c8ffb83fa2b36ca801b25beac68d34affcc0533e7b734f17eb0cd827ac68f951

Analysis

max time kernel
66s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

7.9MB
MD5

8303b3a19888f41062a614cd95b2e2d2
SHA1

a112ee5559c27b01e3114cf10050531cab3d98a6
SHA256

9c088caac76cf5be69e0397d76fe9397017585cffdba327692ff1b3a6c00d68f
SHA512

281b2ecc99502a050ee69e31256dec135e8cb877d1a6ba9f1c975fcfb11c062980ee6061d2368b62f91e392953ae6235dd726a9d98e6efc1302f7ed713099179
SSDEEP

24576:dbTq6T06T5kJWSIRWnBIl70mfT76y6E65606F/HXpErpem:t4scj

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA78E361-A755-11EF-A364-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000f437750b8bba357bffd94efb8651ea787de8ef7beafd5f22e753aea4526668d2000000000e80000000020000200000008a8bea8d6bd992dec943c2dab9d14288acd98dc85febef311f8bb0d26ae3993320000000b6e30a0520d72ff1a016a49d0fdcfc085afc370869cd523dc8e798a851a53b8540000000640650911c042ca76f5324f8f7065e95375301db347fa6463b277a556002c9872b369a1e52390cfe855970fcf439a4ba242021f64438a75d933f8cf7651a22e7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106554cf623bdb01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000007b177c3c5a56ea5ec6c178fc31e5d375f24a33c4509975589df8a291ef3654bb000000000e80000000020000200000006612457216c27336dc6ddae2907f62c8ea36490860b02b0bbc0b8b9be1d299e190000000fd9d5f7a2f3b833f769334eba1d53e7638007804e35ec6d59dc5049bc52b625b3dd2e91aad814b00588c0f71f8ea1a1f1127906437eb8a0069942e2434824ed81cafccf772961cf34ee55950633f951de037e5dfb2380ed66fc95587aa2ac9dd0893b5bc04484d0223d99a714408a9d46f18c5c84fbc5ac9ec87cf92d4b337f61780b487d7e1e2043be0d886cee1077e400000006c58cbe18b4225cccb3193348b2ea080c9f2239e4105a8d607a5435a1ebef3045b038fd2ba0f8fd7ca8c8685b2801ee70045e221a9f21d860f90d94be0c7ae84	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2376	2072	iexplore.exe	30
PID 2072 wrote to memory of 2376	2072	iexplore.exe	30
PID 2072 wrote to memory of 2376	2072	iexplore.exe	30
PID 2072 wrote to memory of 2376	2072	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5ea88ac43be46f1a85bb3e1a40cfcec

SHA1
e3eebe85bd7c3c011597c86c783a3754a185a211

SHA256
7c3df5193cbdc9f654c547081e7d41610f99e7ff04d73d632892286b88cf509f

SHA512
2cde7bc2e6ef8af0777997577283690cadfa323f70327b59333cd19438e6dd60aeae277ea797c83d33750ba67f0a4d0f6704177e708af5fb301270e87cd47f20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5639dab8b49ace1ee80d4454ce4d2c7

SHA1
7278050fc240bd67f02edac506100c577245fc86

SHA256
a696581ebca7753516e2607cfbc8abb195ed1a426e681faa1a47e62d8fd8336b

SHA512
33e3b389ac494b84a9e088ba24b461e1bfe9926b81f1d118ab385cef47a4ed99ac9da034f90689b880bc7a9b0923be7f584250221cf02613f82bf9f7d6645a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
643d475be1aebbfee50858289e47051b

SHA1
5a35e655c5edafb84ed7d88fe274aa9f563ed06a

SHA256
cacee3a1732c369057ae4259fd09d3f51d489cdecb0fa1937bd816a2e1428110

SHA512
467a1508c7475d599784f2541f63015a0ee9ed4c4b24aaf2abbc064e7fa35627b901bb7bd1a52cf4a4168d3c18a6bf4e3504ac61e3e4e38948019be85448facd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
288aa925db213c67bc5ba08ce16a1c5b

SHA1
e8d63503f0165542e4fa90fa1664dc425f3dd1e2

SHA256
4759b4e5d114ad752d87d6f1a2c2b4ae166c2b8a6054dfc76a678bbfc8e66f1f

SHA512
a55c0801a0214913881b848610d803149add149ff45a65489ce9dd3a70bc6642fb4ccf259665982d8da963fb8886a1b81f9b1b287949a5e7df6550e89d88c0df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cc2ff08863926273f108aae8adece40

SHA1
042031c441958a6706b40576e4d5a100a584580e

SHA256
f5503d234989933356a99fd6665d9f9b89d7ffa04338536093689becc070d0dd

SHA512
32b3dc60f52fbe9179a57294084ecb6527ee8d7e42bb9ac1d87133cc30974e9c3e32f40e2c0fff94bea98694d633ec0bc55d4d7691140a50851918eb5bd9d67f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
443bc2ac90ce60b2334a52b00929d8c1

SHA1
444ac9cf911cf8e940bd6b25f2bb662423ceda31

SHA256
3a2f45a3b9a99b6b7ddb971d1808e5e9ddc4b2ea072a5044dbdf9de4752777a2

SHA512
15f5f1d4ba89b1330a4c884625462014335ebaacde4f5502294e86cdb25a027fb269d860fa0d8495998cab96b5a0b909608597f2ef36fa3bb8780da168d11f29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
431667abd059516b7914bc0833eda57e

SHA1
01fe39daf08db9ddd77293ffaffb89ec67c4971f

SHA256
c3b63dd4ea44e32622d7303a65872916ea4dd6eb8cd1fc2512b5a3af9c519a06

SHA512
5a12ae8f297aca01665df499eed56d37eba840700ce3246c7c5a54017415f827c64f3bc9b7445af956358b2089616be1190437d79ad0fdd44992d1c1f1b6c2d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fedc02c07c35cf32ee0e5c22a03f89ea

SHA1
7b33c53d6f9c174868fb62cc3d7a37e1de940e93

SHA256
b4937c9638e78e4033a545e64281991eb1554c4352c3257b02feed0120e14a71

SHA512
00a6d4b9eba0140cf631df2781747cd17aa4a70c43116f94bed22efcf65ee99d74a90fac1fadfacee5c01fbdf729aece295199fa7ec5baa2bf3bd1f63963720a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77efb58e3bc2c62545cb76741057f3ff

SHA1
38b2fbb84210846732c1a262e67466355c28509f

SHA256
ba459a6133b3bfea156af4520510a39f2f34a99e20d13ed7fa54af3104c33101

SHA512
0ddd692190a7c45f9b66157fe02ad6ad1799b28dc4a2bc543cef07a3df3ca3274c03f57a78ab6d23f7c0ae15e3a2ae4c307f185a0ae6b380518b61bc38243781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c4b786fe6f79a2e16a61cb6756b81f9

SHA1
94aebf88d9ca776226959f051e44df181344a009

SHA256
9fad8463053f994706d2bc238a61e274963552cfaa2e7f5e04ceb1e1cc2cf202

SHA512
39ae8d4b53469bb23b8198c840d880b267a8b5a0039b224eb902adc3266bb2663b5a1442ec9f7d69593ffcc6395afad2841f064b96b4feffec4f0104c5c90a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74fb8921f2f22a27fdc1d1694948a034

SHA1
373aa7b0a075d8be3d66dbec5420b02ddb8dec9e

SHA256
99c6302e3d704cf89169e5e9c4fc63daf7daac3969a3ae29351c60d2433e2611

SHA512
6fe37beec6964bf308c501579d25b07a086af1188cd7023b925b4c3362b8d9a064148e4e9e94e4805b1bb2543a4778cb91e4264f54ee3f34ea09ba0d9766d345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53fb15650c96169fe7baa93b7c630e62

SHA1
d75e6a9563e90a59577a4621e312f7f8d1b11069

SHA256
78088a754607dbae6e30903c9e958660e63c38fb0469321f30d4478bfe3e02bc

SHA512
9bf346d218226b9c04d94236d6b81cc7296e780d3f8b5fd77bf5ef4122e2690429f27fb1546cac9f2da64b2edee93d363bb054f219fbb711318b14a8082f8713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35d2b1ff94405dcc5a8bd5229b3a1ca4

SHA1
52998fee40c1c324e3dbcb2f35e40bb815dcd916

SHA256
3c0f9cd1695ca7322ef5ff6ab1daabf27edd83bd336f4acb405c329fd2ef9e23

SHA512
b0066bf36e509fb9f9a9226a8a4b595fd70f7b54c49441d2f8cf67963eb3129e2be210f10941a513080a70371b1f63cd98911dcd8fa87e4b046837bbd8397033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bdab37c55e9fbf87f147f9cea8e1be4

SHA1
a5efdccfc4d89cf19692d88aae7f3816370c1e79

SHA256
9772974b9ee7daf1fee01f40a6d1c5f8fd2ca8566cd98d1a975835add44af9d7

SHA512
3da71120ab9d4f6b9d6e07685a133c73a81c47c5b63412623b0f41dc656b105176a2bb99bc89f83d47ea0a10e4f9fed851bb437f267405058430b170aa4a6976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21067ad2345e42dc9b6ea053eecc8075

SHA1
6599c781b3b3b856a19a432b001d35364607e80f

SHA256
b56e472c2f33d74a8a588414ede7993fa25c58f168effc67dc1807a3be235ff7

SHA512
f735858c7776aa712369c543e92b252d043c57fd129b8685f8c0958ea908b779611472128ec7cfea6a1241cfa9ad4768ad0c09849113782f13eb789de15f5c50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7affda7b02074f917a2f1a67ae20cab6

SHA1
f60fb229d9e4c2191df8051f4d366eb746acbce6

SHA256
14a2315af7730f552f3d67a9079dea61acb4b7b987bba12ead268f352b1c966d

SHA512
05f63ccd869edbce23911b7bb58b6f9985ba7a34550fefab1d827b2a4d9dc9aa9fa5170e53b1dc7d9f978c997c1516ba12ae4e54943fd6954c3ba27242dadc79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10373b3bcba5f67358bad0ead4564195

SHA1
701ebb107335426080f934e491c38e8ccc9dd3ff

SHA256
df67e9a4f5936a1d259fcb24b13537d727882dd604af877ac94484c128009d98

SHA512
b0d7b75e10134d2a910688af90299ae5492dcbd9901dd4c731955652f5a1b96082ce56ca4f5e79954f42028f5633a9d8925c64b74678412521675614affdf33c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c3fea918b48666807dfa562b2fbe718

SHA1
b0db42059da00050905f603f8bcc9e6d86caf8d3

SHA256
8ccb7a63d1c834a8984589212249af7b7a8c071400a4c98c5982fd5441661f6e

SHA512
83a30647da764c119857b74b5fcfc78f29ab90eb43db8fc08efb2f95443751970069cf092444c0b951ade0ae981bb28a942a7054e333cc46932e5269b32c113c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF03B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF128.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit