d69fd65602aa5dffab3c3574583846a116c909a069c094c544e3a47316694405

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 11:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e59cca239f5a86bd1ff13de090ce21b_JaffaCakes118.html
Size

29KB
MD5

6e59cca239f5a86bd1ff13de090ce21b
SHA1

5dde32eadb28f556a549e017dbbf168fd4af4551
SHA256

d69fd65602aa5dffab3c3574583846a116c909a069c094c544e3a47316694405
SHA512

d339c287ebbb9f7413f03da8a7d49a2a90a4dd2ccbbfb72a62174dd6414632b9aa2ae5c0cbfaaa35128ce6cb81bfdaf55eff53304868c679fe9d18caedb4eb3c
SSDEEP

192:uWP2b5nZOnQjxn5Q/rnQieyNn8nQOkEntR5nQTbnRnQjMCuAbS+vgd6rL5R4s1oq:oQ/EAHKU+R4YO+X

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D182601-19C0-11EF-92B8-52226696DE45} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422711894"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2208	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2208	iexplore.exe
2208	iexplore.exe
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2576	2208	iexplore.exe	28
PID 2208 wrote to memory of 2576	2208	iexplore.exe	28
PID 2208 wrote to memory of 2576	2208	iexplore.exe	28
PID 2208 wrote to memory of 2576	2208	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e59cca239f5a86bd1ff13de090ce21b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2576

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6

89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

IEXPLORE.EXE

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b7ec7a1a292e6057aafe15283a27c44

SHA1
a787ec7d9ebf5818f0733026bef387641372ac6a

SHA256
f8fcebeaa95e2251204edce4412443a9f162d300e20def405758e7c2ffc4ca15

SHA512
4efaef3b5ef69694a7e7664a0befa6eccc05fd1781a15a7afd026fcce548e5c133a4acfbf47a66b34756da651e9210ab819adf4321136817281390a5b9c9c421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56e008b51b9d1af30f19ff9fe6caadf6

SHA1
1a3e4caf75e9fc85e83ee18ba5d12da1e3353fb6

SHA256
1ac0ae80a6cdc663870074672407da522309c35f984dbc9f86d7afee3d8db257

SHA512
f33cce8f56a1f535a220a66c9fe0fd4282c6f23c9307b09597cdf1429f86383b0809b80727c8eb948391234d6d6b9d3c66f7767e8e9979625fb3dafcf065765b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab44900f4e4b4cd779f88461f2f24d4

SHA1
0ad4f01a390c748267c0274ce1b196718588f72a

SHA256
5b72ffa2440c5019033d08c9ed4ed434591d98993e8d88c4140096199db14b1c

SHA512
5ab24097578fc4baf7c26cd3f002d194a096148b90ad800387000460ce6e9753bd018a64e56382b98b3c9323cb1ba8dcb083f9666c0952b8ba77b5147178fd76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af6ad0e3c4dab626f6f36b32a63e913d

SHA1
1664d8d19d8c96fbfee795318da47c20c4bdc35f

SHA256
3a69b412f4a007ad94c9be49beed908ebcfcb1ceadad98efbe9873e6441e8687

SHA512
92e2f464196ecf7e649cdd630993b4a426dc35f0510ad565fbc91f5425b76845e71ea0f337e8e5e8fa3598e2cb59ef9710cea938751fe95b7520cdac51284336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f9131c4beaf87025c19f17451fe090f

SHA1
62a8a1ef4696b196636de72eb515cebd98264b3b

SHA256
da72a183bbb647e46e7a9218b08c309dfb7ae8b8daf22ae4042759c3a80260fe

SHA512
2921d8609f4e7043519ee0b2de16bdf14492a6cbf848e0cfa2cd0586f05c43d4e081a1bd3d867db7c40d372bbcc8f4f32ce61404d0b878403e21ed3543c1f9ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
247b0939be943f8c50a41b175234acaa

SHA1
87d794437171058a3f45b7ab7b62ef45914be7e0

SHA256
2f0b6b4e5c801d89a263266a2017e4980d9b02a413cc8a76c45794ccf6f71411

SHA512
c842ab47722356a4d62b284fb7e0a5ccfe566a3166570686c8dcfd6a2ed5214a655cb0746e3981449a94634a2a098d238f22f962bb3df640e6487775d8dc2808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cea60de337b96010cb6bb7829217d13

SHA1
ed91582dfb27700a8399b761af00767da2dc7764

SHA256
8c233b15e8bcd7dfb7a1997fbbdb97d8f95107da72b27dfec3b7d2b4b07a0481

SHA512
03cbbe8b8a2730db44782099afc3e8eb1a7f2d4495ee759cfc9b155dd03086f6f684a2151ab4d9011b12f17bcb02badab3c07018560d610646dad692f13a933d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e44efee38145b6b7092d4f081e81e0e

SHA1
7298a640bd7733fbcbf64c919a6585ce28819918

SHA256
86962bba284b0024386fa2c593b9397dc78d186dc5c282e7d87a5d8619562b8f

SHA512
9bc0020f851adb02c760ef682471311f61aa073b55ae835e1b6dfb3f4cd53f51c7f5b59f6444bb68eaaa8110c5eddfdc2dba5c18779cc178026945c1096af0a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6cb520a7901ce1822bf846206e423c1

SHA1
741675b352a128eee4c4dfe68cd0d2176626c1c3

SHA256
e299def33268fe16e8a5deb21da467efe8b52075e2b27744bd1eec8176b057b8

SHA512
4a27a6d3342672e58c6331f3f4a585564af40d0965487bca4c53b7c38fe233584ec6e80794b50309c185cf9e2faff598c589186265d28dd65cd28459e602c6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B8E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C7F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit