0e1f1bbc7bd4393109e4c6fdd13fc422d207587dbc6ced83d30dcc9f92c2b497

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

heylone-template/features.html
Size

29KB
MD5

d8ffbcacd032a54e04aa85cce987f9dd
SHA1

2b3a6372e84515f058c0c6221fe5e58501b7582f
SHA256

03e14e68f3d08ef562c4672472d8a726a1abdad269ef1cca4e2c4312072bbc2d
SHA512

4019fb2407e44867761c9c8efcec35d6031c37b288ee7fb50299f49ef5395961f315409b01e8d0584116b6a08de8b8310b044e81b2ae715b0d70261cf877db68
SSDEEP

384:m7wtUGdSSa2yp7s18aOAPYz1D1ZSOmCi6exwIc:mEUzJRp7y1Ci6exwF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC298CB1-9973-11EF-9204-FE6EB537C9A6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106976b2802ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000005939d14fe4343123fd1497cb5e1d2b2b15bba3ac2557e356bce4db297b53d423000000000e80000000020000200000000e5da1f74b05bf7e154d7499f25c05883bba79dbac5da7dc10eb8fd3a01f5b87900000001aad55df2f83344a11397ef07bb67f632a34c0a64fc840ad19e795a39c2451f8355533b812f58b9cdd91299027fe019d40f9475c9b0d7e753c97adc4d1aa1fcb5638641bae5e0d5f802b58b70453ccd3845470cc1ed48d1db2a1ed791ff8175cda0f8cd4d92f8808723a38953d1d6d36aeefc2c1a3c6a2be84cfa19bfa0b9d028661c848f3c0f68b3dfac470ddeea3554000000099d7767167f97b8786f97d18577c29e2196b099637bb8ac8f9147e71204388378407f1c7631be023d7b3766491a2f4fa9d7c4bacd0b1606ee8ec979513d87c61	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000006d1b0d5b096cda288628ff163e15d6b760aa75a5aec46013af279626356738c1000000000e8000000002000020000000d15633ab28063268a62de2e96f3e77e54c734cb07fad93a35a9d36ede7b45e4120000000186c7c66263f78307e340cc30b197d9d80a354ec51dab7cecb7ecf3f6c66021e400000003a5d68a528922a60441530d7fa2ccaff75481ea0572a77cb4e7ebb87504cefb8fe502e0b0ba56bf9a0defe3d3b2b6f2a394c435238c9dd9195dad1b17517cf7c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436752704"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1868	iexplore.exe
1868	iexplore.exe
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE
2216	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2216	1868	iexplore.exe	31
PID 1868 wrote to memory of 2216	1868	iexplore.exe	31
PID 1868 wrote to memory of 2216	1868	iexplore.exe	31
PID 1868 wrote to memory of 2216	1868	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\heylone-template\features.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3be99caa4e0f7e94fc7df30c3ff26bde

SHA1
7dbe1c477924df5574b91509034adea54ecffea6

SHA256
0b212640d5f853e4368b0ff9c58c028bcb4fd817911bd121d4b535a2bc50b70e

SHA512
575d8b160d7c02af9c470fc3d6a98673af603d26444a36ae6d98fef51ce21e2efdb87f351ea20b05e4679db3550c2783f33e45f4ffe838df6f325b5a289e8736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b718e2d90dd13a3b0b50389ccb9c64ed

SHA1
bc7dcbdb04fed123f83c399b2591aa03945b1b73

SHA256
08027fc3b7a0ad954f343886c9b5044a915a7e97875d08e62f2512e58903ca2f

SHA512
90a8e10527f610d7e30bd2e4b84c4184c366846c30957486d96033dc534dd1efa3ae9aa5510b79492b0f018d5ae96bf1345c56997255b2096b932c0ee6903173

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
709984c2f09423d0d9517e4e989bd97d

SHA1
d7eb45a016e96f4c8142408ff4adab1f95e966c3

SHA256
2624e38f2f982f8deb260cf0ba3e2c5efeb7e825e122b771e5020970f86009bf

SHA512
773b45c41079d98408470e911f8051ce1601a0c43e64c0f08549d71b1f431dab6f5286e173d06d6f133ddf26695ca47eeceb6b4af6a56934dc6d7fc8c69f4a91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d74d95b0e3370fb8b8c2cc98407ba60

SHA1
20ebf53661982804f60725d4a75eb8d804e0559e

SHA256
e502468a50fe739267fce6ceeb2e08a3061e71ab9650b6ef45e800e6c2e153f5

SHA512
61772fab1d15d0d2efea5c0834260fa92197cd69e5fb6de3875da44a606c38000edea9204d7f3eabaf2aac0d0939c4571d2f7161ef795bff78611912b5a2fe43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59c23bf241d75e11d58724d94cfb87be

SHA1
7939be7c7461d23c8f7220823ce3a9bc9843f1f4

SHA256
56e1b3069752f370ac78b528d9c72955003eff16042cf1d4691fd90c8ef48147

SHA512
3077d042f3fd81505941f7339bb298d782d63e4871239ba7062cd1fccb5c1ddaf5ff8db07f8584cf08327e2b3e6a8030c18026f745ec3b778cc53127a580b0d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d99e719969277156b7cb24940e004c0

SHA1
1ff101f789c7ee11e16e4d45b95347c84398908e

SHA256
7b267adf1b229a1b9804e22b32511583e283aec6c58ee3833573c1254ba6458b

SHA512
51c5c590545c7de515de6bdc9bce278c17febcada9fce3be411e569c6a80032dbb6d389e2f311e8e1dbf056e050f02f7d5a9021bad3abba38c49e9dda4c0b521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9e6dcf8240d1a6ff4fb3986b4c8226c

SHA1
74ee5d84f880b3c2fbaccaa3b65c9cfbe8fc37f4

SHA256
058b18c66d00a20f27bf7716c603efa2b804f86d97fe289ce9c6ff4d7ac23996

SHA512
947a45cc8a09215b89bb616527b911ad39a08fc9f26e10cc0cc5701e55aa1324beba8ad99187251f2db297197140d332e47c385e3dfb153496e30855d8ebb7cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6a0d594adb7cc1f623d92b38843851c

SHA1
9f241792766aaf4683fc33ffe75359b9dce8af08

SHA256
4914e83171741875c4f112452ff9e56deade6e5458ec92b7466f5331ba73156e

SHA512
dd7715e7bf92c8316188b23703b3ce790c4747269bd12b202f7abc144f5258ddd1032d11e573572040e510d8fdcd2ec5561478eb96d561f6379f5194371fd892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eda817a7702f978f9bab0e7d03702f19

SHA1
ae79515c79857aeeecad98deb453baa885cfe978

SHA256
00032862c9d8f40a9e281bbab160ca0d8ee416394a1414ff1c2f5da13a9ec6b8

SHA512
b7675460c9d8a68d35e3e14078fa21850cb81d8226499363e6ca106f2cf5b2e4875f30b4a7fbe8ea919117a9edf7b9424a09896f77ab3dab66c3570bbe61bd1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08229c2462d01c13e5a92b2d1a8b4dbd

SHA1
ab30dc4f279e0bfa5c173ec8e9258c711d8ca330

SHA256
5b0beb8d46f624adb3ae29f2c66afc6b67b8dbe2b7e5d2928ecaf40fa25dd85b

SHA512
8004f7452aa4174099b842b48ce49dcc0d5d3b56cd8cbd9e31cad0ed794854a4d0f8c06d07a7927e8973dc249b11ac5529d8bc3b9d9ec49d531f340a5ee95d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4c76754e8f5e9891ba98da81b60e975

SHA1
11481ffe92e54ef9ce87590fc416d1fb7324a03c

SHA256
f3568a5aa977603384143614c02fb759d97e2d5239bae1b4868e4a81394684a4

SHA512
a10b2373144e248addc91bc0399ef0b4e4f357c4ee09ba66f30db6f3ccdaafaa9d87903d27850b1c0641ab0311d014f3a58cb0ae476ae96215decbbf0fe981f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d0eef9bdee8a25700889471e23f4f99

SHA1
ab178fb25093b473185f3f90f98e174aefa6e8e9

SHA256
ccad33ff7117f9ad3c91044c05e8be54f1fe5294ec45229734657cdb4ab89e0f

SHA512
97f82a02ba80a379b92f2b5c5d5dc77068b240ad5d09c91ec97813e1f558d048254da050903ed72a616e82e46ac897b1fea2864eb4046a8d0cedee35c73145b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c3aa31ea8adfffc11bd852c6993e157

SHA1
1d47e71024e169bde2139162d2bce9311084168c

SHA256
ea9d305615d39fe95c598051ef49706ef2d370811b0fbf83fa2e1e56b3e41063

SHA512
1b0da7dbf64bf6bdf2cf5ce7d8a09bdd2c8d3f526ec16b234e50952ea53178da85cad34094812dafdd3ffd79f18d25890b2adceed9578f8f0ef52612f8347eeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c5e23dd8b1a666a538e2e1c1e3cdf8f

SHA1
83d11391d29598d4f53fa5898b248b5a8eefdaea

SHA256
4c614a9fc743995b9e1680d24ef1d9592a8f19aab708c723556fba423c170cf2

SHA512
29f5da075501e57477949b0d671de9ad0f336c765d52455ad59db6ad048402b523cf140f8f4bb7aaaa884d0ec0f5b4ab266a9aab50282543fc0702febacb83d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6114fc86d37980df34da7789fc237e16

SHA1
cc17769c6e849611da23ac27668a0861b087fcbd

SHA256
2aff74dafdc93eb89516e22a29e2ca1b23b835be4ab71ad065b363cbe5f052d9

SHA512
ad32c319dcfca86fc295c43304b7c89c9456fe0683f3fa255bbb338c11277199e19462150d6ba92332f5190ef95093c03b9b8ffcd53666b137942e82447ad098

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b1ba4cf0d5a36f92c6cdcc846986304

SHA1
69637741ceea0a0d30498f2e65e4943d1fdc3703

SHA256
40491cd1bc0a16e34786fccb4fc8e9add4ffb7514864e1ec79278f4d3d9b4f3c

SHA512
9ddf87e6c1c7569902888cb13f071a6f6bf6d6099258b7ac3d12fcb00376bd6ecf94aa86bed5efae828efa06b0733b4c7c27bb9cc441f2270104bc1f247728c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77566ced738d48f60fed378fc3b8e19d

SHA1
3616546de4683eabdedd108698f440357f828e04

SHA256
d10ec99c271ca9ec5f6ac86d663ed35ba6e618b36c9db074ca46f8e53852bd5a

SHA512
b17efb3beb68d93db65fb20e3b5ef56c15db276fb6b4a641529b127a597fa290b215054316c388710cad006314e4ef09e0298a20cf8d1fc3638b0d2e5cdc040e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7E0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar87F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit