d7ee0e418867d6643403f158ab68581596cecc077e9b2dbd325dd152245966d3

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64b943787665a127a1f37c343a3b376f_JaffaCakes118.html
Size

888B
MD5

64b943787665a127a1f37c343a3b376f
SHA1

1b78db7db325ebf303303b83788445e8da9c9152
SHA256

d7ee0e418867d6643403f158ab68581596cecc077e9b2dbd325dd152245966d3
SHA512

d007da6131d8fad67c5b2856d6fe1f77a96cd582debbb935f955c3a394226d0851f9711c45b3e28c5e2d5add86c0532abe5f06db57065164f72808a2bf506d0a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000007324f28c3a26df9ace063fdaa0199135bab9421165e262fdb930d31f5dfab80000000000e8000000002000020000000462cc6ca0744bf63e3444a3627ffbb13d10e2b5a87ef04edb219e970a033a6ce900000008ad8026bbcac611858e0ba80bc57df5b081fb90f80dc9c0342578ecd9427f4e75cd26314d3d429f2edfad7027494ce2a246f1a2cf353d44848940b0c0020c9d2745b2071856514098fa114eab18dacebe78e3894b90b70acdf7a8b490b5d97a7620ea6110d004a10f85da2bced2d33c206ba15f1ae5132819e3ba32fc4a927e8fd253a7d316ca0200235c3e631b5e627400000004d6c27a387ad81e5f7814ed92c842ff4a52e45bf4e909100d37a66b5f54738648f0052373c1eff1190c14e6b0d906592704a589a520d7533896d3a3f9d2fcbb3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422486546"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF3A3F41-17B3-11EF-8FA5-CE57F181EBEB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07cb6a2c0abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000003fa0a2ca865946bc0da4e80e21343bb1c87bd3dfbd03f5d88c10d72af4b93ec9000000000e8000000002000020000000d43312cc757254eec23f6e78b1d85b112c2d2db73fc3227c00209d03ddb6743120000000245dff9f6e2bbbd2d8ff22844ff1ebd3bd282f0e4e2d1ce42169a53393e4f21840000000ebe050bd7e36ae2850a4945f5c114e734851c84507ed84c491af1f5180b333a8be2c43406871517a53cae60dd723458970f85293bcfc0c32e9f1fa406061412d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1676 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1676 iexplore.exe
1676 iexplore.exe
2536 IEXPLORE.EXE
2536 IEXPLORE.EXE
2536 IEXPLORE.EXE
2536 IEXPLORE.EXE

pid	process
1676	iexplore.exe

pid	process
1676	iexplore.exe
1676	iexplore.exe
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1676 wrote to memory of 2536	1676	iexplore.exe	IEXPLORE.EXE
PID 1676 wrote to memory of 2536	1676	iexplore.exe	IEXPLORE.EXE
PID 1676 wrote to memory of 2536	1676	iexplore.exe	IEXPLORE.EXE
PID 1676 wrote to memory of 2536	1676	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\64b943787665a127a1f37c343a3b376f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3370cee403c8972c09b42577a804c9d

SHA1
635f6226ac8cb4555fdf0b886d1468b0cb6cce2c

SHA256
d281666fda59eb0d63b27165a6fd5033fbed8df500aefa03361fa8f1aad97695

SHA512
e1be6b0ff03740cbde1de0708c33c38ccf42646deba92eb63ad0ba7b67fa7c43f910cfd03e0fb24d7b0fb456613e5ea906161f3bd8569e926a905b74c44fc683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86bada8d7ff3aea22107bb986820f002

SHA1
9395730d6c3b5a5797ac5eb23a2f1158565a68d9

SHA256
6e4c35dbe7d1644839c45fcba53610f1e805cccf1d0ae5a6bb3894cc3a52e6bd

SHA512
d414608673f10bf3c744b15f564acf1e51bab084a48cb06f72db8e0ab282bd96845174e0d9eb3b375ec44da4205554d3424e57979989f602cb4cebc22256d132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
412e7ba557e968c964895d9185f0f9f6

SHA1
f730e8d543629c96f1d73192e128964a4cfd57c6

SHA256
aa5551318271c0ae386d2a9e3e9a2d4100b3e21b7884bfefe26409f2694aee4b

SHA512
bd619d86800e54a1b5f827b1d1eca3703d98e1d97320bc28dcc0bb77a4b2f5d3c922128f680556c09b07190cb13bafd246d9e20fc9bc769a3c3e2285d6cd30fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a023792b70426f2e4af4910d488c3081

SHA1
57a2be9aaa79ae92292bc40b59cf65f55ce6cf51

SHA256
cd7d9259ddb9d987769f68cc053a66a156763d5c108fbbb3ef1be199107d20df

SHA512
7f8d74443339b49e2c172e3ac20d7b9cc494b6c16cc31532db6bc59f674c6118c2bbfea0e1af5095723ef349a8a08be7bef74a2513dfb7f754bae701e40cf04d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5038de14cf32e75a1ce0380ebbba6f76

SHA1
e48b9161fcde7e84d323700d80a1fd95e8c63ebe

SHA256
03a1974146dd01182f5205b365541bb9aec5d7e1c14df86f2d974370d12a1d0d

SHA512
05781c45d5afa1ad34555a1bd5b2def27032751f4f01432aec11817bc8485fe5d78ca079f5bd498be3cb55dddfb970248e348a0b8dbfb5bdc356832c42007252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d36d1edfbd64a71a9a47f7f547c7c7c9

SHA1
cb1ca2b2ef1a2a7d437a17fdc61e3a8a7640b1fb

SHA256
b7773d0b72666945204a26aa1583b9a3ad12740258389d47da6a3156d3693f89

SHA512
7967aebba9e58ae19bae9b839f27dec0d9d5307124039b22f8d2d788681fae629d5f2c8a64e7054b61b49d3f15b3bb4a46fa72aadf5e0ca726bb25ba14482adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f403e2c2c43adb74cb07ad5ed27311b

SHA1
96d472d21d4a108ce5f3b564dce8c6c0213d3aea

SHA256
f8b99454bee51fd26c2abe4d3bf4e9a0fba85f9b1a99d2ce3ddee2bb2176b152

SHA512
41f59d3c7560c1142f6e80fceef57d2d99a78cfb50e60eb600fa30662cbd70c0fd00ce6c1a9a1fc7e24f766ce5d2f5ca1ec234d5ed266dac65d85e866afe3db4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2c5bebfd018b0b6b069169bd719dadb

SHA1
f28f10884cde338869c5e6a5a1c55cf5f41180ae

SHA256
d33cdbce4db8c2a03bb3ba45a55285bd43c756380e5c51e835f3df720f55c9c9

SHA512
af67cee00521ac5df37704866434db209c075c59b8bba94d9cfa431d68d025eb252193e8742389c8c9d5c43ad688beb93b1e5849a161a3ef4281eac8d07b878c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f880826677e6607efafb4f51f99faee7

SHA1
c47170ed7173d5b76d1d5fc1201f4425c7ce65ee

SHA256
d6ebcc81fe834745b962cb88ed48ca737fa329b41d1bbe502e0362ec3aec6877

SHA512
8e74225648270dacf435d9702d0ebefc94fe6ccfafc6767c70faf5e5250d520416ea198e5b25044a7213f4730b1d8746fb2f06059cb0bc77ccca8b5e96f24738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1684693d6a889e5d49e55b2d08376926

SHA1
9add6340258a92bea6b75a605ae50a7538c8f218

SHA256
6a165e8975cde082b5a6f3598b78684bf8b4f85102b81834bf69792deba77ecb

SHA512
3970f5d1a198c192a8764a8781ca07b60fa87d883795fce3a138625e6314ed4429b20867eda095e6adfbca5e0d8eb7240fbdeddea2c9725ca3c009a8f16f0cdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bdcffbcd5dab6f9cac19340fb38010b

SHA1
750527532d76b1c153bd69175d82aba14a3de752

SHA256
f0fc64f0fc2468851c8a389d79db3758f406cc455f0fc9b2abb84f7b64562df2

SHA512
934420c1d97b556b605041142221d2a4446ed0351c5ff6886dd687c62db121b6af41ba125a599bba920f5197b631cb94690addc0e40d03257e1f63b7ec31c52b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91f97706d5fc90c7e4631e95099a17a3

SHA1
05ab85beefefe0e8cbab831ce15bd3b9eea0d079

SHA256
3afcfff9fe08646db4836eac4f7c6c62d2e3b56223f699d1c52421e7efe04b7b

SHA512
1c03681c1007f590e248728dbae1a02ba657bb4e200f8e804d536fb00f78a9552fcbb9c1b964609e381218b9d8f8f801f04dc7bd462470bd897d269bfdad5a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf4ba6e440c970e1eac607838982dca4

SHA1
71e18ffab05aae4b663e1986efd9c18a0ed4af12

SHA256
77e577269afb45f903c463285a8fabd184b1c8aa91d1be28b908c6da20fcfc2c

SHA512
a108705afd78ff92fce6dc932588666ac4e63a861207d0e8c8ebadcb0b7bf18d5366c6f827fe10e5fd877b8473a1378054e230c9b627dc6483581a6702a3c8cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0ea79db46a5afe1d4aa54685ba23c9c

SHA1
8f2caf78eeb5b01e5a6377a95e9ff37def208fe2

SHA256
4dd9a9d4ce9af7f84d1f3d1af2460caa23dc37d69eb4451bd5f84cfd8f4c6ad5

SHA512
55b1370c35a90587ab8dc8262f5b1f3010f8d595d672e6ca3b9c300ea37cee002d9a6da15562616a1dad7177932efa04dd65da36182bd2c9ea8a35a078413b51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb78ac1350b64feb018bc17d1b7a4373

SHA1
00d042425458f95b8de4c9839899333aa56b42b7

SHA256
2c9d8ae85bd904810ffff50656db17096537440ebb26ece062bc35c8794f6380

SHA512
b5439bb6a3656112f0d6457e1b47af65101f6b9767e0774a96ed9f1766729a021c0ad1dd5f69c79c68cce1e69e9915c44911fca7e87f783c513fd0dfd6e9151d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aff038c390efe1bd29107ed5dd6d5a28

SHA1
88688c42e692f62d6c0903f096635a39c129597d

SHA256
e7fb7c8acbfde52a0598d862ac76ba280cde68351d7b78be91f274e7a0d660cc

SHA512
7c7877a64009c006829d5e41ed3de7118d71024e7854b3cfd30229b99e0f3a65bf0ea7fb25d11ef857ce05186ca9746a6e009bd947223808fa07c1e075c1fee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d31c1ad5b5d1133a918ce458e9bef2fe

SHA1
f9ac2b709afe675c44cf869f08554a7df9bd5340

SHA256
6930c0a29d0bb2f5f466e8a2c5d58d5ff820b4136aa9601f2b747c229d3fa8a0

SHA512
de0666fc70677a6294e30f2574a8eb080124cffd0ea1ce4eb3637360d6fc0efdf868bf19ecc5eccac068b5876198e78c1da3e811370c58bbbeb8bec63587b4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31EC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar324D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit