6dc75e6154836f4b4f88166a81aa2e81d1ab83815aefd0e089082d16911b8d1e

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/IntegratedOffer-Truste.html
Size

9KB
MD5

5951e0e6dce014feb870dbd45ffd301b
SHA1

f34ef36abf7004a8646e5e7e468ff21cab5730bc
SHA256

38cc5d151c99170fea208df9e9184c67e31486788e44194e01234f98948247e8
SHA512

0a37624751e09cc25f924e622f53f1e32624669045ad20d43f592a660e878f5b8cf42c400371f99ef2dda069152873439db7dbf3ef20881afa08ec241b0a39fd
SSDEEP

96:dsEkV5dynO/34r5kGk1wqJqQ149JOnQlVewEe399xkEEl93s5SzZCBskp:v65InW34kGka874OqnHrxbEl93fMBN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F2DC0C1-8648-11EF-8BDE-523A95B0E536} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b3b533551adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000006de2a3bd29d964ec2805be83dc6870ab7b87b148f5530ad87928dd8210fa5e37000000000e8000000002000020000000bfc7319f40fedcfcd7cc880744599703ce5c55238374a6abda434b87867d06362000000084f2862bdbbbd9e2c672c592314d8d3015d2778aa4b36851e57de461e2f64c5740000000d5a6585f2151afa4f1af37d16881b2c6986a798c4033fcf8a1dccc9f6a0d0cc3421f68d429cb56f535860a8c3b438867fe5c9cb6d6266aa94eb131588bf23ad5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000007094a88cbad857237548bef9226361132a6def64bc8b214fd0439f6828598ef4000000000e8000000002000020000000eb86c6e91fdcca5cd920919f61641d1c22d3dbb4fdbaccd159f7a36a989c7c91900000007e2cd7a0b4bcfcacac87fad6c96928613ad5ec83d831ecb0132b89f65e739b4ea336280b3f3645bc0e765531eccf8f7fce626f64ddf57162c1f3632b9fdd581598db7b26806733075b1570867f4b12b9a0b54158f7357919a8f79666220a6014cf89d22db1fc1bb288d3f01b811e4021be2d85a7a852ab82f6bec6a607bfd5cfc7d193ffff39595cc33e5dad3ae32e3040000000cb89018ede0c81c195e66f5910deb2bd5c35d70026e2fc33c80d19aaec45b0712176d9e8c8f5181a3b53e649afb1924d99b88a16b20eddca02149421302531fe	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434644954"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2844	iexplore.exe
2844	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2984	2844	iexplore.exe	30
PID 2844 wrote to memory of 2984	2844	iexplore.exe	30
PID 2844 wrote to memory of 2984	2844	iexplore.exe	30
PID 2844 wrote to memory of 2984	2844	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\IntegratedOffer-Truste.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
300aa6b3d2d4960da7fe8611bb5d29e2

SHA1
861d9761dabe44dc6d1eef7c0dbadb9e6bd2e5f9

SHA256
bd7d50fb790620a61a338822a849cb7a1577f9dde89331da9171ef032a7847ba

SHA512
05667d008b292f484ca466e2221100c9d4693636f6be38e97ee3537e217fbe76021845781dc3a07da16bf5f5d1d79ae85c7694331f342d318fc25c3edde300bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96c2d3d4f75cfe09bb5d9f458558e229

SHA1
2c3dfa3face7301a6a829f80b26e68cd9b9ddb3d

SHA256
58494e58724cc76bd24421518420ce927e5a5bee9c361a6df51504811f900af1

SHA512
75874ac973f6dd2f3d016c8a0e6c4bc9bea8d84f34b9b8010fd9e34490ce94f43b24ab8257f40737f1d55ea03ce5cf05dd9e4c3426aeb6330f172bb4f3f7615c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
090c9eb19856a1a140ecdfdf624d8491

SHA1
f25fc074a69fbb45d03b15260f1eff6866a6c9c6

SHA256
0d3be8d9c25c2323874c362710181b07c52fe18cb92527874cd9519396d3d42f

SHA512
81c8cebe4548364740cc5daf0603633496b983339568f0c6f8fc85fde285aab9f4105100accc304bc8cb76ed962ff6501676b5095a4e1b5e1e7ee488888f939f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d72e990a3d3e33a7f3d6add1e8e400e1

SHA1
8bc8fc05deaa03bbcbd7913930736480c56d4473

SHA256
b6c3f3a60a61a713f087d956035e68aa6ee659f0782053687641ab2f0d069961

SHA512
060ed74ad9e0948c25f8d7808d9d603910f968fe850da12043b977609358ec67f3e60c9972523aeacc0b78fb72aef99ae7a697fe16894e4027e00f629ff35811

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02a4c54beaae8fd212b7b2d55323927f

SHA1
5251099f9fbf1f465767fd5315fdc6dbaf581428

SHA256
5af2b974b945b8bc1d118f4bb08c373845bd21ba0d87657205dfee7dd60da20b

SHA512
2c98e5d3c64ecc63926fb16617d14ed4a93230796817a0aa7bef99c1f9d62e7a276b36ad18694abba644d6cc2ec559ee0f058e9d09c86c5c925b704a7dbfe31e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12a38f9d8b80124aa2b3ef0161ea781d

SHA1
34bda048006584f4d43cc468b0004a0512e238e6

SHA256
bb63859bdde66323bf46844e58c8f9eb582e3a981bbfaeb2d96b4172f49f1fa4

SHA512
ffea40f57f1762dda2bc1e9cb4b665443d32a10325f83165376ae3f45166519f0d33d12dc44a15689c3f11730bbdc88bdf8730ce36fd8645fcedbdbafece68f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1583ba0ef3abf02e7b7aa4159393432

SHA1
de821de18f894b3ddb685743d6c90366d8c78761

SHA256
b76762947733021ebc6f7b47a7e47fd39a0fc4802a95b2b0894656e819cbc2a3

SHA512
b60b51e6fa9eb891fe338a7f5945fd75961e47f9f72c6f809f5e11834fcd5a0be2d352461316d14b9ee145df34eca415d20cee572e60e148247173d02b659666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c098c9feb2fc38c9d9d3e9319418d177

SHA1
91c8ad301b1a6cc0aa1536b81d69261122a92dc3

SHA256
597904dd2d42c381e49f97492ee8bb7d2fd4ee8b007f3a0c12ade7f37889ebd8

SHA512
7978bbbed7fbf3f3537be7f81e93ef6473a74f62316ec18e224a295b9465083bc818cdffe87919c7ee7e60126fa6a3c9f921ed3e78b69f1c52129748c99ee612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea26f2a6322f60cb4054a0fdf20301b5

SHA1
9971cf65378cc07b53bf46eb9b9743a52cdf157c

SHA256
0a19c1b212d6dbdd4bcab01df45a03b28f8acca93cc2c3fdd8568889052f997f

SHA512
357a4a81846ff002c635cc93e5e521482b4d758c8470c9b9617b14e435814acc173ea399969635c05b8f1cbf76f019a18a8b0f8d8aca717230c551c54a642b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
042a33f0a595e90b33908ab9c518a02a

SHA1
e82f7ddf191f132075b87073db19c1406b66503a

SHA256
3f53be3fed38b2dbb862c70f8ba089da0b694e102b4bfca0c2db72a4bf05bd3a

SHA512
ac4ebc22ad5503d8acf75a1792d94d030b068c553c62a256192c94473e5e6e7244ece996de12ab554856aa841e53f9515c2623d9da5b6f8d4a48b2e52862bed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cde0867a9551dcf9c47783c15f927d35

SHA1
f9a29dcb4ebadb9832afbbed884fc606683fe90f

SHA256
8758ee68dced400eff6f0602b3a989090534b97610a3870ed6235ba687537fa0

SHA512
6dade856dd3bd4ee7544aeb691b90c003373bea6b044e544289be4d0df4201fc07b28135a3f78086947dfbb66b57e48cf3097ba1814f09736f237827508a39a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63ead69624dcfffc7c1e4f05af2ac604

SHA1
947e9bfccc4e1412a3bb3d315270bd0681ee6032

SHA256
43f3f4dc8daa88cff46b36d8099d846e5ad345c90216f1dd494aa9ec0aa356fc

SHA512
0f2f2b6bf3ff9d0210a1a7ac70cf530d85a9b478f27897fb4ca7a944b8e1d2a8626612d2aeb0d2d85fcde092f0cc8d651bec80c3bf48404812d0cf4cd14e578d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0193080cb28e911bb147e77a844ac45

SHA1
6ad51614687c29112a48a6ee2545549105d11451

SHA256
538308c9f292e00f1642db9526db06c2bbbb517c05becf6e65abd37d721c32c5

SHA512
5462277e8a66ac700d1d8871d8d89f379b182d1b771967e16e2d4fdd5c45ee333972585256d4c22a4e1d4d74ad34d948dd9438d9c2182dd718378bf02ce1b3c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6211ec968785737287952a74b6243f40

SHA1
0d1af044efabe7b008a6d16d5e139e3a8c28a68d

SHA256
c5bd5b94f8689ba29ab2a275bab214db4cd145e58bec76b4ac927dccb3503f69

SHA512
91a5c31c42a9cd939377848ca6ee4a5fd62b995565919487b0efe3539d000c8835abd24a2736f619e90542df105a2f5879378063141b5641ca3af0489bbdc8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59b20633c86c3b9ebc615ffbdec4f0cf

SHA1
ed6266ab1fa6a3d6d88c6c419427ac7dcd670d44

SHA256
bf7a645f426b6a67d09498fd7e7cd29808b04ab86de9fce9e484f4eb1e7f8681

SHA512
e57337faaa6df377abb576bb36b2c3de26adcd0e6557febe1b5ffe746ceeab1f006f8ac64d2d68994c7afb0cda8124fcc8184b8e7f6221eb6e9c70a57ff6493a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6361a1b008782ea728e437524b0e8f3

SHA1
b684898ddd2f8631f7a56815a5656eab401598cf

SHA256
8d830d159c63e0882c3baa67ea66e7f13ea73dbf9c190e450e30c0bdb1eeedd9

SHA512
9a6fdda2d32f46bda3a0916497d191c2250e0111b6e520c26bcbcbc4291a9cd38a433f78d882fd4a6c6d70d1bbb0d8cea2f1ec85c37d343701e34d82805f9c9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50dce396fd6f93b37e48138c82a32964

SHA1
ee7a698800197347b833184d95f55b9d5e2918e9

SHA256
cb4d6d439d3df8898c86f1423b404f7970f48d5621856accde1140602078c315

SHA512
82381e557345e1fcbe425fa544fbe836b93380105f97830f472ca7d54496a1afc267e2a8abbfb26b48219e02506ca8deccf68762901216603df740fd0c09ac76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8356.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar83B7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit