82f934fc7cd5041a6ac207ea8ae44771739d97a81c68be60925ff088fcec9246

Analysis

max time kernel
137s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d990b157cbd9eef3b3df6cc5177e11_JaffaCakes118.html
Size

3KB
MD5

65d990b157cbd9eef3b3df6cc5177e11
SHA1

c8642df7f8bc12f6a728f46c80d16f74ba405588
SHA256

82f934fc7cd5041a6ac207ea8ae44771739d97a81c68be60925ff088fcec9246
SHA512

92c827975da2c79661242937900758c525530ab3dc4629822fb2438a8118cfb25e09ecf40502816226b5985228b5a866c422c02418d007a2125aabc97c29bddd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000846d3cbbe833c343bd4be90f5b9c4bb9000000000200000000001066000000010000200000000ddacf5e0f5c0808b347a03b3ab865af2706866f7d2ea54751aa479ffca11dfb000000000e8000000002000020000000f211eb7b7688e96d7aa3bb1ef46d5ee49a2940cf16a7c324d7747b81bf35515c20000000bd6856aaa3931bb99a664ffebd114b6a5740d1413d0eb3e151cc51b567d2833140000000ae8cb2d355a16f7a7695b7dd5c1f6ab16c76272e3cbde0ce079d06e9cc0c7bb8cbe8688926b59ff4298ce911c14cd303358377182d6884eab2917672d0c98133	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a19cf7f7abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422510282"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000846d3cbbe833c343bd4be90f5b9c4bb90000000002000000000010660000000100002000000009e0187c7fafa2e383af3d46a3bcf45c658f13542dddab800d7259562ca0cec7000000000e8000000002000020000000796f2c39d7d5b579df56161015dba215816e6d66675cd0bcf626c0b3cafc28479000000011d2cbc44cd62d84d107c49544ffeeecb5a309e704b89b3e49f10ff3148342605708b5d061e91236193e32008ac664536362ab8fc4734fb97cad0ac82c3987b736254779d0ccc2e1e4da02ae6a864368287f38234c90efa557ac37400e83e775f74e197c0adf02a8ee5165a6482779e14e87294a7420683ec643b653763c5d604ad4ea7aaaf13b706b9c1c635a42a51d40000000ec5968bcdf8a8f7cdc05af12e67422c263fd06bb76a6a5c0321fecc1687d97898656462807ae17a660ca75a6149fae7d0c8c9ad6e9e094472bbfb201a27b1ca0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22F16EC1-17EB-11EF-83FC-5267BFD3BAD1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2696 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2696 iexplore.exe
2696 iexplore.exe
2228 IEXPLORE.EXE
2228 IEXPLORE.EXE
2228 IEXPLORE.EXE
2228 IEXPLORE.EXE

pid	process
2696	iexplore.exe

pid	process
2696	iexplore.exe
2696	iexplore.exe
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2696 wrote to memory of 2228	2696	iexplore.exe	IEXPLORE.EXE
PID 2696 wrote to memory of 2228	2696	iexplore.exe	IEXPLORE.EXE
PID 2696 wrote to memory of 2228	2696	iexplore.exe	IEXPLORE.EXE
PID 2696 wrote to memory of 2228	2696	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d990b157cbd9eef3b3df6cc5177e11_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fece2146d68263b0f0b8aa7319fde6fe

SHA1
10cc7a32742dd288a5b7b57e2297206d17301a47

SHA256
55054057eb0676e015bb3381ec56b772537c6ea6c00a13f04652c7d0d5d28150

SHA512
d2f1cafd127c4a73ab8bd837115fcf7db7c8a91c416aaf22aaafbd95c20c0f6b247bb91050455fe391d479ce1ec1d95f7ea22243cc7b7093d8be91a381668d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c47d038706b9739f2dd2558d368d4b8b

SHA1
d4e8cc9b061956911d24ce48c25abed53fa366e3

SHA256
d68155843d1f93bb01f535dce8c66720014f45f026d1e1f42d2fabe3c119c93f

SHA512
b0bea97166df80598331cd22d18b693a280f9eae2ce68da18f9413e5946d4210ba941a5b60a573cf4adf39aef857da4608ffc4a58e7905e32edf14056ee55b71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4daa7a50e4332af12850c399490ccc4d

SHA1
f266985f42e600c23fd1a3fe1130bcfe3aef754b

SHA256
4f6c31b2b15a7e2dbd985668b7fb5f9d16f4c7080a40e0ea316ab93e71586bf8

SHA512
f43845a0ae67f37e566232606491aa8e7ce90a2ddd1e0f58202bcc588cb90c9754971bc3e6fa48738a02e5cbc87cf846074155ff9eed3f7f8aade8cafe3b7726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
196cc4370f47e17477e2d9db60ac80d7

SHA1
ce487b8a24b9c10fecb81a7738b96bc478cc17d5

SHA256
db196af5143a45e5e9598349fe6228083b49c686b89047816ba8bf45acfd0ceb

SHA512
e8e981f02befa6367f69c62e8b9f50956448e9d6fc9d70a036705a7131a1a15373863d44dbe1e16d76802f86c68186c9d5eaff4e9fd3824e291e7e484d610005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c7c90a6344f5e5f7e4c9eeb403784fa

SHA1
e8b4761d046faaa1b9563fda7e64033c1585df12

SHA256
3080f94590d1f43b69e9c2a9997fe94bec4ac8e94e385d7369a1fc7d83159a8b

SHA512
a6a70c1c257c60a6d7e2d571b47b260fcacb38f9de911afee1fed9b98f0110db54158c5a1ecd57fd0bf15f906bcb7cf299f62fc933674216b60f8c09eecfa552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aabc477cd744be7f5da92957948c9861

SHA1
9c843d879367a3f82d7f98a140c9b7ad50236f53

SHA256
c68596baf7b6395241abf12989f77b727c4149d7ac7efb7bb43cb2d693c355bc

SHA512
73d723dc6783189828527cf77e608c8f82c2dcaa27b10f6334dba929ba71370047e1897d47749d024e5857a393a2e8ffea843f7d75b62c71a47c4afa8f750074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8ebd85a74156d696f7633cd1c68c9d5

SHA1
21fbd22f664f8866447b5af1616b81ec57a2cb57

SHA256
352afa61e0affc49d7575d8a4bbc68414db290f826570dada4c32067489aaf32

SHA512
a1e0c684b08ee0cf8646bb1ffcde9d7e0462d30bbcb9a50d9564bc6a2f0051bdd2c04451207bd441166a09f2674aced7838b2d9107f6525e7a2704ed4cfd855b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c8782d2b3d1d1f1f414c7c3ccaf8c9e

SHA1
19bc0f2941e2a8f5cdcd1d85f408abde88f205f8

SHA256
92da6ce6c0f0c5c8796504a18f6e15a625e75ea1e64aa947d45e2f13ee3d10c0

SHA512
fa76922de65800bd21ae66c696b0d6c90b4ea55ffb95120ac45c0a28bf61a9d5f8999c356c324ed4f07f8033f66e11e050da8cc93ebd0f7b562d995910a56068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf993a277d6838d7e8bb0e48b0b8a360

SHA1
7d5e19115d8a14180321828dcba20d03e7d7569b

SHA256
ae1cc0547e645e01ed00bc5584a4361bd4d47da56f09ec892a18af44a9fd9fd0

SHA512
b2cc57548cb1702f9d798d9305a87970b972eef84d8f4d26d8b80d488248fa089ef8acf4b5b25a1d8c5bd8b2038d63b4a64501dd9e5cf227d927869d568721c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c074350493f645c1ce04dbae3f89765c

SHA1
2df71d597c2121ef9b892a8149d2d2782fe49629

SHA256
778443ad80cb08f24db403d5f28645e0ff5f778e667053478e31d484e124af08

SHA512
30350765fe5db1599ebf73c301eefa03dd66a8ffb46d0fad9285d24744be245faa3f29a396e8d8d004040aa90b0d50db7503b88d7fa86a876e16dfb825a0a599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b16bd9fab03c2dfe32ec2b2ee31dbc42

SHA1
7cd1020001bf6e4d9a34f2c9eee9bd2569e71a8a

SHA256
313846105a3e6b33d278aba44bb7090f2fca29f6612eadadad91c92ec8cca71c

SHA512
14fb98f8c46b1a4a559c28b6374f55c65d08eeaefafd9c35329c8c0f69973ce705fd1f2d8e93241fca3bc5e5a0e3b1bfcc2c0955b2a0f2b285d6cfe071c8935e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b086bfb5b774b01d3684db106052bb3

SHA1
0de9f9532276c84bd88ae302965fc7e01152b149

SHA256
2739245a111fcdd3fb45b9704b294e1b2e02886ac6797325eff21c15c90715ca

SHA512
25dac929deddb480126e073668bd6fae7b3afe1af54a97613bbdb6e84d0dc1ce5f74ba1c33f386456fcac7c1e9d79ce278548a538cc968268fb6488df2a991f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d8dbbc8e16bb88a0ee0dd8b697e3a93

SHA1
2cfc31cbc07a8a003bc89c8c6d4593f53d194977

SHA256
03b0c0ae543433669a7cf83c5dca1cf314e5ea90d906c5dc587988c1a052ab62

SHA512
91397ddb214074eea9f00eb8bf3af8f8136322c8d9cbf584db0dc641b4290f87325793983af35defbb62c7594de57a99bdaf26bf3581d4ba494b2eee496973ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9787c0ad41d3f37023d6afec1174d325

SHA1
8d9e0a9c7ee473afa7d44a115d089d33445d818d

SHA256
438b8710ebf1d098e79cf03f1e88296cb8221255875d318815a367f5514bbe42

SHA512
5ff44871c26579948ba26813f737afce7a6d70cfea3307b4dc6814f779e55c9db2b08aa9fcc16d308ab1fa6d47cbbf5d2cc170eb904c7e48502e718e553be26a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9edc157cd4559e2432b3705a314b158a

SHA1
47fc90e97215e36ea55af0697edc352c9ea0bdce

SHA256
6f30ada581290d970bf3d1c592d310ede02f8f965642d7ff369dc5d394a81329

SHA512
4eec702172bc8ba3ea61ed3c8171c9df06cf4c3d8b251cdd31c257781ace94ff9ec44e7d22fb842da13b786454225e04527b732e44fd5594d2e50b171384614c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54e4a2e9c7010dab21fc522ff69ce926

SHA1
6501c5c77f03f1259cb9a93bdd50e341515b2f88

SHA256
29ef81900d32b13f299317f5755828da1f2fe037432692f979f636e9042d2072

SHA512
de8611319dc43c97f8ac335eccf500003c1a20176014d1fa94fddcb5b9ef2997c02bd873851c483daec3450207bc47a89e63e6d961eb4b8b4c13a29860e40919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FAB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30AC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit