9efa2a2370a506567fd56ef659e4a95223ac994f901b8e6814ffa48798a7f02f

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 02:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22ce445e5e54fd6b495d5528135c1f0f_JaffaCakes118.html
Size

1KB
MD5

22ce445e5e54fd6b495d5528135c1f0f
SHA1

1e28b0e5874f9b3d27c703d8d3123597d5395fdd
SHA256

9efa2a2370a506567fd56ef659e4a95223ac994f901b8e6814ffa48798a7f02f
SHA512

672e1b4ac5abc6193534d8a4bab8d1764ae090575098455d1f46ff8966476ed84fde1a93fddbe6e3aad0c1ad740c15a7147abee4f897d098ed18fffb42950344

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A229F681-0CE2-11EF-ACCC-D20227E6D795} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421297169"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07aca76efa0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000069f1142a33971df939023f09dfd7627a9a3593c54093e4c9a6b4a4b74efb115a000000000e800000000200002000000011e24243f5b99ffbd7a3de4a7b1515140afd5ed072d2bc1f6d8b6a2ba7fc92502000000025c396146ed1531cc31e164fa4ca38cfb1ad9f37917ef1e3777447e2b2c0e13d4000000083dae4626de3f108937238b2c77f3aaf157520da7817e168d55e210676d1cbcffd34435a5c9086a03bbf5f827d8b8f1fc680847fa0e31de14b21b0a795bd2756	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000c846e4cd5c519c4768771033db78f185a742004bf35f5bd93d8904092d9e8dc2000000000e80000000020000200000002a0e97ce6844926f21cb12cc0ab4b8b3eb5e0d97460d992960d61c42ed5835b290000000c6cae521827a91f0015724d7911435867964090032f52ceb193fb9c4f3213ac534078215531751baaffd4208f26866514423555bad1913b44a542c4b7e2a84220db717f1a28b2e28fb94df4c38421b6ddced49f6819fb98b0d8927fbcd2031628c5a7a9edf64579b16eb4e1d2e960d7b5f00c6a67ee2da950b1cf780b9fb19b03af0ba95d140d58aeaf82ec34ca2aa754000000050acb5c37812a4d52e45398f9a17706d99cf08ac7a01f7502788740b60053116f4e35c1ee9a134d4de6f93f32b7aad73a8bcd4faa8488374a9f43071e5b01862	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1784	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1784	iexplore.exe
1784	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2056	1784	iexplore.exe	28
PID 1784 wrote to memory of 2056	1784	iexplore.exe	28
PID 1784 wrote to memory of 2056	1784	iexplore.exe	28
PID 1784 wrote to memory of 2056	1784	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\22ce445e5e54fd6b495d5528135c1f0f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1784 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f4026fa932835eb6395bf43ea3d4801

SHA1
1786c7fa96b9794f8faa5a9f4b0bac7fbaa364e3

SHA256
676c5e49318d3d1b8c271d6a3d585aa10256a532b67259c3c330d0e14c635ee3

SHA512
e423169a78f0b1d6c729f3300bb50a0631e51fc605e49373cccceb643c3d77861922112681bb42fc962532f0f0c1056db595d2d6da56bdab29d4abc04a60f844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
391865968fe7fce4f3a188ad207a2ae6

SHA1
36dd4bf904db7b9b2c5e049ebab99ce298018b02

SHA256
c7dfd74e69a63adb5301716b79dee2c453fe08727d9492b45f42905fb00dc069

SHA512
76f400e93f93a266a39ba4e112b3b33b20a0a8c00501f81f781758c3c6077436f1a1221f3c4f3f6874ba818b709a05b5550eb147fe0e056fab4f9d131565a43f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7907151e95ced4770630ebbc2c6105f3

SHA1
3a86703b2b97f99b89ee5847167d36b6a7c2a74f

SHA256
8524864cdcc182c01fc6d8c50942b516ad34f6e2cd9709342d016a81872c87ec

SHA512
151f7a12adbabf18b89a9e8d1b6dc78bffaeb189f9e16e256431b4a8404c27d04b11cfd5a65e0ef5585eb0f98b09b051a4a63aefe033760e9084cdc1d5158500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fec47b9567046cd3135322f4aba3f13

SHA1
a96fee644dad6d49656f05381929cf443f1c0232

SHA256
4317d991339a11d61ccec16c33b7e6ddee06beedb244a187543dbd40dca49d2b

SHA512
2c7c2c481ade59235c236503eb19fe0295fa1331349f96de226c8ec3a98c4f94f28908dac86559bb797ed585825fadd5a11278bced10af89f18aa94afa63a8ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3025246d1304b52a9254e1baaa06716

SHA1
319696353ebf2f0b5ee21c12a57440df4099d91c

SHA256
5eb0225132a690d0e159f529ffcab97c8653ad3dfe1c508769575f85f59ad634

SHA512
b3d726a00db1ccea0f052b258e44ff54a88c0d1533a4c5d28f336faee9ceb92ddd52ebe771351972e6b3cafca9430b99f2b84c156c62d27aaedf29eeda734f33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48805dabf25c54a40182c187e4c4e5b1

SHA1
5773a9ce7d2fefd6dc515ea453ad85c1306c8fed

SHA256
e08124ee80efcede281cbab934f8ba2d8b3d7f356a2139b507a2a55c671ae268

SHA512
bec104c07c4e97601088822fdbec3d9278e1395508461438e439c257fe4d1b06380322cb58fe9b6c4e9d0ccf1d193bb253161860931fff4c8a59fca7bb0024e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7ad6be8b336c64f9343f7aac4dea83a

SHA1
624a2889643e380f0f9db4a75dc735c69826efd1

SHA256
51c223e7147e1728833846b5384d88eee8c53043ac9235a7adff9e538612d765

SHA512
aaf5e0f0a482d759c2b5297df00baa35c1cb2a24ffb640bca912684453930ff48da46c8933ff7ed3f63449ea273f3d7dccb360603bb9744e804ea457564f65d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f53e491a01c607e1b1daf8a5a7db195f

SHA1
0b824dda330867e7082abaa1eb8124653c0bb22b

SHA256
86b7db575c4e4ced274d1be27a44b86db5a891386839fc31381b75f6a3cd5faa

SHA512
f0d96c705332c647ccde580a15e44fefe0d73077f3d01a9e69872939bc61c1733fc9d01684d92c47bf3de6a3cf79972bf4032df43fea7a60115205c2f2bd16fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9988d3511d1921f3375edb7fe3beaf26

SHA1
ca955d316d2ed36fffe2d7eb598fba1be0dacc8a

SHA256
6d3b637eb137c298e24282a8216fb2104a18938137921f89759299605489dd76

SHA512
c5e8ad6463cb006cffb18d1b5d85f08671fb54a3ce9f6804cac4d2c6f23de0c453b0582dd9e35553d4a082527760c06c37118eb09a79dae4a9f95fb10c6eac52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50a099802fb7214aa7a6d9ffb9e98b66

SHA1
f940ac57a58e3ace6d9e2c6c0795332e0c6dfab2

SHA256
34c609c61bb269113230f271a0810f2a2022d41ee31cb5fb450a813b62bbce55

SHA512
23d8e24276d4e1c487b45021548665bd76e48ab6b4a9aa85761df231cbb390e76aa7c3f015524d34c94a213157701316863ddeef879b028d013edb5995ea5ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69fe40d45abed4bb516ad6f3b762935d

SHA1
836e6e17d55f0ef162aae842fcdbd25e6b3dc83b

SHA256
1461284a71632b68ced5e93d63bceba4a2e9ee98a42e4df664f9d8fdbdcabecf

SHA512
463997725b8ad87cf4addbc9c39152ba5475b9aaa661445df7ffdc7a5fe7019c8f14592245c8c1d465905185e1f6bf497235583105de39ea537550f01eced792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1b8db6e435355bd06579022b0ba344c

SHA1
65cd027edf8984a842cc6bb2a24703f7a7c4250b

SHA256
d48b5e90d4bfc3ecdb7ad054c0eec198d17078b37e40a2cca444fc6438c0f9e3

SHA512
2ca520ee992606c26893245bf0daf4ed165499f7e91b96863059a7f7b7ac2678675614ea8cc52a62a7469c94df511612d1625c80908eab696dbda1f855933b74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61d39535691c9ea9263da64718a6cbe6

SHA1
459ff77c44a302f9b903b842bc2680b0528393a5

SHA256
3b70c50e7b16109fec86c6c0829ae25b5a8f15f2f791a25ac12323e9f9aa1f80

SHA512
39d77fa807a3b3d59c41ee0ed421732689016d2b09a969ee45a265826146d792b7d299f696bf967466bfe71be7b0cd63ce6b1cf9bbf3ea5efcaee4d147448fa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28fccbbf913ad734bdf54cc7286e5aa7

SHA1
b8992a405a2e33143d25605cf166ad24e409ac1a

SHA256
901f6018371ade4f48eeb37c70e6984da8ed5a670466435de7f75ab5949dbb1a

SHA512
9ae110f4a9e375af6ae491c61df762105db0b9c9cca91e61b272044a51e06cf1d65957f9ed38e7e782cac9c1362d74ef0811d9824d58e53813bf71a25fbce13f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
184d424bda0bee99c5e3d9880cfc4c6a

SHA1
0337d4a96e6221d03e5f9312cb1f5943c5e47d78

SHA256
da0c31c3faf7e2e6192c78c2d9e261c21efc77da20adab1dc5828b82f0de1cf8

SHA512
18887b9f854048708bb22e559f11abfc6e13c868fc781fe3c6c6a7215fa52684ebd794a46cce23081afbea9a6a80f85af1b8265557a3868d81fc15be355d3ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d15d5314af1e357c8f805501ee3e86d4

SHA1
27fe2e2aa73f1253bf56273dd1e235a170b2d727

SHA256
52d7d33a6138bc580e55cf70aa58f149c60ec70b9c2217390e102a8b75f79eab

SHA512
e61953c537be9d732aa13dd8236a4a7da44837c1cc694f82d398def1d733e88d6b0e70eec9ca4ba12cff7fdeeeb8425f785ea40b42903fd8a24c9ee09144ba78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42b39207e2f6caf5f1218f0b4d9b75a1

SHA1
fa7ab2f663eb7167ed21a22b217ec3b475d17037

SHA256
9eab4573d7c96f2a4bfb30622699d00e1f2dacb17e0491a11b80d0a2887e6618

SHA512
19c24e9f67ec47a191977eb2129b01e0f73785a5aa0f9a5d035fe037c0a8edb05e8ff6a6898384e6439b3c6c035947cdd1e9d0b0291f6c63d1e008289f8b3716

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab80D5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8215.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit