9cae613430c623b5e14e6d8c0f0ccac6171de3d1d44325bd9b8c65d1acd4f025

Analysis

max time kernel
144s
max time network
144s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

208e921fc97627cecb65fcd8d9e6281c_JaffaCakes118.html
Size

21KB
MD5

208e921fc97627cecb65fcd8d9e6281c
SHA1

96cafae7158e59d5aa05e49bb98eaf4ffc7337d8
SHA256

9cae613430c623b5e14e6d8c0f0ccac6171de3d1d44325bd9b8c65d1acd4f025
SHA512

891771d9c51516875506bf76ab025b094263a575b3f20709b4e2f77b3c1420c119f08f5ebba04fe0149a8fb3c94b6a134ddede02b9edbf5a32d96c8c323e7455
SSDEEP

192:Hqvl596UDnfvWk7YsEEWQ9Cdo2UQB7909Vea9COSdNVMjP0kuDn:Kd59BumEEFH2RbaRRP0kuj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a6a9fa79a0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421246706"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000001fcd439827e0756ca22e090b980294648df957e9a8e0fed60c770833320e2371000000000e8000000002000020000000eb347d5409ff77a26664157e577603f342c4f3d9231efb5fe15703de18c5219a90000000f4e07b2702c831aa1022c7779b187b64dfffb50cf9d57104e221f87be1e1b1239f781543d2dc363e006ef933db8c7c7d72d81a66cb881887b24e4bc69bd6f4daaa83241262578a78e511f451edc28eac6e9f73c18f87a6c7baf7a7c037b94b277f00050ae465c7787ed4cb94df0a5dffbc7e54c5c1e3a589d29048472dbd4b4e261856f684c56bd0385a01e76e670bb2400000009b50f50a204e3259f9aafaa50ef0098d0bc613598b8b94c7aa0ce6f2a79cc356cb31f56f6e868105eaf69e57351b2d04a91c591fa9842f175fe8d8b534a9299d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2591AFC1-0C6D-11EF-AAE3-FED1941498E6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000d66858ce3b3b815f7a2d4e69096af601860bbecaa308ec0b4e6e736ac284c099000000000e8000000002000020000000d22498536fd1062737b6702603dc3e587f6575730e7be56c4b74965cde32da4920000000d2114f006f60ee80a533212cb7e36691f7da9ca8c0398ac0767dc0a3771eaa7740000000bd0e8e652a80e2e297e01659b9246cec60d9c13ca69a18815f0dc96b5b397b1585294971a866dfe1d0186cf4e60dfbca5d3ee2bfd6bf0421ddbc38ac8aedde9f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2256	iexplore.exe
2256	iexplore.exe
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2992	2256	iexplore.exe	28
PID 2256 wrote to memory of 2992	2256	iexplore.exe	28
PID 2256 wrote to memory of 2992	2256	iexplore.exe	28
PID 2256 wrote to memory of 2992	2256	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\208e921fc97627cecb65fcd8d9e6281c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9134db80821751d3df7549590d058a4b

SHA1
de5da117af5ade6761d926b65c697092d0a9f64c

SHA256
6373b33fb1b4a6e617183aef3b8c02a69c190221336f239386df5e22f2e09df7

SHA512
6aef90c6a22ef907e2832cde28eb0e1125a17a5d7672f4e45c1aed85b3cba8c02f9d81ec413ca3326f030161214583f35a7a3cc4bc8aa2fb01a1578d3c74f4b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e6d660643b0efa05abb5c4e2ed6b1ef

SHA1
426900e8ec6d0df4cddcc7021fb5dea5e2b6034f

SHA256
85f9524c47163a1405d423061e14cc97cb609e8d6b4319a3877f990ed28aac6c

SHA512
64efd4e6f21e21ed0339362dd55aea3aff072ccc86a8710ef5538a31f1039163eeda9094ef55210b7f20a20c620dbf0de29121c71f9301e449f04b811aab2f6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3581f7226303e90d4a3fbc7c0fd0b68a

SHA1
e89078850e14431d19b1be39cdcee95564a39da8

SHA256
b59b8ddb2f1d8763543f5614b2646d89a0cc478c667dc0ec2f5bf9cbc7be6eac

SHA512
d66b1c890c9fed371251996610c878f7f272938b74cdcf0b81af809b22f64d359b5261ccea6a20b0d2a27ae5f4a0cd99aca54056c6cc21da34390887cfd82da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
062ee98e6ec31c58d80f128a003583f8

SHA1
bd7b4024a876e83520060a5c50f9c021fc520744

SHA256
83b8018b0b40a67df7f54a8f4f2002b1a008d4ffd88f08534ed738cf0e3215e2

SHA512
ffb19c1229b1bad92d37eb2876119efc7eeca2b58d5cf94edbe7b18afd94ab7eb863de5828ce309c3e2578259d661b04fdef43827159c30c15fc0836b9d22c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d6dcca358b729c0f98e403812e65ba2

SHA1
e7b699256ce1ee02924ee1dd4e7cb094f28c7147

SHA256
f7ccd6c1a08c450d59162bc40ecda82db01a2164a3e4703be39dc529b1eea169

SHA512
0783c3e4fea6226e40df9566731c39876a7cdcbb4a07dbf4159e6d4b8a0f4a5412c11c3edbba77ae41324a9e2fc1089e37e2282d8ab653b41ee38f54a4e024ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
363ec171b7b9f51177f25c436b2e676f

SHA1
60019307f67fec50cbf921edbdac9173c57d7f92

SHA256
0b49c988947ed9ed0b3d5e7d2f28aa16e44dd9e06f52a88920d5ca1c65149233

SHA512
516295065133652fbd8f7a93347d70315187832a973e6d3bb199c6dce31bfe33700a0fd06439f57bb4e4a2888d5748640257b961947a375ff357fe97f6a602d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1853f7358e78169057253c510659b848

SHA1
0395966c270abb7bd1dcdd12a901e87a73d2bbb8

SHA256
9d9620de96edece25f10aa6099cb5a4d563c4d7f10aa91fa2b7f4f47171bd3dc

SHA512
7707b0fbee5e4edd0b6a7feb1830ee47558402f2e8c52e4c931ffd237b7cf9706dcbdbf76373b204d77a550314d03d5765614a51b0ec0d50deb9a5f478b5b889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41d091d7c91dd6aa6b3e92bbf44e3df2

SHA1
e33cf61958bf6a34277e72ebc5add6fc6030c984

SHA256
7cec643a20eab816928a82223a44c2e62c169667891eba95ef95dd99da63a626

SHA512
cb28f4c6c4d58a87447b1a7eb56c2db4196cebece3268f0900669680d2a445529492f7a4a714c35b70af730aa4ba35331e328d0a9c67bc8d0063f4b4f6b75b1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d94eb0b35424b03c86680ceea4eb5176

SHA1
8b33e6e47b1ce397d6c5c9695eeafbc00ecc0599

SHA256
789ca770f4446b5064439ca3aa89b99bb85145fee3b0b45a3dbdc0dfe1a52e91

SHA512
b6778f954739c89ec9659c555eaf6a9a9d01848487d9b2ac4601894e164f56aab23cf7aeba26ca8119020534c4ec3ffb5a0d1f6ff2c2d0e54cca4fc929f3777a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0f0cc2e4dcd5fef0c3975fd20dd09d4

SHA1
e2c091446623a9d707a7689f3d327519f055870c

SHA256
a74d8f2b6126ede8d70104177e21c419a96ba9d892d1a6a0869e74161dbfe710

SHA512
408e197b34ac6ee88376ae709b1bc6ad08650ad845d20ab2cfb0fdb3c5efed2d035133c5922b16724a5686061385bd8cb278ea7d34a9345a8e170dbe1afc2fe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
510de2a62cf44c0a7cf9fa79ff3fc6b1

SHA1
35ccc9327bbf8abe8a12b7e0d948e34d25dd8463

SHA256
ab08c991bd4f6d102788a0b2c409e42754a34597b0db213d7d7ff181e6a05e2d

SHA512
91cc91964d54960992bd1b742ef3c384ef09e49be532159482bc05f7c8cb2fd2e2d3ff4d1fb3e82ea7b76a69c78cba42ada1152010b19403523feeae7458fbd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ae80367242bef3c23f42bfc5c77b9e2

SHA1
b76270d9f2cfd8ad392155b6ca7b073f34f0707a

SHA256
38e6dbf43aa4ddb300f27baa61f52a5413a0b17d5905978eeede5ad0ce09b55e

SHA512
356cc1f523da083ba3209ba7080326764e148cd129bbd9a6d1760de6271547dc9eb5a8417181f95a4b7ec1185903909591f17bf2b72945252adb53a9ac0dc48f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
436ce1922c8a24c643654fdd44078ad2

SHA1
9a4e44c6d085beb6e9c19bb3c09b0f254ad115ce

SHA256
c066e0f4d9dd46cbce7df31b2f942087d030b499d318785440422bc1af73f304

SHA512
754c397a752e8001a5c19e37df370abb71f671af636609c82fcd51c0fb3cca5ace67b7de71e9ff588ea46ccd3e2b7dacdb02f9f9fc10c1dc618c6e313c08a10d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7efb1d9fc78ca9b2ad51ab3d4eac62b8

SHA1
3b7b9c867c9896e0c0d3ff3687d2882c6b551c6c

SHA256
b3cbea44a24b3740993805704d14f4890b82a5d677ac87cf08f988918f13e2c1

SHA512
108b691adedab59ba417f02d5618d4cafb309fa002536770fd8cabce04ca96e55a24dd19da768fc3dfc9d37b0c92642f8d24af99eafdbb194cee352798688125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45b218ec22e339ee63bca6f3629e8280

SHA1
9b962ecc7f8cc1bb7212edb42a7199fa75320a63

SHA256
ae76fdb08a07c5f1616bfd3737aad725f81c94e66b4a5fbfaed6b43c50e780c1

SHA512
bdc5c08e80bd1071b43664b134005425fc8d18ae4ef4436127ddb6eb3efe74edcb70aefcaf03ba6323edf1c90812b1aac573368b8bbf5634e37dc10e781dbb35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d80b10bcad8a55c4382432b639e0af73

SHA1
b9b482f0cc2925def8326cac5c954eccc36d6bdd

SHA256
c795eea20cd06536decbaa7763d6d8f4b1d71eaa4d85a209b5bf182bf6c7aff0

SHA512
f60e6db9285d81dd2406e1c417ba728a531db0587ee13a52014132cdfad33379317e6239e8c64daaf8bdbb7f79f999b7b127df825357dc8c1e488bce3dd5b2fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c94d737d8e8f71b186fa9e51cd7fd655

SHA1
8cdbf9aa360a8f8dfc58eca17f411bff73b56ecf

SHA256
50e836527bb477cafa35ca993b7e988ba8654071ba34c8262476511b53166eba

SHA512
a39134fdc3d124f5a80db7d5213312d76037919fab690d9bfd1e871486207e891a54d41b3eaef0798486ed1d063bf7174dfb24a9372a931139b89c2f010b68f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F7B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar305E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit