664555cf762648ba681ec342b9007d3d08a9c4e01754df5d350b81f6fb047585

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

4.5MB
MD5

d4a79b5d46f0931b9eb7125fd40baff0
SHA1

3a38fb263dde2251b9fe157b5fddec7acb07c53e
SHA256

03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
SHA512

17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339
SSDEEP

24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{373ED681-7D88-11EF-B984-5A85C185DB3E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000e92584e6bda5444af02b769eb85adfca07f3f212762852332c028125f2bc3000000000000e800000000200002000000041151e13cca0980f6d62608c40667f090ae9187c13f896f1545fd1134e6fe25820000000f2688e9e68f6819ff47cdead734a65d729177cf17bbf7bb6dc68907df76dabd240000000703ce36e806e02866d5b1c9150cc7be1e4291f547f206c6b90703a4f6292e4fbe7e3dcacf697d6480d89d5c8ab762f5fb310c1fa7a637251e833753a902de3b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6024ce0b9511db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000041d185ae4b86a9c34373fce65b91223f3c976b6c419d7541c682d53b3fdc9596000000000e80000000020000200000009d68a759b119b67e280f8703c5672bd718c2bd19dc0c05ee3939382b8ef45204900000006b466dd266403b8fd534c80b3017ffa177fde021680dac427a61a6a585fec494d38a46a0c29d12ae456d5809c6f8568e2cd542d4ac40167e3ed6b00863ac6ee161d57854289bfc2398d50122e8ddcb6da8f9f0e111ab466bc9ab93bdbdd5de899f2e71b6bd2ea976855bb11b9613f61787872f640c681172f0f35ffcc9e520c45567df7c62e768f960c5b7ae52f00d1e40000000f96383f90c97d0e12ce7c01f5804dba281fbed7b126505855a9d803ccf828283ea1fae4b509275cb094448450cdd0de5b3977ce134800fc5979992c2f60a3901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433682814"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2924 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2924 iexplore.exe
2924 iexplore.exe
2428 IEXPLORE.EXE
2428 IEXPLORE.EXE
2428 IEXPLORE.EXE
2428 IEXPLORE.EXE

pid	process
2924	iexplore.exe

pid	process
2924	iexplore.exe
2924	iexplore.exe
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2924 wrote to memory of 2428	2924	iexplore.exe	IEXPLORE.EXE
PID 2924 wrote to memory of 2428	2924	iexplore.exe	IEXPLORE.EXE
PID 2924 wrote to memory of 2428	2924	iexplore.exe	IEXPLORE.EXE
PID 2924 wrote to memory of 2428	2924	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4abdced311031269a9c1399029457afd

SHA1
3a7cc7d781de0f512e8426db065bd4608472bea1

SHA256
e208a9b67976077d7cbb51375da5586b9b2bfa462bd10e84a66ce50f1e718a94

SHA512
f3f13966f6d8e16a244d0833e41a56c840419cac206bd762dccf98db32c55ec72b7ec3c1c2a82da76fa69dc1e571d52790f75d1bbfbbdf043f0c8503fcef82fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75a605b41ac10b0f34205fdc20ec3c45

SHA1
12a55523766091e12a470f438103c0c2b6e2ed51

SHA256
7c31ef7dc15948796475f2181bcbec0767c73ea91b9c7e88e332cecc98eff3a7

SHA512
9bd2d1be335d8cd054f6443f260936bcbe8fbadc2f38f3d25d9e58c3e881a2cabd5cffd2e1c231712c68ebd9e5f91de12d9d9cfb3df22b368fc3082ccabf4bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f11b8b322f65bba9458594c512d7ece3

SHA1
a5ba20ab0fb08281f67eb54ec10bbbd36177d97f

SHA256
f3f9a7002a7c431a9f8150d93ba8d2187627c5103db5291520a8849a36468e2e

SHA512
4e87ced93088604fee60a660ddf8900c3b8ee7ea58402de5c66bb360dc1f061af79073bb4c7ef7c05ee9ac340782533fee528822cfb464a017e5d9ced04aa7d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c304bcc68318fbeb8c93406b88de8b5

SHA1
bf218754b283dc9e7d26c35ad78ebdc39ffcd724

SHA256
7f993843e5c787c854526a912c957b73fd6a2292609295ae49e5539bf82c4856

SHA512
4dab6c948b292377c3189241253e819be4dd9addee4da88591079b69de5c6c2181b7d9a6306813f2bd3e96013625b66510a17f6a5d316d6afac1c634da290561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37dc27379b7ce323835576b57cce1b12

SHA1
73cfad3b897f06e1d12baea7102468f4f36832fe

SHA256
f51b58e5c3f95fa0b2190728f3b3d5194f6611eb5af47e75ccefe5545e6e8972

SHA512
1245462db9058008769093cea33aefdbfd993a250f67390fac0aa60487138ce4a7875e0d1b8334f3e5f6b2b039af10de5200dd2588edbbcc410906f524c78757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
414554f239013f0e0f48f4d362fcbf86

SHA1
0e0a1f1d65c439de8e91a5eeef0d8e751049d0b7

SHA256
83afe94a3c39577bcf1cc3dcb1ce05c483422fe853d61ba7cc01f4a86925d2d2

SHA512
38a05a83c0f58c91d967fecec150315cfe20a1805b3071ad742801431533d5231edf02e9db7330e4a14c025a082fd5afff6cdc5b4c71af7f7c9c2e1dede759b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6badbb13ae823aec260de8455cfda4c

SHA1
5451f79a5c373985670d244ca8504720ee8a2820

SHA256
af9eb212ef3434da1e5d3c919c50b58f09b8cda9ccd9d118d2dcb1b292b262c0

SHA512
6e35ff23a07271d4cb451912376a8e07239dcf2e3598d4b4d264d57a8f1dbd13f16d188ddcc6b4a1f2c3093ec893cacdd786d335599dad4949a3cd5306ceab2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90ddcd5ad8bd17fbef186591a2067287

SHA1
2574bca6e2a92bedc6bb5e8774ad5354125139f4

SHA256
bd690255179c0112e9dd7df5007021d8360884ec7bb27a900897faee0cb86d62

SHA512
a0e994ad38870bd93a07c7c9ac3b9de6d56b3a932d3cebaa92c8dee578c125eb343735bc8a69f677cf8591d5278343b718bdaaca2f0a6ca3a6abc9bf67986abb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c581f193744db9d50c538c6ec3cbf2e1

SHA1
fbf565b274879814c9240d94acfd11c56584febd

SHA256
5132e7a3a54db27c71b66dbc76c7703b033a29832468d501f18efd30fb48d9cd

SHA512
8ccfebe6c04dce31e4f300907372d9cb948260776133a72cb91d13bf6c7bb7a1da350c508dba4ce58ff5914788409f528a389622ad57238a7fc7d244073d6d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08479900c51e5113f136e0b835fd8d27

SHA1
0b340d04c43b8aa0314d8b72d21bdbdf0f6217ac

SHA256
fa1936fa9a5d391efb872f3b22b15a9a3a4d05cca4dc6d17da06975e1671c68a

SHA512
e0ebebf3751401a6f2c2323aab0858a6930337d0991ce53403a8225736cb74a62cf57ad5417bc5cbe85a11ee2b97bb16a850d67a3892e0e4418b58fdd9132db0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf2e15405945f7ce36bb673edee9ca14

SHA1
1d24cfcbcadf8ecb2002733abd984afcce04b7fd

SHA256
3a129dbac605223cb343ea7f739af5931dabe7d4858f2fa003726e029c942510

SHA512
2f481c9129132c01dd2ed80f04d8e241ef57988616a6578b2ee6b324e111ca240ff42c198d4f857130eb1c47df8dafc1d3397295e4d0e75c4a280e530d8646ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20ec348f3a926ff3ac656d583dca617b

SHA1
d4c6133fb8eff30a53434c6be7b1a7ff669f3217

SHA256
e8a4da2d65ee14f974b4c7d73923040f8724cb9e6dd0d08ffff06ed75ab9178b

SHA512
3d6ddb8dff08f169ce003cf9f33d691fe5a76024f7456e5154f12f0f42e58014b1a8c6c05f137cddc4b17ff57dfd1c02e31602777fdb50ad9e8770d7fe1ef67b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af89d4a4cb762497fbcba5a446583b4e

SHA1
60ea7320e9e2ba8769ba7232dbc4b7826e71ff46

SHA256
170875e93990ff7f3b9bd326b0eba1c6b30def531e7cbbdfef6b9c1c2bf363ee

SHA512
4a149212a3842e727dc2363f91f020f1f9dbb71f7b645ad53b56ace7d6dc0eb665846e6e8e8c9f6b5ff42a74f3e52bf68cd2d16ddf38b43836a4c474f2854485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc67c1abb8db8b6b272bd7c58f75b619

SHA1
fd6f725d64c5aa4d945bc5c6ab7dfaf583c91d39

SHA256
eee9d85c207a66d380d86caec884738856c0f6281cd72a3b9482068dcd039d80

SHA512
9a49fcaac4f149b228a153dfb52c057c39528859b3e384c30ac36127c2166e61a05614dc8485e7d79826af3c753a450b3e83b182e69d66d3161a14755d5844c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5041ba02caecfbcfac4abe4056c040b5

SHA1
ea05f64b1f2dfffdd528ee49b0a9aba98de14d4c

SHA256
303614ee182035d0e41a8a6ad3a4ee50dc1d250b4102f7d47dcee872a7382be7

SHA512
6959ddc7fa44ef6e3e5e37c22f18d6041bd6a6e31519b7efe069826e8425cfe4bcc4795f302f0f80c8673364aaf808db676da0d7e9a22f47910e468f8be8636d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccb16a1e7911cc527406c08ffb5c02dd

SHA1
eab15b5041ff8b167502eb1e78131c1b96a7be9c

SHA256
af17e483ae769612c3a402ec4319dc64cad74a27abc0f58b54e5ec6cf18e8076

SHA512
bd296aaee88d81a060ca10153338df63e7a86e6397281b4e8ea52b4312d2749512f2edd3fba9c76c2745910307eb1599ab894ad61008a72fbedc6bdef7ae4444

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF569.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF5DA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit