6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3

Analysis

max time kernel
134s
max time network
140s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.2MB
MD5

27206d29e7a2d80ee16f7f02ee89fb0f
SHA1

3cf857751158907166f87ed03f74b40621e883ef
SHA256

2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512

390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2
SSDEEP

12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8040fdc80d39db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438022766"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4596101-A500-11EF-9B6B-D681211CE335} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059e54091080c644ba50ee82e46a74dc000000000020000000000106600000001000020000000e460bc02f19eb6945576ca32da1db879110999d1c5bc985f7efb1abe0455511d000000000e80000000020000200000001fd28ffc291292b693f73edb32677242efc78e06c5d6604397c9e1fe4680950820000000582e2c794d287697ba0a45cf94cefecbc8b820c68e06ba7b88029a0a7bba926d40000000448468574aa96083dff58c410266cb9619c7a3c50a1d1cd58d3e710c0203d6324ea65ca013daf1df9546459c5b9586e6bc7ec479b2d82848e532530a52597cc0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059e54091080c644ba50ee82e46a74dc00000000002000000000010660000000100002000000005737126ba444ac193965fd1d02d53f58fa35251a752d3563971f0993ccf9b3f000000000e8000000002000020000000bb1c4135ace8056e0188cb1f49d2eeae1712c4abea8f9b8abbfc7762ec4e8fd390000000abc3fe47e75bb010961f1c6f39569861a095bc704d253785777bbc97db41954901193baa8ac9c3619b1594f2184621fb6215b70adfcc1a28ccb7e00ddaf17f678597ab988b05513e5aaef773605b7e390e8d278d20c0fc1608223fba2d7af76d3d86eb6084bd2779082e397dac7b967d53e0f0ac30169be117a04a8e13685816f114baf04bce4ca9de63ac95efcaebee40000000efdbfc672f76f656c84992f8cd42e73f84aebba9216d5214f7616b3f8062eb579a56619d2ca50369f2d5c600b765d3d56f70adcd10503c31badaba6d7bbac853	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2324	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2324	iexplore.exe
2324	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2804	2324	iexplore.exe	29
PID 2324 wrote to memory of 2804	2324	iexplore.exe	29
PID 2324 wrote to memory of 2804	2324	iexplore.exe	29
PID 2324 wrote to memory of 2804	2324	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52926df8468271bbf2343b4efdafdbbc

SHA1
0881b7228b1fe248f2737b0627c18d92948896c6

SHA256
3313942c217d4da70edcce20fa83779eee5f863263c491b6730bdba3344b5543

SHA512
8095fd889fcd3ec2f862cd3cfa3151d17f0d2a4ffd332bbd00943650853341e845b5a8ac392bc5831ca3182b99070d43ced6dfd6eeb79d733bd18673cdb310d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55621210d776b542113f59a159c398fe

SHA1
f1d03fc23f9af7152f1a5f89d3eed920fa8c92e4

SHA256
2757c0fa77ad53a62a348d702a8fb66cec0e4500a3e44141d44391b93efcad0b

SHA512
5fad9190bb437bccc0f5eed8bf533106b06caa3f921de3e5eb6b0e72910ce0bcc3dfa9c93b5636c70ea9afce042d6931e4e63023bbf0afe95c206780724b1e9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0d669a45c9ce15b263fc9e228cc3c2f

SHA1
8ca82b6bf6d3efd583cfe419db4cc758b1b479e3

SHA256
c9acbdc3dfe2604b31d5c7152d523262f218e01d2c6591b9c127f79bbed7ab5b

SHA512
6808bfc603bb94d528b458e489ebee773e9d427d4d675ea3e712e12af70130e1e869253b5935d7ede0ff94d316bae2acaebb32afed2560b4623ae4c326e30ab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f65686c4a554fb24357bc3d94d0230cc

SHA1
a12b457973a0d2c9493157e692d60289b69a1e48

SHA256
fc216139f03e0e3ab18fe4faa5e58ad73f924bf1ab5c7a678bffaa270eaea2ad

SHA512
6089bdfb86e28e755cf6120e17135f8a65a92cd29e41ff7ef5127dd3c54551c65f48a43846c34daa6fcf8a23aeeb175cbdbbdbd864042336e7512edb05200602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d262d7ab22d38dcefb1ebdc528a26c22

SHA1
3941b2eba6ee874f10f397f5e969177ac7befb5c

SHA256
49db40028e2ce21c05f0eb03910b4574e626a7f66357210ddee1b87fff3ea939

SHA512
2aada2aed6d18cb96f8f4a7e45c785e28942ca190bcf8bf2872ed91d3ddacd06127bb5b616de8a7b3a6b87bab59cfcc8dce28530d7cac717d9fef5a034b6745f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72cea3f137e8ba1d07e7063dc15ed5bf

SHA1
19e62281679be89457c95bff179674f886c598b4

SHA256
92ced9f55a9d977f9e2c791ae4028172cf91d932bd22cbb148668e6f9304a80d

SHA512
b712ea173dbd72efcca08f58284d83145d5e494d14a1b066427e935b176478e092feb12e637e5966e128743f6d31f2dc142b54699477fbfbf2c1d3e774bad4a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2c61a03ed1545e3bce1d10f8e72b325

SHA1
b7aa787fab5c30b8901b502b40ef8f92074e755f

SHA256
77d62ed0da0f0603cfa9c9cd3c41d67deb0bb4313a220bb57504f23b438dd344

SHA512
8bbda7e526dad5fd96f639a9d8495c55b39955aaa8f74e1db8cd98b80c386557702216bb921afeb0fa0a681e9a866014874aef22d70dd9c25476e98c632b9570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5313c60e1a6aca2eb0a9f00f74815b96

SHA1
0cddebcf63d17d4b8a4dc3284f3928d2a6cb5d85

SHA256
031c8d333530d70d79ea22f23025f13f1930fc01298bce6efb356ea7c395d4ca

SHA512
a2c0acf1f18c2e018fd95f68cde02f8469be8d02e218d68ae1ae43d866ff4456e5ebab9ffd4bdef4f29aecfc9269b1c673c6746915ef0ba9cf4e6cbf828a4233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bd7ea35d266fd9acf0f99c45ce17a93

SHA1
a8a00d89ed2aedb939787864a29eaee0469cfb7f

SHA256
c9ade91675b4c25a6fc1f87114d0a4076cbd9c87269e719d0d2e97f8c3973ebf

SHA512
60ccbdc4ed123e642379b04e3e701e3c6c39687297a8df8fa998adf1b6a541e94d7b7b2e4e37a0b7fe0662231c41f201deee5461275d74df5b9229dc0eb6e76b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c5b47493ec533c5e2a5578834b15daa

SHA1
ab1b1d8035b4c6f1573cb10ee572db3b9f3cb5ba

SHA256
bb489f9daacca640f29a7d992fa29834a7ba941a77c0aed00e960682fc76a217

SHA512
91e211108a6130beae931f38e9d2feeb74a017683227814d13324961f3d28da9e20d5dc753bda121a653d6da8cedb370900bfadfa17f7e67c8f2a36e6cbd463a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ca24ff0eb1d7587da6a3e424d2dc942

SHA1
35a6cf6b6243c066d42e3ff959f7f24b373e4591

SHA256
31e26d45aac952fce7a82135a09eb9ddc4037c13bdb24468cc89cb7625d06ba0

SHA512
d9d08fa5a2f8a07fcb2c2447879f21905d5d3996cf7b2cf6ee972a74b464de3e643a5d2f7fc43b958c17bd7871578e6924f0669189a7c0fd0c4f96a66b90b244

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af36010c090e0a9b984069b5fe49a0ec

SHA1
c5530ebe09a0453c7baa2d90a1da8a568ec82579

SHA256
071443645c5967eb41099d7f16d3ef66d58c781ce785296f3436a9e5564738cb

SHA512
f93fbcf761dd4fe13ef381b0d83e39b8993c6ef95e78506724ecf28c0bf853f94b8d7966047d885b71603069916d460b5d39d089a75c4f21e33b32760b936a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea8335f3ec2c2b86911e68cc95d13630

SHA1
c30d34a2f0a2cb5b5c70c5c669d9e178e78ec532

SHA256
52f9c91c7728f138124041650cc0259b845c8d4591333f50e0ffd1f5a90002ed

SHA512
69c84c63ebfff294d5b3173e97beaf3bd839d17fdcbbfe0e9c84c1f45cd12a6bf28c2c44e60edf1c8929a168066764a4ebb38275145b5676512f0149349d62bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29bca39364ffb9835cd27c4bbeba684a

SHA1
5e7b5f9248675179218caec7019f00f54ee4284d

SHA256
fd99e21f8ae32877fd44ae2d98d468e93cbf88cfb461ca20670d04f8807e0a94

SHA512
236bb452ad4920c1f4830a4e77e3b9a3e5d11371a2b143689599258ef564c2db16e9be317f9fb754bb09b142ff8bb788a93e237a564756827a64d36b13555d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56a517faefeb2d9a1c673e10b64234b3

SHA1
e80b72f8209d0110a272d117876d4881daf7efc4

SHA256
6f576b064d21d5511e314ce9e7036226b873928753a525a3bccbcd1c75d70625

SHA512
a53002ba05b1d4bc83ef8018241b750cfe8ff2c45291b7cd86e3684225cd32de344f50211d59171b1bbc62cf391a5fb33d7489d06c48d0c3c3e044a832dcc481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
682484fa31d5b40fcc75b5b582525677

SHA1
5080e3bdc975e94c990585b737326080a84d29fa

SHA256
ea1e27b3547a40a3264e5098d75199fc5475c4fca374a1626705bb37f280e497

SHA512
e8f42af04ed58b88541c587f69b5cfa3783d6a99c2aa1e8cd8b0890f6b953f0184b38f9cf5e2844968d49e525a8233b1aa31b452f73521f3dc2f8f9f0e0d4ea3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dbf0d2357a2350961f43d0186b5b65b

SHA1
e2b08545a7aba9719f08904a1e5ffe05179710a6

SHA256
5e837d46f2876346b43b8f4411866519282f170816932d1795fcbb994866e9b3

SHA512
3f697db1640eba33deb93ca755420a11130ea32f5aa7acf51affeb6f1c6f2fc78a276eb7ed08337ebd585078c5d6237089f2500e1b3bb5a00eba5f33bdf4aa25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7E07.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E79.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit