hxxp://fr33xp[.]xen

Analysis

max time kernel
1559s
max time network
1565s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fr33xp.xen

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80514c8b803fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000003ffe5b4d6e3d59448de294ca27eb710a4c2f0a7730cf27d950b27b37ae714e9c000000000e8000000002000020000000546fe430771d4182d702bc1a9fc44822cab8426e900a788608197d453826e800200000001e3fa13c3257219d5b43910b23e1c85b5de8fcd5335808939743b1b516b0dd11400000000cbd2b354e3437b4f263603e1c800e443d6a1a7cfb347df5af1d874da9e2f465adaa37206a76708a2913f6c7818b2fbb01af08b2a7e706f8616859fd6a6723f5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438731759"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B369F871-AB73-11EF-8B1E-52DE62627832} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000abb3dc6dc683a70e7b8db0a2f4eb8361d5a02a39f088a387f4a33cb8e1a4511b000000000e800000000200002000000098422ac1a72111b3c8d2d5dafb25ae567b0b40eb0c1506cc51110b93f657317990000000591d30ae7c6db3557bc3074bba93a13ebe8914d0c4bf5f31e994b8a78314fab61ce13e3e2bc6e61ac9eb3f2c6063fab1e180e3fc3d0ba58478b0226dbb7a75ab2ed7ac6b7bdd008b44d85fe9b434a03b0c937da465512767998aaaa7baa058666fb1d12c4c40d28e25d1c01d8535c519fc68eba584518ac8fd08eb6d9fc1a5bf55a32f4d08dc10a239f2a72e284c3f3a40000000c072700b1013520449c4aeea218b8adbef2d87ee499038e4f294324904e3ef6b0ed8ab77e5ca35f2ca2facd7d4c91c387cc2b3ed603d75a11675db880a710b53	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2908 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2908 iexplore.exe
2908 iexplore.exe
2920 IEXPLORE.EXE
2920 IEXPLORE.EXE
2920 IEXPLORE.EXE
2920 IEXPLORE.EXE

pid	process
2908	iexplore.exe

pid	process
2908	iexplore.exe
2908	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2908 wrote to memory of 2920	2908	iexplore.exe	IEXPLORE.EXE
PID 2908 wrote to memory of 2920	2908	iexplore.exe	IEXPLORE.EXE
PID 2908 wrote to memory of 2920	2908	iexplore.exe	IEXPLORE.EXE
PID 2908 wrote to memory of 2920	2908	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://fr33xp.xen
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d827c417532c5c93e2d100d0e319b0ff

SHA1
832350351711ac00b5558079fb1e37ea0fb6e6da

SHA256
8c1d1d1fdd775a3cffc2bab83506b6c4da56bda206fc86e32ec28013752c08db

SHA512
8db6613fbb6a6c9be318e5ce70596c056e6bfdf21ba7288fc709576b952b0f18444ca1f52f4a7cb19e8376efd2d15a9c7a76ce16d5a040bcd514639a3181a8f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af6d3ab4c63491255e86c08919a4f8f6

SHA1
c649db7bd55e7cfc3fcd3e5cd92583bd4f9d21a5

SHA256
26914f25ee1816857e2de8444f181ad1b2f5b25e416bd88d89a383b836506980

SHA512
1305f0dd7e4ec7009011aaac5a58ef476a82e330ba8723554178f0c0875fe63dd34c5b4d907def09f4ad53f5b1234985bb88b3a1208fba14eddbba9195b83cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf54957f747bf12c51f60110cacea123

SHA1
fedf460930f6f0762694d4609d0008cb2e5682ef

SHA256
0654764b3dbd8f97589cbcae2e490aa704dde94b30f7968231bf1c6886ce36df

SHA512
4a9932f180e9c4b296d871025218d5345aebe2e6a196ba4173bbe0d86ffe316e50146e5f901add453b0e46137e301f134e0f800c509b557c9b1319a2ee2f3b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0e527bb27711f734611c371c4a972b4

SHA1
c7cd9df339f2e973dc061eee1914a5bd4f4264e2

SHA256
78916aeab03755f7917e58407d72423fff31ef34a682ff15191e8b1997d0c819

SHA512
f115fbb41c33a55f1c4406b19cdf27b06d4c1b77070b4ffea383f7102c8b87ec2b614c7c816e3900d8fb842dee9bf86b9123901aa8e21ba49415e174b741ca8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
532531cac8b3d2367748ee6addc25db4

SHA1
579d4432fb8c0de5da582f251bc625565bd1905d

SHA256
af4275ddf4869ab8995e20823b03db054943c08ca2637f69efb025f3d3ed524b

SHA512
ba7d5869dd39ae05b26fb39d8a8b4deed23bf3059bc2579398ed83da435138648b425bbd60e6958becec116c142322f5b1cd9d0c48ca8612dfb0b2c6df8449c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22bb5d45e34ebc379ea48419c48b93b6

SHA1
f0b1d0df155f03c6a419b82c5d3047c57f4bdb7e

SHA256
07693a7b3e3699dea7434d17361c03e8f69e32cee5a62d4315a2a8d48bd4cef9

SHA512
1132e35ecca7e23e1d25a549d7912e89ebe3468f9805c4c7e3399a247f6c4ece26e77fd2db8370734bc06882ee851e77d17bebe4ed0a05a76bd6ee08c5531df9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
103435b666b17ec35a4673095a7230fd

SHA1
7bd2c25f95901e1f9b48a00179a856d07d88810d

SHA256
dfbf28d56ad2d294b939e15491d153fb20835aefcecd86b7566338d036deb499

SHA512
eafa0ce7542aa10e1e96243deb52511e23416183f87d5f6d6a8bb53bf09506f8705e7c190b7212f3d436d918179cca08071c9622344b8ddca706e03a8bee0691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a59b09637aa14102c82f2d8375c8529

SHA1
e976b1a6814d433738c7e70b6764e27658c66b3f

SHA256
16ec5bc9e15a88fe945e6d261f57b5f934e15e9ab4c3eec6b4756410b9145dba

SHA512
5cb7f8f70f501b1e2a0712dd9ad0b7057c4b94ca342abee5059860eac25c85b0ffb19e4bcaaea9e88a116244eaf4e111546cd633df4953eaf04ff03a6628a2d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
441e7a5699a3abb1cbac49f601c13431

SHA1
3783ee4b2a36aaac47b917e411cf4a790a69b23a

SHA256
5d7f85ff5e81a7295452a4e3ce8443d0f440e36f95c0545957c3900df5779925

SHA512
5a48338083a8ae02fc868000bcb978284aa236f54108d38b86d1df891e6a1e36f07b90c030b6a6d34b797e9e5afe38bac32ec8aefaaf89719da86fc486b52bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adefecb092519139264d592fb35a60a7

SHA1
1708f4cfa84a3008d7691603bcc85cc01adbdb44

SHA256
9c7d049d25a84c5aa9a23591335525f011c500541d14757640dbcaa5f4310952

SHA512
0b8921ebc539067dfddcb98665ce3e54031d60dbf7da14b98084f9e35d72132d705ac28b089460541deaf0011e9583493e35f486bbbeef0ddbc91ce8ee635e0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f32ce58f152998c32296aa155d90ef6

SHA1
212ca4236e27dcd29daceedb834594fc6b3d439d

SHA256
571927d10c1bf9d4d280c8dd33c4e40c0f1cbb321feca8a223a990bf07804efd

SHA512
f2af2dbca2006900ea699c4f4203b9816cc08b2ab8ec1429a58706f2c31d3cbb778dfc498b0b38bbbf42ea389b3ac24b51537f031200e3e4ef68f7538c289461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c338cd81fec147933add7aa585e7806d

SHA1
ae1357cb2d1e0f3fa5636aa1e4f057035a3e0932

SHA256
11adb70b21fa879542f5140b7ad375be55fe64d02fe0eea1afda53d33db28a74

SHA512
4d9128e3bdea924ee2c546d761e3132a1eba6827e22e627d780b79b14fb408b046b09b4bc5b73da4a2cd3638c251f18d3bf116078c8f1155c3cbcaf7d5d74175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af3c8bb3a36ef0d027cdefd7e8c626ed

SHA1
82049a799b3ba28e9ca186db5f46f8d8cfadd150

SHA256
793286cb2a3d1e7bb68e58202ec3b2b4d531be5cfcc2a0a08c5ba2151699a0f0

SHA512
cdf1f37997aa965684b1231243f5cb50f5ac07bff4c9185d7493f88461c9990fc7b961e689830ebb41fdd15ec86dea4bb001de2f9be224ece28f842ac8eab88e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
329321708c40a9cd199878c113f95471

SHA1
1a71d593954315d8ea229521421687be69b90b4b

SHA256
da3f1bbf35b4ec4db36114927c4b8a282aadfb444a024061a56687f91bfbddd8

SHA512
e576d840a98a1ae2abf6077577590ef7d4275196b8891fb2764975d39d5b080c0625f54381a1f28052b711dc8cca492ed59f41a042a04b91fee79ae8e32d137a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4104dc17f3cc6a8154cfd87974ba7c3

SHA1
cb6dc33d47e8b8111f0ef9a6691a6bf6cb156dd8

SHA256
52371d2678e520319e1ed576766bc69b217e9dc5a466cf455dd5ceeb92a36f6a

SHA512
b19c82e78fb868c125e7d12f4bc97e071c47448e1ee6e8549961914c86c74d3aca2002665f128916f8505ca129cd3644a5a0328b6bbf93d220889723b5985d11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
992df3fd53337258b129e33ce79ffd12

SHA1
47425ed949d80a6a06dda48fb7a22adc02d1d60a

SHA256
c490d75177524b17e8e835e45e590553977fc9df0399d8ec24fa44273748c7f9

SHA512
85be7d48fa588dbdd8d6a0054fb854c52fe1435e5071b5e21a2c9cabf8c59fe6c2586a74d9d8e477f55bfd65cfe51c8286672f50bd7fc5c53341b4bcf04ab1fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f605974c76b0d63c3d3533234600640

SHA1
617a9b3e5d550bd40183250e42f7f407ff6785c9

SHA256
08831d267756c78266cd8579368320ef251d34eccc456066016266d864537b72

SHA512
dfaf3a60d7f1d504b01510283d6f86680dec2067f51a4254a8600ee958b1237098495902e5d4409aa2d72a4e8a6785eee270847d553f25b79f673f29d5701a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12ecfc4d31b05b78ccb758a4a4076fb1

SHA1
9a7d5946a011ccc5325716c81b904528135b69a6

SHA256
dd0c6820fd98b1f131cc222444a99fa046393167e8c19eff6de47c5144ce3d67

SHA512
7b85464ed2bfea827ca641ab5ac8504dad40f0a9d836a2a7f139a85563dc6d21a166e7149d63d72908a407b93dd840c31cdd6885f8390a6275f5e7985d41a94c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B90.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C5E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit