13cbe987a1ec8dc8a37c5883ef208161ddade811b9aeafa9a7d6c1bda9ea519d

Analysis

max time kernel
136s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

654bb7f057a8e595770e04072151328b_JaffaCakes118.html
Size

343KB
MD5

654bb7f057a8e595770e04072151328b
SHA1

afaf26bc793d0075236e2409f79cc3ec07a94e34
SHA256

13cbe987a1ec8dc8a37c5883ef208161ddade811b9aeafa9a7d6c1bda9ea519d
SHA512

7086e387084ebccaafa79808f8f254af9f5f4358465cc08e9d2da94ee1f3d60a5fcaadab56c0f65152df14ae21e4ce10037093c5f5526162c9570f9f025f481c
SSDEEP

6144:YsMYod+X3oI+YDF0sMYod+X3oI+Y6sMYod+X3oI+YQ:m5d+X3FFC5d+X3u5d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0a9409d0f2a6a4b81e35763d326448c0000000002000000000010660000000100002000000010c0cb32054b6a24ca78e970051977ae0ac2a55a6e1038910728a948ddb7dd2f000000000e80000000020000200000001e81d43f70c0a11868d64d347324db1840f9bcdb5855df56e3beb05b5abe1e93900000002fd42ea805fde2c0bc29ff9c5dbc8ac0c0bc4cede840a09aec915b727e41fc1f4c927eea4c6c31e1e17a6296d222baac318d5a4bf543e673c8d28d43fed7c796870b7c860d5456fca09dd75f87ee8d04a5ff093a492d8df65ac6955837df1833bbdc7dea6e7943fc7122b3e7b37b4c20de037dd53634bddc0f5a9b8fc2598be141219c137a34bed04ebaae6936e9e35a40000000604fe082552d6bbe78d12beb40cd48011d7025a3f7a7055368c6f96e1bd0e751276952a66c33b084119fab20b05f22c060cb2b297bedda8c7285e8b4bf3e64ab	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0a9409d0f2a6a4b81e35763d326448c00000000020000000000106600000001000020000000e78da0fa81f2818ce1656a4e5a5a7a01c2bd64dfeccbea847c3b738b86d30604000000000e8000000002000020000000a4d6cced4d8d1a96d2c82c55e152b1db55d817996c0747a3133a96eae75d35ec20000000c723bdb3379ca664e3f1723ce39769f990241ab3af4f853cdf2db080a0f6e57f400000006d19ad45a74154dd34e1dd427f3a94ae307d7f2809c3d251da37e9bc0066c07924427ca0e737e1111f4b5e9a69699d97dfb4b4e9cd3f0f3ce2618289cd947711	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422498378"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f084e13fdcabda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6ACF14C1-17CF-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1432 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1432 iexplore.exe
1432 iexplore.exe
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE
2568 IEXPLORE.EXE

pid	process
1432	iexplore.exe

pid	process
1432	iexplore.exe
1432	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1432 wrote to memory of 2568	1432	iexplore.exe	IEXPLORE.EXE
PID 1432 wrote to memory of 2568	1432	iexplore.exe	IEXPLORE.EXE
PID 1432 wrote to memory of 2568	1432	iexplore.exe	IEXPLORE.EXE
PID 1432 wrote to memory of 2568	1432	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\654bb7f057a8e595770e04072151328b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1432 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
593847facefe8adf95d8cabf9813e097

SHA1
c050290da786ceb7aba2cd37161a46b4338770ff

SHA256
b11053712fb0df5cf28800e6824502584f66e075f3708b4fef1db125e9e30b04

SHA512
d632c515cb5ea103b3167d6abd8ba6d78672f210a098591e1111e6fcbb44e0932d869a4efe2e39c55251e26f4110ca9e550f07cec5b847da97fb02037179547e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c26fb3150056b5d0bea5cc6116d86779

SHA1
579a85eea5e38004a6c82580fd9088a5fe0b8604

SHA256
b36d1e57a41af7c3e7283005073d2fb64a8744875215ffe8c35dd6e19d56ee1a

SHA512
fa5a8c200119d3fdea527f5932891730c0aec077e23f575d71a246d8f4fd572b0560d8ce741e3a268aa18a1d2f85840b0c20c0eaea413108b4b80fa234416dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd4589d340bb7d1b52fdc697ad12223b

SHA1
e355052dbe5af4a4e7ec1f37e8bd6ef604266e4e

SHA256
09ab34164f12e4971d9b4c4f4144448860c81db1f3b52ad2083c563dbc0cf760

SHA512
e2a42fcf951f7e2d8d3300f91712d34e1217382891c48c5ea292546513a14f37e415340eace2daaddc64ae2b915599805db38cf8ea20648dd90e52dec8a37e5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3241bd7f162f986fd85619bd02f76b0

SHA1
9b98b5830bfa250a3933e62260c717082000b71c

SHA256
b5564b34a34ff0070ac7de7d9d95f232196316b53495f4be65482eaa9e72cfc1

SHA512
ccf1695ecd26155a296717434e00f7abd9ad9e801f5742c4be0d4745c17dc577ca85628cee8a986306aa2b272e51de31d7d6f0e4b631459350b927306d063b9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
754d0cca012b6e98e5e636a1a6b360ee

SHA1
c3969a2befe3d3893104a37f68ea4bf799f81677

SHA256
c3fafea98190404d91476b03b7cba88cd74a5652a07d73674e6b40356af221a3

SHA512
e2e0fa5615563019a302a30dfc252fe31d592b79066a1d72aa3c670904ef76795ba16cd7ffd5fc51cb09a07d53e0bed7d395f3f2fc6dce37452b7b7a7b4f615f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4ea64dcfc84d8b1f97b3e77542778e4

SHA1
e5fb65fe9d2900e46ef36d322b06c14b8d7ae82a

SHA256
146569ea8b67491c91c5731f33dfe864885aec856764e7f437c75cf3473a1572

SHA512
96825413d4ee824cd0180c0cd811f34863d7f8bfab0fcbf0506779ef0f7dc25c33159c4ed95b9043d37ec336be24872a4ab245347a611bbdae7b1f02d35e695e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c554bfb5af366e5a152a3438dcc5461

SHA1
22ff15cb11bef025d7f113efe6b7172d328d530f

SHA256
c9344ecd4cac281ba32cc7ae416ec5ae3bc8047d9d75b7a228c91503a6be7309

SHA512
5d93c59e85269b0a09645ca5e7e15b4d481808dd16fffe7e77737de08b5c97c47f2dac96c0d7226930d5f6e9679fa1f9d5fcf0b992bf0d453ab9d70b8d9436e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96544e1f30986ac773cadb5635fce294

SHA1
e843a29ac9eab043510351ac9f6dbd94c2dd10f5

SHA256
624472f01aa01e82405c34b8deefd8d9d6c46a42f8fa53ec09af9aa180102fe6

SHA512
ceebbd34e0c1ad919ade823c3bd3856ca2a38f4c422c2240b9e9516971dd36551d658ef836707054a83359cfc3dd52950e872fe15b2467ea2fc6f7b3f08e252b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90ff05f2eee7023eee18812e21e57d4b

SHA1
62cf9f18c627191aa5dc4d70ea37ef91deb508b0

SHA256
716b6bd8d632e095d80aad81cbd8d6c8abcc3769f1545522b227a027089f4af4

SHA512
c08d56361dc89da8152aa6558908c9e758d496b41c9a5925ac13173fbbfc66eaf56a79953ee7e734e9ca31868f2edf559adcc080815925350c322c464b70eb5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57212a09d885391a00a59df8478aea19

SHA1
cc6852221af6028916a4714d7a31affb508ca6fc

SHA256
604e630140c5d287123734ea0d8ff4037e872523cf8d0b1d0c5845d4ff079754

SHA512
76f3c0b2bf73e588dfb6cb4e5f87a92dbfbf6cef58f0816267329f9c88259b7bf9daea77705b6439fd171e1301c89b4d8cd024afa8ba2dfbec7b7bb8edc507bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18dc4ecb43bd741ed8095878f919e69d

SHA1
a33df686e35cfa178a1eac9a93b3392dafef150d

SHA256
ea85633f3735357cb9218cbc4314d77ffe1e1ee08546ca74cf2fe2decb872c30

SHA512
6e72b8cb36f76e401d160fa9daf6c74d4507edd233afa9ce5db340f04d6ddbce5b67ae10ba85906b28833baceb01a7fa738e974b46c7bb7e9c14938b98363ce2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78815d973d1bb84771d2f56fb020de31

SHA1
5e8999321a48ae7280e4e15b2f99250e56840f75

SHA256
6fe82e4e0909a61acd1830e89a22901f73a49160ce8db734096bf44fb669b471

SHA512
eea64d29b1292c634061e35b5d009e6416c4bd92b89b72dc95873624f4d0ea9549f12d824ccd93a2417c7af9c1c97c866b1fae0113111d8e5e044313d2598b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2907e0a93c7df849afc1b7600bb2719a

SHA1
a9af7ce22bdd811ba6f800f2fd69ecbe361cf66d

SHA256
71b8d27064cfa09db4dc0523a23a4c430399001b5a952c5f2cb5e94ef6a795f0

SHA512
0544e11a84819df9858c6f5a35bca3a7f8839bcb9ffa2479cb463656815a5f8dba3b7e592d8503271677be55c6ae67fa2614ee9a2903ae07018bad67f52b0121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e75d3507c3d0bcd88b502fe2835568b5

SHA1
bd9d743c1daf504b06ff3a457d70fc4be3113f26

SHA256
3e7fa14d62ce51bb8d4f37675a1aa326fd83659a51da6253c34754c31329e8d0

SHA512
98709bfb702c5a20b7d86d18dc3c05f04edf1211e8b1a486ee65ee198d8af5ceaeff8fead77ffdb3865af285b2a41bb281a8a581a64f8aa343dd195d2d7b37b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f29d803379f2abe4fa3fa1259b18a675

SHA1
57a44846816b4150ac5322c5c01311a2f4d82769

SHA256
d28f71821a8bf3f154393c0b9a1d232483a094ad910cc7566c1213be7d83c3d8

SHA512
3204f439bb6b6cf70cc3df49b58ab6af446a77d1bc2cfe9caff75d4e48e1f842279c805c95ab79e86fe9e6b24f2c8ff7bc9152f360b7009c357b66dea00a7eab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4059b95f451f5b8dfa67ffc447a1b911

SHA1
9eac41ea8c1a1a7a3c3f77363664a99c85713ed0

SHA256
d4378f1fb1770cc5af6a69314a62d7a5bc33d7461b22130a85b52923af9b896c

SHA512
90e197cba3ffc862eae78cf76f14ccf5ed28906aea762813cfbe52b6a57b1c518b98d2c85bb7613411e6cb5ee7dacfd7e352132415c69f42fefedcaae19f7c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA631.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA81C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit