1436da000d683dbe690bb6443ff1ebda9344573d3ddb9b806c57afb83027c69f

Analysis

max time kernel
6s
max time network
8s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MALWARE.exe
Size

13.6MB
MD5

1f2a13959339179bf070c75ce0d6e910
SHA1

6486e01ecaf794d99c2e94235c8ddaeb796526d3
SHA256

1436da000d683dbe690bb6443ff1ebda9344573d3ddb9b806c57afb83027c69f
SHA512

00e155955da422fcab4c9abc903ee1d74451e992194333750c24bed2f90e417873de38a9e831e7d3e97e27f641d6fc92cdf97462adf6d6d90cc54eb363076eb5
SSDEEP

393216:mLunf+1Xudu7cUDToBz4nYR62FxccxO573pj1hJk2lMf:m2f+auAUkzJSBZxzk2m

Score

7^/10

spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsBoot.lnk	MALWARE.exe

Executes dropped EXE 1 IoCs

pid	Process
5068	MALWARE.exe

Loads dropped DLL 44 IoCs

pid	Process
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe
5068	MALWARE.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
4	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 5068	2332	MALWARE.exe	80
PID 2332 wrote to memory of 5068	2332	MALWARE.exe	80

C:\Users\Admin\AppData\Local\Temp\MALWARE.exe
"C:\Users\Admin\AppData\Local\Temp\MALWARE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\MALWARE.exe
  C:\Users\Admin\AppData\Local\Temp\MALWARE.exe
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ocb.pyd

Filesize
17KB

MD5
78aef441c9152a17dd4dc40c7cc9df69

SHA1
6bb6f8426afa6522e647dfc82b1b64faf3a9781f

SHA256
56e4e4b156295f1aaa22ecb5481841de2a9eb84845a16e12a7c18c7c3b05b707

SHA512
27b27e77be81b29d42359fe28531225383860bcd19a79044090c4ea58d9f98009a254bf63585979c60b3134d47b8233941abb354a291f23c8641a4961fa33107

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Util\_strxor.pyd

Filesize
10KB

MD5
f24f9356a6bdd29b9ef67509a8bc3a96

SHA1
a26946e938304b4e993872c6721eb8cc1dcbe43b

SHA256
034bb8efe3068763d32c404c178bd88099192c707a36f5351f7fdb63249c7f81

SHA512
c4d3f92d7558be1a714388c72f5992165dd7a9e1b4fa83b882536030542d93fdad9148c981f76fff7868192b301ac9256edb8c3d5ce5a1a2acac183f96c1028b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\VCRUNTIME140_1.dll

Filesize
48KB

MD5
68156f41ae9a04d89bb6625a5cd222d4

SHA1
3be29d5c53808186eba3a024be377ee6f267c983

SHA256
82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd

SHA512
f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
122KB

MD5
302ddf5f83b5887ab9c4b8cc4e40b7a6

SHA1
0aa06af65d072eb835c8d714d0f0733dc2f47e20

SHA256
8250b4c102abd1dba49fc5b52030caa93ca34e00b86cee6547cc0a7f22326807

SHA512
5ddc2488fa192d8b662771c698a63faaf109862c8a4dd0df10fb113aef839d012df58346a87178aff9a1b369f82d8ae7819cef4aad542d8bd3f91327feace596

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_Salsa20.pyd

Filesize
13KB

MD5
f19cb847e567a31fab97435536c7b783

SHA1
4c8bfe404af28c1781740e7767619a5e2d2ff2b7

SHA256
1ece1dc94471d6977dbe2ceeba3764adf0625e2203d6257f7c781c619d2a3dad

SHA512
382dc205f703fc3e1f072f17f58e321e1a65b86be7d9d6b07f24a02a156308a7fec9b1a621ba1f3428fd6bb413d14ae9ecb2a2c8dd62a7659776cffdebb6374c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_aes.pyd

Filesize
35KB

MD5
0ab25f99cdaaca6b11f2ecbe8223cad5

SHA1
7a881b3f84ef39d97a31283de6d7b7ae85c8bae6

SHA256
6ce8a60d1ab5adc186e23e3de864d7adf6bdd37e3b0c591fa910763c5c26af60

SHA512
11e89eef34398df3b144a0303e08b3a4caf41a9a8ca618c18135f561731f285f8cf821d81179c2c45f6eeb0e496d9dd3ecf6ff202a3c453c80afef8582d06c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_aesni.pyd

Filesize
15KB

MD5
b6ea675c3a35cd6400a7ecf2fb9530d1

SHA1
0e41751aa48108d7924b0a70a86031dde799d7d6

SHA256
76ef4c1759b5553550ab652b84f8e158ba8f34f29fd090393815f06a1c1dc59d

SHA512
e31fd33e1ed6d4da3957320250282cfd9eb3a64f12de4bd2dfe3410f66725164d96b27caa34c501d1a535a5a2442d5f070650fd3014b4b92624ee00f1c3f3197

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
40390f2113dc2a9d6cfae7127f6ba329

SHA1
9c886c33a20b3f76b37aa9b10a6954f3c8981772

SHA256
6ba9c910f755885e4d356c798a4dd32d2803ea4cfabb3d56165b3017d0491ae2

SHA512
617b963816838d649c212c5021d7d0c58839a85d4d33bbaf72c0ec6ecd98b609080e9e57af06fa558ff302660619be57cc974282826ab9f21ae0d80fbaa831a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_cfb.pyd

Filesize
12KB

MD5
899895c0ed6830c4c9a3328cc7df95b6

SHA1
c02f14ebda8b631195068266ba20e03210abeabc

SHA256
18d568c7be3e04f4e6026d12b09b1fa3fae50ff29ac3deaf861f3c181653e691

SHA512
0b4c50e40af92bc9589668e13df417244274f46f5a66e1fc7d1d59bc281969ba319305becea119385f01cc4603439e4b37afa2cf90645425210848a02839e3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_ctr.pyd

Filesize
14KB

MD5
c4c525b081f8a0927091178f5f2ee103

SHA1
a1f17b5ea430ade174d02ecc0b3cb79dbf619900

SHA256
4d86a90b2e20cde099d6122c49a72bae081f60eb2eea0f76e740be6c41da6749

SHA512
7c06e3e6261427bc6e654b2b53518c7eaa5f860a47ae8e80dc3f8f0fed91e122cb2d4632188dc44123fb759749b5425f426cd1153a8f84485ef0491002b26555

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
80bb1e0e06acaf03a0b1d4ef30d14be7

SHA1
b20cac0d2f3cd803d98a2e8a25fbf65884b0b619

SHA256
5d1c2c60c4e571b88f27d4ae7d22494bed57d5ec91939e5716afa3ea7f6871f6

SHA512
2a13ab6715b818ad62267ab51e55cd54714aebf21ec9ea61c2aefd56017dc84a6b360d024f8682a2e105582b9c5fe892ecebd2bef8a492279b19ffd84bc83fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Cipher\_raw_ofb.pyd

Filesize
11KB

MD5
19e0abf76b274c12ff624a16713f4999

SHA1
a4b370f556b925f7126bf87f70263d1705c3a0db

SHA256
d9fda05ae16c5387ab46dc728c6edce6a3d0a9e1abdd7acb8b32fc2a17be6f13

SHA512
d03033ea5cf37641fbd802ebeb5019caef33c9a78e01519fea88f87e773dca92c80b74ba80429b530694dad0bfa3f043a7104234c7c961e18d48019d90277c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Hash\_BLAKE2s.pyd

Filesize
13KB

MD5
d54feb9a270b212b0ccb1937c660678a

SHA1
224259e5b684c7ac8d79464e51503d302390c5c9

SHA256
032b83f1003a796465255d9b246050a196488bac1260f628913e536314afded4

SHA512
29955a6569ca6d039b35bb40c56aeeb75fc765600525d0b469f72c97945970a428951bab4af9cd21b3161d5bba932f853778e2674ca83b14f7aba009fa53566f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Hash\_SHA1.pyd

Filesize
17KB

MD5
556e6d0e5f8e4da74c2780481105d543

SHA1
7a49cdef738e9fe9cd6cd62b0f74ead1a1774a33

SHA256
247b0885cf83375211861f37b6dd1376aed5131d621ee0137a60fe7910e40f8b

SHA512
28fa0ce6bdbcc5e95b80aadc284c12658ef0c2be63421af5627776a55050ee0ea0345e30a15b744fc2b2f5b1b1bbb61e4881f27f6e3e863ebaaeed1073f4cda1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Hash\_SHA256.pyd

Filesize
21KB

MD5
cde035b8ab3d046b1ce37eee7ee91fa0

SHA1
4298b62ed67c8d4f731d1b33e68d7dc9a58487ff

SHA256
16bea322d994a553b293a724b57293d57da62bc7eaf41f287956b306c13fd972

SHA512
c44fdee5a210459ce4557351e56b2d357fd4937f8ec8eaceab842fee29761f66c2262fcbaac837f39c859c67fa0e23d13e0f60b3ae59be29eb9d8abab0a572bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Hash\_ghash_clmul.pyd

Filesize
12KB

MD5
5f057a380bacba4ef59c0611549c0e02

SHA1
4b758d18372d71f0aa38075f073722a55b897f71

SHA256
bcb14dac6c87c24269d3e60c46b49effb1360f714c353318f5bbaa48c79ec290

SHA512
e1c99e224745b86ee55822c1dbcb4555a11ec31b72d87b46514917eb61e0258a1c6d38c4f592969c17eb4f0f74da04bceca31cf1622720e95f0f20e9631792e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Hash\_ghash_portable.pyd

Filesize
13KB

MD5
49bca1b7df076d1a550ee1b7ed3bd997

SHA1
47609c7102f5b1bca16c6bad4ae22ce0b8aee9e9

SHA256
49e15461dcb76690139e71e9359f7fcf92269dcca78e3bfe9acb90c6271080b2

SHA512
8574d7fa133b72a4a8d1d7d9fdb61053bc88c2d238b7ac7d519be19972b658c44ea1de433885e3206927c75dd5d1028f74999e048ab73189585b87630f865466

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Protocol\_scrypt.pyd

Filesize
12KB

MD5
3b1ce70b0193b02c437678f13a335932

SHA1
063bfd5a32441ed883409aad17285ce405977d1f

SHA256
eb2950b6a2185e87c5318b55132dfe5774a5a579259ab50a7935a7fb143ea7b1

SHA512
0e02187f17dfcfd323f2f0e62fbfe35f326dcf9f119fc8b15066afaeee4eb7078184bc85d571b555e9e67a2dd909ec12d8a67e3d075e9b1283813ef274e05c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\Crypto\Util\_cpuid_c.pyd

Filesize
10KB

MD5
44b930b89ce905db4716a548c3db8dee

SHA1
948cbff12a243c8d17a7acd3c632ee232df0f0ed

SHA256
921c2d55179c0968535b20e9fd7af55ad29f4ce4cf87a90fe258c257e2673aa5

SHA512
79df755be8b01d576557a4cb3f3200e5ee1ede21809047abb9ff8d578c535ac1ea0277eda97109839a7607af043019f2c297e767441c7e11f81fdc87fd1b6efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\MALWARE.exe

Filesize
16.1MB

MD5
4aedf7d58b8a7154764db8b977c7da3c

SHA1
c4a741acc1c682c399c8684ed82247891250592c

SHA256
92abbafc4e3842b85be93ababb7895387102c1a185e1b46dab2d28dbc3cad377

SHA512
74f04033582d9c9ec166e6a5ea29ca798d90716054dc1b95c7ac19ea2b79afc85f9501f8f6bcd089562a57bb7719e03be5802d8ba9bec0424cd6a000474b249b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\_bz2.pyd

Filesize
82KB

MD5
fe499b0a9f7f361fa705e7c81e1011fa

SHA1
cc1c98754c6dab53f5831b05b4df6635ad3f856d

SHA256
160b5218c2035cccbaab9dc4ca26d099f433dcb86dbbd96425c933dc796090df

SHA512
60520c5eb5ccc72ae2a4c0f06c8447d9e9922c5f9f1f195757362fc47651adcc1cdbfef193ae4fec7d7c1a47cf1d9756bd820be996ae145f0fbbbfba327c5742

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\_hashlib.pyd

Filesize
64KB

MD5
0abfee1db6c16e8ddaff12cd3e86475b

SHA1
b2dda9635ede4f2841912cc50cb3ae67eea89fe7

SHA256
b4cec162b985d34ab768f66e8fa41ed28dc2f273fde6670eeace1d695789b137

SHA512
0a5cae4e3442af1d62b65e8bf91e0f2a61563c2b971bbf008bfb2de0f038ee472e7bfcc88663dc503b2712e92e6a7e6a5f518ddab1fab2eb435d387b740d2d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\_lzma.pyd

Filesize
154KB

MD5
e3e7e99b3c2ea56065740b69f1a0bc12

SHA1
79fa083d6e75a18e8b1e81f612acb92d35bb2aea

SHA256
b095fa2eac97496b515031fbea5737988b18deee86a11f2784f5a551732ddc0c

SHA512
35cbc30b1ccdc4f5cc9560fc0149373ccd9399eb9297e61d52e6662bb8c56c6a7569d8cfad85aeb057c10558c9352ae086c0467f684fdcf72a137eadf563a909

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\_socket.pyd

Filesize
81KB

MD5
632336eeead53cfad22eb57f795d5657

SHA1
62f5f73d21b86cd3b73b68e5faec032618196745

SHA256
ce3090fff8575b21287df5fc69ae98806646fc302eefadf85e369ad3debad92b

SHA512
77965b45060545e210cdb044f25e5fd68d6a9150caf1cad7645dbafcf1ce8e1ccbdf8436fbdcbf5f9c293321c8916e114de30ed8897c7db72df7f8d1f98dfb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\_wmi.pyd

Filesize
37KB

MD5
fda7d7aada1d15cab2add2f4bd2e59a1

SHA1
7e61473f2ad5e061ef59105bf4255dbe7db5117a

SHA256
b0ed1c62b73b291a1b57e3d8882cc269b2fcbb1253f2947da18d9036e0c985d9

SHA512
95c2934a75507ea2d8c817da7e76ee7567ec29a52018aef195fac779b7ffb440c27722d162f8e416b6ef5d3fd0936c71a55776233293b3dd0124d51118a2b628

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\pywintypes312.dll

Filesize
133KB

MD5
da0e290ba30fe8cc1a44eeefcf090820

SHA1
d38fccd7d6f54aa73bd21f168289d7dce1a9d192

SHA256
2d1d60b996d1d5c56c24313d97e0fcda41a8bd6bf0299f6ea4eb4a1e25d490b7

SHA512
bc031d61e5772c60cbac282d05f76d81af1aa2a29a8602c2efa05fc0ce1079390999336237560b408e6539a77c732f5066c1590b7feaedb24baa9371783f2a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\select.pyd

Filesize
30KB

MD5
7e871444ca23860a25b888ee263e2eaf

SHA1
aa43c9d3abdb1aabda8379f301f8116d0674b590

SHA256
dca5e6d39c5094ce599143cb82f6d8470f0c2a4ce4443499e73f32ed13333fd0

SHA512
2e260d3123f7ca612901513b90fe40739e85248da913297d4cca3b2ebd398d9697880d148830e168e474ebfc3d30ede10668c7316ed7668f8b39da7bca59e57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\vcruntime140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133765180946187123\win32crypt.pyd

Filesize
122KB

MD5
d08d4ae87afa22e54ec4d2b6cd64c8cc

SHA1
6450e9c65b50bc2564dfe46aa6beb3b17a1b7794

SHA256
3088fba55a9200223080554c55fa0054353fdfcab4ed4ac51716e5413971b898

SHA512
cfe8dbdcaf1b24dc2e6f6d04af51d83af79f92e894e8af2ca73812919571089a62f8c3defef0eb6c0bcb87e9ebe9b62ffcc891474c5eeb1e051e370abe0412ac

Download Submit