ae3a2411a8949cfbd8f52ea5d448e568379e083e013ef04d6846037ecd9f0632

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3df084d5ea35ba54ad6cd0041fb49c2d_JaffaCakes118.html
Size

3KB
MD5

3df084d5ea35ba54ad6cd0041fb49c2d
SHA1

7747a4df5ae297db91dd00fa45fe109631a634dc
SHA256

ae3a2411a8949cfbd8f52ea5d448e568379e083e013ef04d6846037ecd9f0632
SHA512

bcbbb84d9c0696024f6d6e7eb0560515aafed2527c9e1ebe9c414430d7b25ba8bc95d0006ac8e7a6d5d56f094779653560efcb9e2eff7604de64d99db71a7429

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000161564cf6d12a1652679a7a0d2e55e542a466c572de460483e03796b98332237000000000e800000000200002000000093e278f2e1ef2d55f73329e71d63c44ad2a52471b2422eb64cad272227a160d7900000002abd49f0abf9afe484f6f57e5db9ffdf4a6bfc6f66de480bea987e03a9e58274bc28e9b732cf8e7a984eeb2dfdf8f3bda15e2ce5d0f5d5e5ddd7254bada19371762bf1d19d1629155edddd2e4fe80e6397868b6c7a790438d8e0b3752d8eeaf053e2b25cf2844dac1ca1a5285782d38d4aa743ec519f6c6ac2ed9f93e1d925c9858c60332c25f073a4d9e12a066d27e340000000eabae4a76220175e9427c0df9f2d3eaceed3cb1a678727767366a3b03ff1c5c1b8ce544b04cbc4521670185f2b584246ac06ad215341db5a212dcb873fc67d2e	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000004e06a6b2b6db0e13db7411bf894ff076783fb1d93e9fec0cd146719e90f7e7b5000000000e8000000002000020000000bd528fbcb859c9f53e5700a8941ec462ca7cb8e1dd42a92fe1bd491cc32079b820000000ab3730529eff990cfff163f08dd6238b11693a56db9991a89844373d5f444c95400000003b91ec45c7f946ca0a78474e058c13f6df8ddcf57ee33e37f2a26e57929b5b56896d30edbd5fb8a9a2fb1cbf2c94d8a4cb2d6aede7f9089e5d37ca0b66e92a6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d8aba9f7a4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421740492"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3065D01-10EA-11EF-8D50-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2044	iexplore.exe
2044	iexplore.exe
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2356	2044	iexplore.exe	30
PID 2044 wrote to memory of 2356	2044	iexplore.exe	30
PID 2044 wrote to memory of 2356	2044	iexplore.exe	30
PID 2044 wrote to memory of 2356	2044	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3df084d5ea35ba54ad6cd0041fb49c2d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc15806dbf3e68c69bcfe4f8a842ca6e

SHA1
03a48a81181741372bf445bed709de3ae1856cc5

SHA256
71341dc624ce0652ba78b9aed66410a0d826e1a6257c5c6c515482473dd506cf

SHA512
d40b756ebd0c936dba2073ea64e6bc0697e24f0a1f77d12c9324a3fa8a45e73b9c1601793c2e3ddd88cf908eb751a1190d54e170d793aecf165ccebbb66c4d5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08a80bd8b2eedf588ea60a811a480c5e

SHA1
da89463f71bd044fcff8eb6b013cf99c2880cc83

SHA256
613e3b926a935358ac7f8335acd0e8700850d27eff961b0c614e58d88be891d2

SHA512
965a8b97a0423fd52d8c764d1537d1569cf209c98a1b1fea16d4b48360db262f83007bc6d18655b0cd8872d4c27a843d7997d4b4d63a89851d3ed46badd6c2d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac32595e3a2e361bbbd3fb298a7a4afc

SHA1
cdff99c2a9f508c5f59878b5fa83993a82c80dba

SHA256
ea0f7be6f8d45e1668dbfc968b02b29aaec0e8d3f54eb1ff48bd82470ffee412

SHA512
b25941c3bcab95e7ca680f2ea0040d46728512550d053da1f3812cb8f19b754b69d9cc5df195732ace5be0d635a0ee29523de963c5bc8903dd461f22852b546b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53523f70e447379ff5b84a4ddb0226fb

SHA1
e78252d9c5d1fd306ba3052094695b87f17b0838

SHA256
4e8cb197e622db02f170a455c5e8f966c9b3034fe0a02cf61d21110fe1e37705

SHA512
bb44a2863722130ff0e48ff3cca41c1a26ede88891709323d0b30061a6f2c576e7d804730c925c521cd772708cfd0939dd7638f606c7505e1a1782684f29e1b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9d82ee1f54bed1281671ab5524157e8

SHA1
cbadbf537f5c46282d283de795001731ca388d02

SHA256
a3c2fddefa695842b46509b9d043120c16a09cc957a1f395f5aa6c100b5b69b1

SHA512
197713077bc7900815b393b4358688a0918a5ded6738003727c15115b4f5a58794d1a98419cde1a5d1a9bb152dc5774095894bcad3832ea012be87a4cb725a34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2c52ee6c5333092905d9c3563d2d258

SHA1
932107e63102296e49589d56b8fa0b21bfd9663c

SHA256
8e1f48c2bb1c5dbda362a893d8e925f3700b177a6b13a2426c77b307eded9568

SHA512
71a6b6d753eeff9018c01401a774e7c673ecae7afc788ed3c0521105fe10a67c0c0dab1fd26648e8cff556bcd1941f8c877cadeaf29ad8a57b6f3d2f5042d648

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7b7dd38635aa40951a395e4145d34f7

SHA1
55137e23a661122eafd6eb5a8a4008c78e06b7ed

SHA256
f66c1692c2c576294ac3ae168ee310967e51e42bd156c410cb524a64e5fb4993

SHA512
39fe6c4963a655579853e33f98dc989159da0d7d5ce9186ddebbe0955b951e91e5e6a880e978ae00f2d23537139a22ee7babf160d673e5c69123858af796471d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36ba19127aa134598ee6ba4f1e9cb5d9

SHA1
2d94d86f5f8ca882880500c6f64a550a45e93a45

SHA256
b18566bec76b8542d0a738d539400365a2a158c966a8bc1961e6e6d887cca3e4

SHA512
9670de5d98ba403d2f6c4ed555ec26737e9d540332b8519ee786b01d8b69a9ec22571b217112d9647d5cbf99a49b0b1b9bcd1756d97aa41a1b489d6332f0801e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f9743aa20870bcdaf6d23f787be7eaf

SHA1
d6ccd54faa2e301400f7a48eb92ae287f3b6edc3

SHA256
b63c85da2032cea1d37edd1c70e864ac6b7e1da64616bae52c93e36a86e67774

SHA512
bf8a7833865a43532699f0ae1c169af7cae44d0801101d93fef0ee937e12a371ad8518a6280ae8a54b91889befddeebc47ec93342cc806d9c6a8a4f94e8d7f17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a58d165b27c74656608131997c563f86

SHA1
f4661bbca41f42cfa73136a30e8375ab710b9f0c

SHA256
1220c7ca4136b0a3dcdbf50c640208dc26c0a7c6758af82fc8a920686b9453ec

SHA512
d4648d58afafbbd809433fa2488ddc7676c50ed54325c4507a923eaefd20091ff69c767a8e2ae6258c574d0d1ffc49cd50af113b7fcb5eb6004898c0f9fd629e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02cfe19047830ca4e03d0f8ae6ee9807

SHA1
11bc7e807eab0860bee3d0e088d23188f9169155

SHA256
9b6b7529eb186d2d122e4074b6525bafba46b9b7b6b8e8aa37e991eeab7a4d98

SHA512
5d48f235ba76382d6533b772e6e24528a0c207cb83186641002b33b173c99f013ae901fdfcd38333ad996d27a659b0db571825db996a7a42a9834bd89de29e53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3eba927d80f71ee9166272c71216794a

SHA1
f1ee7f5c75ec365cc90c9f8dd639302f4bbe07d0

SHA256
4df3c155447be2a7e115aade1bed732c74b65d9442c06826e154cbf6120728a5

SHA512
21f4e8fc937ffbf7bac28f10da089f0129251df4cf732156791fd1cf12c5146d90dfa8f8e10451aa981e482ac8512ad9a71f4b40c1ac2842599580a1eb6229a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
483bfe66958761d38bf0d91dbfe03294

SHA1
bdabb63f0bbb24264b10cb3d959ecaf311255bf7

SHA256
f88e4f745564d8dbee8c6852793d388b445b649fd9b4c9ee89448bb8951ac121

SHA512
03d4daf9aae807d44fa471bfb6ceae36029a6bc3c6c49cea0a199614e533517c529ca669b944f2f12da6edd8570f13c6e4a1e084ad97723e0573dfd069775414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f6b1db5490783972fd47310f5b0988a

SHA1
69ef27a473cf8584e27d3b6c0cd3c7d475d83e46

SHA256
e18a326bc1a92633a42ed8abf8499437f07fd9535b7504b3484b4613f2748a2f

SHA512
5899cdb0e8d8849e04ba1c9ae0ea0b73cf303c4c6e04113d724261c6c6852a9b8d0155c0eae6fed9dddd70fd4900a32a44f047f765629d64d25783faeb8f40f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d028a101f5621dd5331bd1940c8fbd2

SHA1
6f6a60719044d1ce5ef6890778d0a1bc254ba302

SHA256
4d66c3dd025c6ba3d7d0fedbfe0aa52e72cf051c3c0ae1640dfa9175a672dc71

SHA512
c1424c9b2a12fa52a7c5910b64a0d46362161da93c2353b1d80c08f7fce0b8acf4884a9b5ab489d87e623d9fd9b57cd6c7af73de2a8aae48a9026fb21c82c566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abb6025ee5a1108f45512d0087dcf9bd

SHA1
d9d65e020094f1857f1d3f89ca04185f98afa331

SHA256
323a4d07f19c80d8a1cb5f15506ce4a18186b75cf859adc974b560b6d2a02252

SHA512
3c1203bdedaee3ebca8d0fe9f583fc1de18f33b563d37cb9d5299aee1c9d6b482a7d2676bcd4d1ec2b9081b01489486500f5f51aee14b7ea53a180ff815d9aa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52e9913ca5eb6a7d5e16514634cdc64a

SHA1
58db631281ad65fbfd668846ae19e92254b4543f

SHA256
50cfb76dea2dd0b051cb95be367db3d7b10e7c24f9156cdac6d464efdc5e78a3

SHA512
02e60fe39c7a0936dfbe310e8fd38cf760f5719630c61413faf8a4b72b7c1364e1d37b1e9d65bd5bac4855306a10968419284befea1d1e2171efa5e6a87f3909

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab731E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab743D.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar750D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit