664f164f0b10e6a1bd8695ef5541169cc06e6b8d2efc095ef5fb231cd5650353a267cb3b7a9b8a9329e1014179c275340c81ea7920e1c3c05e79c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10eb9e8174060134273c59c542bf7a00

SHA1
2afeea643557ed5adda8ebf845744b971fad4484

SHA256
f15ad39b0e5ecb1c734178443868db929c8b6b8340fd324120d61c145ee3dfe4

SHA512
3d8d918a68ab3387fd94d5e4213ec4a3da158e820603966ce05c76a32a85dab81117148f2e263b05a647d34066088a2f43d39e84eadb0b235cb2c6a1326d7a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
663892c106515be7f3e6e955d2c4a79d

SHA1
367464cf9c630adcb8325a57756c4b5919316cc0

SHA256
e44914bbc0bc6274d4bd56bede1ba559a9bc71bf8a82eda9263bf690dc571693

SHA512
5eefd71abfd09cbcc0024eed220d5fc018741f81b1c1e727bc3f12e32d7d608fb2a8a945221779653796e68f25e2b1a5a8076ce10b9d967782d295b75418326b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59408f125dd6a51c009f0f3bd9d2ac32

SHA1
d4225c0c122c43d8671594ebfc2e152d49780d7d

SHA256
b4ffd1a6a5aa331521f44782c6817bfe495be23839ef8fe687317039bbaeb145

SHA512
c3675f0b4ed58cc98dc0141157b09ad09388e303999eb567f40abe3df819192edff0e52ad09ee4d24f6066416c0f64923f32a45bfa941d0e5ca9d099881d01dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59c7464ee20c7338d1858e42ed08a119

SHA1
25f36b882c30c07a4be5ac960fe78c6e1f169db5

SHA256
c1572025cc151174a020354fa293424da5ad7ed6fea63cdf5c40f43f6883c229

SHA512
508a3c9acf0543235e1e8899d7c1fcba87c49526ce1b6cb5393e95e325be683aa4f2708327943ecdf538c3b70dfd2f658d33d34c14ead22e4c46bceae7e7ad89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d667f26e0d9951276f3aff48536b52b4

SHA1
1311a6b9980befdced7aabfdc6566a4d2dd2c318

SHA256
840bc624bd4a7f20ce609318b9235b6fa24ad53b4096a5ac46f54a24fc3729e3

SHA512
aa2983f4345ac9cc8cd17e428adc2225cc91314db3390b57ff67eec347cf08d35f6a82332b8d6c6ef9a27bb596ba70933e5c7b069fc9d9b6d44e61932a792b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28814d5b6bd51eba86d22d305e3f3346

SHA1
12f205d8643366d54edc746decacc9a0c4bb904c

SHA256
8de227aa076d7a49fae109509530950be2c3bb9cd69efeccfb3458950a27c95f

SHA512
48ae6557378a31ee9d7e5393411bcc4ec09c320c1302f96d697a45ab0e9b2fbd4e8757268b212a10aecf9e88a7f7ae528cd59aaa0c0cba30e45d987a163043f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
038b5398a8e73b9740704835de5d825f

SHA1
1d8a16788e053c769f5281432a878617b615069b

SHA256
9bb5a1c8170b18fb964533b6e6832d0d0ae593fc092a38f0b134e5b3d689c53b

SHA512
cbe3188e04aad1bfe3b132ab4b41da29356a8ed7f49f9bd584c8d4256224160940a8b833fff6dbe14657b79be5709bcf768ed00f0ce8fdeded7d6181b0aab81b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bd9417257d17dcf1ee26d27ecb65c46

SHA1
fba6c8e63f8cfc9cede9c5b92095ec4e64785b4e

SHA256
28e998713a9795654831c05364a0ebaa2e543af368fbc6ca81a0d217f16ac3b9

SHA512
a0fca7c86c2244ab1fe8ce92d2e6f5d44e977cc525a374db01ef2b332d5beea30d337e14ce4e4c90b3753c7d04126dbddec864bbca40649477cfa3dbcc5152be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d324dae4e43a92942eacd7ef5815675a

SHA1
f6e4b7f403463c7e1e3033b8de00b0e1843debdf

SHA256
e8d515c2aa9962b15f233f88e032bb762cfcc3bedc4fcb190b1beea785feffda

SHA512
97890b5eb44811e213e2e3bb543465bd324129e638aabba6ec64fcc404125b62de985597280b11398046b833f3d335755c7770cbacf5ba15688e926b8cedd934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f506a092ee68f83c73459ece5beb667b

SHA1
495462d4f2ff70fc9abd125ffbef29f557311189

SHA256
f6468fbc00ea81d11e137608deb6f0c652ef3d4d38c2c0c590b0f90b5d41c822

SHA512
179c5e84f4972d91c410b1fbdac24f496b0757e06b58ebaa5be222544327977ce5ef720838ef16603799bee91970feeb7242e19b47ed0859a79e7ed5c7347680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57f6e3e19c1ec9459672fe0d2248fadb

SHA1
199d5ffe14785dbac2ade7816346c8a737f2d44a

SHA256
0a34360f0bf07f071caa132422d4237a5c64809b338744faba3c084404349b79

SHA512
b61683f5bc01c85f7ed32645b00df5bb49692fdaed6b87ec4f7e92fb2f8a4e2feb86b80924cbda0e3f6958b18cda5ab06399e7e6507f8801f2e0073ab0cdd2dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD357.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD417.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit