28f4bdb677cc7024188dfcfbff50ca57d4db34e9af271b5f388c8b400e9f748a

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696a22adc949afcd1e7a4a2f71227f38_JaffaCakes118.html
Size

29KB
MD5

696a22adc949afcd1e7a4a2f71227f38
SHA1

9eef30fd1ee88579799edf28992d4dce3be3eb56
SHA256

28f4bdb677cc7024188dfcfbff50ca57d4db34e9af271b5f388c8b400e9f748a
SHA512

7c19057f8b0c766a09c29648352cb376f24613b01cf99a1ac4b2b969add40575c568a672a2fb7948b72900ce6818c18875fe821e1eeb9d939b9bbe3271e42d89
SSDEEP

192:CJS7iOlrguKgcgjsu3HPNhv2Y5AIxTN2B3ED71FUM8Mz/qWzBM45uWzBM4mtWzBM:CJU1hvsIxTN+OZFvcmoApZy31n

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 206a571ab7acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45061C31-18AA-11EF-8804-E25BC60B6402} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422592373"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5a0622cc144d45aaa3b2daca6cf9880000000002000000000010660000000100002000000027141ca01831a5d93668563a16c49cf88fb0c7bda04704a6a40fc56a0882b2d9000000000e8000000002000020000000ebe50c85c1a69cf9b109e09f07c8981f861f3291e56708c220852d6148a559cf90000000307047b72dda93f6d0a1a16e20e344b291d3b535b9174c78c632d5c6fad4203c5d41fc0aa3cc6ac0f1004ef4c059915afbe1584f82304cba2abf58f860b5ae6639a24d817b385b0cbd3f3ae80dfa53f0ed0542e92186c6277bf8916396e6b5cd6542e8280d28c732aaf26d72e5146ce402ab4ffea8e85ae24955571326b135d1e2ff3039a34c97c5a40a3410d936dd6f40000000c05a892e76eb79bf636f7529890d3d658fcfe3ebd91868591a479c583bd7db04536eb1b221e771932635b92b70bd669d0fced7d9a3e6edbed2cd7f82f91c4062	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d5a0622cc144d45aaa3b2daca6cf988000000000200000000001066000000010000200000008cbf1ae6bd087574f607487cfeeb6cec633d65c73901c67e607324cbe41261c9000000000e8000000002000020000000ea445025ed93f8e72ccd0a133cedbbe7407c997e3f25db4c619d0b47e902340c20000000695cd00846434f34e6da902878a8861da463f874a70b3bb7aa2c088beea7755840000000ce0c2575c4fbf04e666d396bfa0ea8759d7457ebf78b0e59b942ee79787c276802d9200acc5fefc67c9fca0a40682ffab4eb66c938e41dfd28849a8d31aeae84	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1736 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1736 iexplore.exe
1736 iexplore.exe
2976 IEXPLORE.EXE
2976 IEXPLORE.EXE
2976 IEXPLORE.EXE
2976 IEXPLORE.EXE

pid	process
1736	iexplore.exe

pid	process
1736	iexplore.exe
1736	iexplore.exe
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1736 wrote to memory of 2976	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 2976	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 2976	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 2976	1736	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\696a22adc949afcd1e7a4a2f71227f38_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c36eead408feabc75a4f29bb0f894e4

SHA1
991db50566dc083f1f37a5c0e0fddf394b11cb7e

SHA256
a23c7403ded0a15b75bc4845a890db767681e23dea3bcfafcfb8762b82cee6bc

SHA512
a5a1e02c8e0094a849f7a96c3d04240d8772a00127003f8892d47b447c7bf5e8bc203198ffe8ffbf1373638debf8c649f281c0d43fdc1959d7069e4db4f56ae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a7cbac213097910df54e26e14ce383d

SHA1
fc03f2e8e643a6f2063c28c416c4179ff9b42b0b

SHA256
b8b1551fba0653151c14b0a30867ef95272fb7b969770bebcb19dc137c09650e

SHA512
61f93b35e5b58693da465afe91698bda721c056d1a8aeb3d4cecd889d55f5a682b13888c1703f44aa40fc3aeb44d21f633855a1c0aaafede0bde65380b41d089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d924393b976c2c1ad79fe736cd1468d

SHA1
9be8bdbffa9c0f07bcbde83c479785fd3f7f0b11

SHA256
7aa10eafb1bb26fc9f31ebc7ca42fb9fb07ee48f2cf0453654be6c48f9de953e

SHA512
70a527d094981789bf343331e65283c2b8625b57fb5181c24bc5ea45458850829aa2d00db8d7af20800b9820179919fb8284fa4ae137c62b60a142e129729d22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ac1667a0dc52ac27edadfb90a2b5879

SHA1
9d43a5c0a817ac3990e68036ee561b068d96897b

SHA256
81ed833274917ea69d937f8b9a28e5a3d9d23c6fbbe3057b9564c8da80e9feb3

SHA512
583998e6f1cbd7f8736af40516afff6669996fad3797c958bdfcb2ff35e2225a8bf852ebf73cc3b629bda8a6dd2c1dd016b3ce6e3a095d64d2fe9901e3310d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9657f4520033ecd9af909443aedf4b92

SHA1
b92de76b3da533258eb8bbc71a5fc04098e4f599

SHA256
93457ac6072f650fa4285d99842264968613be26f33f8623f8e5e468835ba2eb

SHA512
bd5502aed1d164ad97554985a7461bb03c568892523af48b550eb6e2e08530f835792a81a210fffeeeb165836d63986c798fe5dc6c783477b730cf306ccb270c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79b40a07edc65cf948514e93905c64dd

SHA1
a9b2ffd8bb49430d2e38ba8b2b2c31a30664af78

SHA256
034048271f58d0cad6062d305d43ccad50a20109a8cf33edb0ce9eedc4eeaf9f

SHA512
8ea0edd3846a21b9c4b7843c03f0a77e22f13d755ddcdad0f8b8f45a716496424e4b0543924020e8309d114c05dbf034640f7b2aff8388b030ae20c792d2e217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f59fea0aa7e2682a289e257d4127e20c

SHA1
b56eaec30dd5f620a389b0e02e2486b53a503e32

SHA256
769e5e795086397344a73e6841043f883f4db304e115f2dead3394bb75d1126f

SHA512
0f65b2b15ca39174d38ac3147df941fa740af5294e556b7ad226eabb69b068343ccda208f5978480b5b2035a40e4924cf17c9d802184bdef58683c33540b5f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffccb037beb3980ab4be3235f7aaa896

SHA1
7c32eac4dde5f620709b0dee2ca740f45355c335

SHA256
4248fb3f6f9365e1b8054c9d04ec0d6573cf4163e59949547a8a1705ddb1056c

SHA512
872ab0672e8d8147e79c1356f5070f5ff35ca163cd799bc13efcfe5c4567ad97804cc7a60b0165ca8d4197ca50fdd28a51f9c67bfa17f580437b067349badc33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
139caeeff976bcbe80ade979cdff1155

SHA1
fbcaf8872c7d50e9de427e1c9af59dd36b7d6efb

SHA256
490883fbec3b41f96aa04f4798c99267755ce551990c22d22796d4f0f7ca35f4

SHA512
a6ecc02ac80759899a312118f46f095a3f56965f2bb6af364976ed202174dffdfa06490f984516d709003d0e4c27add292732681ba8f37108a183c64bb36feb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
049c63c455743054272081e9befca56e

SHA1
ca1c4bc302c1ab4593d38c117493ce00c0e6a475

SHA256
30488e4511c8905c7134d12a1020aaa4f94dffa35d7e87f427e0d512f7af905c

SHA512
06d91351573d70c5a291223a62933741416e6a11287978696056c75d28227c7e9b30b54dbe194293a154a2cef6239e047793708fa7012b2acafa7fecff51475f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73013d7e7ed543b86d009d6d56a93003

SHA1
756c7ebab0bc418bdb440aa5f75e2b6201142c41

SHA256
935ee18f5b2b5acbaaa8e351abc50649636128289024c78766e3d0e164ad39b9

SHA512
b7334f9aa4b3b11ed9ae98ec7027642dec616c5ef20285313b04fe3a2a53160a868290b2f40dd2682aecca4ae22f621234f4690f5a64c545986a01b1dee845df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c4ae72b498229e3a2da6b110d61bfa0

SHA1
4b7fd81a36c2173d237496c2932f019ac17b78d4

SHA256
72961c7ff19d6822e7ef10a9190c2f4ed3c2ccae18638d276f83e8d0b43e99aa

SHA512
4608719e36b60bbe3cab6b69a9f48a4f2e23d3a6ac8771f8f703cbc68554b13a60760fc8d27d7da3865640cdfabda28c64c2b8042338a6bbbca241172a8bd561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b41877a3790d4e47ec470beaba4793

SHA1
4b3f4e6e2624f332b8cc99953e17e1cf8c98fa12

SHA256
fb5f471347d7f681497ef00580a626c9bb6287f17aabeb52c23c9d3f2ae2ed1e

SHA512
c30c5db522020227691af4103b11078b86a3499871362598cce005348b94bc4b79d4a09949728513b6fd351987ad155b7e80003dbbed34c6529a1d390a73202c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35af6e7541d6234d727df589d84721cf

SHA1
3037a5af478a656b91be78d1913f6c5a6b0b1bd2

SHA256
336c3b134ea79a898d857a0189513d5897b7b3275bdfa5e23027dc03571f3912

SHA512
0a99656ee6da9c69f12d4189d07d3561ba21944de7d37fb4fa7a12ae48efab8bbc8382294d3ffbddb0ef3967dc661e0ad239a3b4d61df32a29650b84315a7aad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c838b86c017f4690d514821aa225ff26

SHA1
4b20688f01c3531e966d39f38fc8b7fc1f118c38

SHA256
4494fefb96212004c823e020e24cd2f29733d0cb595efc69f9f89552c664549b

SHA512
49086933be73b6d5a14b3903ce08749d358e3d083c9557a00416c8b5c853e79786b777c674c78de746f09f25e283d221402a0ab0839e35b39379f12147b28677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24fc038d59ddc3c78fe9d2fba9a091ca

SHA1
3f320e7bc2ebb443579229d5f397ac6710327978

SHA256
8ded7008b88c010cabb4b159179239ba60d6a2d7fe058d9f4e1edb7539498d5a

SHA512
71b0ec6f55418214e3f711ebad3997ba3c038e53554ae033dc77838027b3161b678a953a3d85bdd51cb528e06b299cd62e6d5599088804d8418b96753692bce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FDA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30BB.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit