60fb15c3e1463184fa057338ed4aef45e7ea982dd13d4a4294a362329f6109ee

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65cb802e29b3bbec6979ab7b6c81dbac_JaffaCakes118.html
Size

189KB
MD5

65cb802e29b3bbec6979ab7b6c81dbac
SHA1

afc6a17ba43e094a69b1c54861603853678752ff
SHA256

60fb15c3e1463184fa057338ed4aef45e7ea982dd13d4a4294a362329f6109ee
SHA512

6fa5d7b174d94c3373bb8a28047f8f751df648d1a0a61c87dffc2d40bd549c606900d68b260b699fa4b1c6353e609adb8346063a3630597565398c071a21bdad
SSDEEP

3072:S75z6TSOyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:S1RrsMYod+X3oI+Yn86/U9jFiM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e879a995ae1d44c9b589573854d47ed0000000002000000000010660000000100002000000074caa2c61a55fbc5ffe9f0e16d3ea595dde42df8ba4044f897e440e62fbf56a1000000000e800000000200002000000019f55ea912cd41940b8191c96104c179011c2aa4aadf7cd054e58fdad6e0a53b900000006911c8e3bab65adf35831889a5fd818630ba78bfef961d778dca48b8635b63f192f8348634d77b29b2615c98b4a919320aa5b981ad5f3d70965779712665b9e7ac3ac5e1682b5ff7c02f2161bb15ba3c25c9e0c21ba6ff46b657176678ccdd06e7617017d844cdd6b2835853581a949b2e5b7cbce1f66b49d7bd556b57aa03813a42cec9a7e3daf79dc23cd54f95fcf640000000121e769bbd7d5157fe4c19ee8631a0f43a118e1bad7e19a1f38ba731ce7599c89a17d39779b6388e1f07fb8f29afb995817f913e8aa74aab74f5d15aad2d8821	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2DF5FCD1-17E8-11EF-8178-52C7B7C5B073} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e879a995ae1d44c9b589573854d47ed0000000002000000000010660000000100002000000084bc2319cd4f8e7e0e7101663fd7bf4b6d63f4156e8054af2b1567f1c4d4dddd000000000e80000000020000200000008c2c1e5a58d6cf1caee4749a7d6a82d93df68e27da61e8df5442c359961b323c20000000338f31918de78f31856f86dd08ab29eaa8ee0c2d34bba910c05a4108a2240d0040000000b36e5ba599cf818c4917ae04305474fa01ba6aa642217ad0a8a073752879254760ebb155b44b2235ef41e91430635e53d2c0b0cf1ba86dbd37c84323c65d6fe8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0329003f5abda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422509020"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2904 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2904 iexplore.exe
2904 iexplore.exe
2920 IEXPLORE.EXE
2920 IEXPLORE.EXE
2920 IEXPLORE.EXE
2920 IEXPLORE.EXE

pid	process
2904	iexplore.exe

pid	process
2904	iexplore.exe
2904	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2904 wrote to memory of 2920	2904	iexplore.exe	IEXPLORE.EXE
PID 2904 wrote to memory of 2920	2904	iexplore.exe	IEXPLORE.EXE
PID 2904 wrote to memory of 2920	2904	iexplore.exe	IEXPLORE.EXE
PID 2904 wrote to memory of 2920	2904	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65cb802e29b3bbec6979ab7b6c81dbac_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
209e0eb2e43d09b37af8f586c7df03ec

SHA1
6d015eee28a558719406f03b310c2c7e50d0ac49

SHA256
a0c24aa4bb82c692fdfc5a1ec803dee4444d710fb333a30f088d0155b221f4c6

SHA512
071b2c0ec8e322e775c5ec0726d5beacb85b798e1885b3539badcf76fce1f2e679cd61e583692dfccc5c96a53542c33b3c623d967fed64dec1f62772095fb624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0806998b3bac4a42696bc540ff7d9ad0

SHA1
526ca366df2355411d44de81db341f736cd01df8

SHA256
45a97b58d0a33951b88dfe815bceab74cea7287abb2095ac6d891da526e3e895

SHA512
8bf89ea1715067a424233502538af7e119e42641d2d05e649a09dc65e508cac66a5c8855a28a254c2e63b5714979d6d9bb8becb0687376a55d9c664398a1edbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c651d7c8c0d4fecf8172aad3b99aa786

SHA1
d0b4191bfb474c62f77f5fcb8b912e744c04d2f2

SHA256
59cb34abd632933c6513a66957fa2e7e30fa774de6daadb2710b20be65197ef1

SHA512
1baf3fba58fb7dd32dacf8f905654bc2ec478e80c1dd049a65618debcddc47b7d53cb770adb65258e8e0a626ce0935ee4e1d45d069c4e92c1052727eb358ce0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a6382c95e89fb92f6d6baa86184c8e3

SHA1
dae4d40d866ddae9c24168a18b21fae532b5a246

SHA256
1125bb1ea7b262e4b5e9783519b6e91fda122b7902a845c85ec591bdb92e4247

SHA512
a9e94c0bb45ac10d41bfce5c344459e79226cd22bff836ad846c7917948533695a2435919d8f6bad024b9c64267d0616a8c70d35cd35ce2cc9bf65b9f0bade37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b28d23b91895ac9eb9a3f1d714bda09d

SHA1
4da13f1c4204812b096b9229df3fb74987147de5

SHA256
c18999546c727a0c42c7d5e2f0a1127aac37db3383bcbfac6fe276a093bd8b10

SHA512
e0f2da91dc051f9331dc29cf0e224a52b9054498c7a8cc449c1495b5a5ca83b23125175d2b7d48f7a93482f2295c1f8525e0f50f03d85517735ece8a9dc0c78d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e798730090e7a28fc136c9236b0c385

SHA1
f9516410e39116459a9e123de6363cb760aa8e40

SHA256
0a445a783be1861282558b97e98d46ccf705378cc4d2a858216f065a9dce831e

SHA512
1e0faa20192ebb0cd04cae5ec3754b9e76e210e5f3184b088c56b9e2830c3a38eb4f40e88b6395feed4f620ffe043fe6dffa22318b1788fb4c0e0c9fe9979d27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57358f20d3bf0b7f794af2aa363384c8

SHA1
d8a86e52776d60751fe103eaede0d3527023abb9

SHA256
751d0da1a0c8491c2f7ef027deb01cd8b2019157f1522c6ccb4c2e8b7a585906

SHA512
f6ca9354630927e222f8347c6eb631075a47fd6e96818f9719545e9206de297173eb6f49fff5f41d0117431d499a83d026fb5062351084f85a424e36fb441f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaf2710c8fe3aca76f4235c0a1c8dfe0

SHA1
869d4f519224a391c2493f15b858e9fe629b5d66

SHA256
571b3fb635cb1977d570c90d472e1bfd6ef3181be2619be43024d80393ea5de8

SHA512
1d31ada61fc40562c8a5acbda0d9fac321831b45ae9998ced8e504e4b85b61261a38ad0811cb87091408d75769288a7cc988ad149f0eae79c1021ebff8a50f21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b83c411ea3432bcd9d0603f967fc58a8

SHA1
a50b76620f5bd3945afb5c400d6c05b9b0e51c84

SHA256
685debe54a24c18e58604861a32af311f88921c8efc4f80b075ac56f04e88469

SHA512
7396cbcb00f2e7ff0f04c17500df5fe425b148a0f79e215c43f805ec17c5dfebcc1801dcdf42d0682161127b53b88cba0782cb21d90627363027a311939b2c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b88f3cbceb3ed3cdb8168ec443cc927d

SHA1
a4123bc71f86df8047b04ca8ca7ca664840f2ba1

SHA256
e941ae82840fa9faf4026c0145548d9f238875f5a6b039487b65e488b5e2d85b

SHA512
b5bfdbd722bdc6ec0f1e13ca255eac89321720c200398f5fbe00dcea110c4211b2d8f5d193c2896a12af5ee3d9862b07165520b685bee41912dd29e51118d77e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dc5aaf33dff4fc2f96258da500760d0

SHA1
1135e57e286a3162ae52a434cde58659222584ea

SHA256
f3cfefcc5b9bdc6b73d57e2acf1f1ad309158e2056bf243e9782b1f4051eb17f

SHA512
b40a0590c132ecc9b5205e9c2d9099732013318cc6196bd3d3765515a33ae34bb0395e8381617059c8beb598e76df8750c26bcf06090dd0f9916b3fdb8869fa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78f5d802af87300524a8c50a5a1cb3c1

SHA1
bbe3681c93ebd1904677a7b8470bc5b14f50b55f

SHA256
98b9ecdd44b5ff2071b8f279cff1f77ddc9e081d373da270313279a4df3bd75c

SHA512
8280852e22bddf19c17bd6ab29bf9c3b8764e41a2939870ad6428d426d7f2d6d064919447ed06a1f997d34453ac4b11e1769c9500a783aef0c2c4d6e69c171d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b51d14d23a2e3546615aae6227d76dac

SHA1
0315bc7376fba366caf033514e5fa7c778dcc232

SHA256
fbfc29ab374ca210a80de9f4f28fcdbaa191e2353e0662319bb9f62144f6d636

SHA512
552e7bc119c3c41232cd48fa103af43324ccdf40c85029ef457812e6902432679ac66fba3a381124c39ad9e18348e305d7a5a0f86179012533b2e483c1825302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c8e705b1d1272670785a27facef071b

SHA1
e42ea8a80bd13fd47860dd2db116b1fc90bffef3

SHA256
1c797f060b63d9ac1675674c5de83a9c8c6ec0aeac80dc7a9caab23a012a5d7b

SHA512
24823d33a67d84830875ffa4d90d96eb8a956a8475ab99861b42a95a31d1fc3bb912a166df2fe2c1794bb58ebb8af28271f24a911e770301b3bf5f45f0b679eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deda047d0a142164476c94613f7d4a48

SHA1
db25b78eb41cd26ceb3cfa8ed2056828711090e5

SHA256
4e14ec837fb9f6924378c01d3e028dda41cbfe478947573bfd80130155cb0e25

SHA512
9dd6ded7c80310290af4d3911c7372690c0711081ebef5237642206d6b3c6dab641aeb54d0695b7f06705bf753441527c9de52ce8618859585f2166ff5de1f3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b86af19d6c3165cf1f30527e01739e1f

SHA1
30a54f74ff26e6a8e817b18cc9be713c87f74936

SHA256
8ff21f4d1da2f7c892033ffe4935058cc57115828d9cd62120140841a23543ed

SHA512
01ffdd143a13c748f26c18143bb01fb8dc25b424905b19ddad849ae339a39716de865cfc4aa8ed5b2485d11fd588add9bfaf5ceaf8ba8ce1554716b012111dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab29B1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A94.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit