ea182bea435d7658f1a6cad3afbecce9fcae6ab8cc0fcfc69d1c80e09671f424

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71024eb0a30d6d59cb443b7507cabb02_JaffaCakes118.html
Size

23KB
MD5

71024eb0a30d6d59cb443b7507cabb02
SHA1

a5a1c2780a41f896ee16c05cdc4f32f2a700db93
SHA256

ea182bea435d7658f1a6cad3afbecce9fcae6ab8cc0fcfc69d1c80e09671f424
SHA512

25a56af5314c64e499f61cb09b659e0bc3cc4b90377bdddf98d1186a26775bc3f1f6e3cf92cfee765bc3e986287b99b908312220997ef3e231064d9664a298e3
SSDEEP

384:S3eXRKReCw5OrIvNH8LWwPpnP29CRdJrsimhtu3QrPH+P84AYt5TcGrN1jZQijsf:S3eXRKReCw5OrIvNH8LWwPpnP29CRdJE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d5e731cddeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000e592162333305cc2babf17b17542b93627d273998486985d469d29c5f4e682ef000000000e800000000200002000000014d8ab7841557c52fd4e401d25d89e910792d58f9253b87f66cd0c9c950d90039000000087b37c29593a11ff1a22475ab92be44875757f1cc0ae874816e6319c9a9473a293278b6defd523ba4a44310266633d06fad025cd1051ff74e2a10de4be022596ff88e72ed618ea04c5e5e9f63848bb8783fd4becd9fb2788cb9cd07cccea04925a8e2060a05bf829c2d98bdb092343c55de05b7eb3eb8b7efb4e06da96c7227fa546ba647756568a9e67830a9007fa394000000057ccb8c5def53274d2870c398211a7fcb9735d531e9f583eaa2712d5cf3042711cf3e03a749703c49956df68ae91c83a137676c85ce84146cf60991955203f8b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D6689C1-4AC0-11EF-9749-F6314D1D8E10} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000003c0f301747ba49f0f8a6113e9fd183c4496ae4867d8f92560ad20b829306118b000000000e80000000020000200000007fa2dfdf2673c30a54fe46b64229a4cc40d4fbef4d7aec51572f0cc8ea8ceb2820000000770d840e3a58953eaf5c9acb3703e654e37114ffd0a4f4fb015b4e4b9070ca0c40000000e19e0d5c2f0754f446689864f285f260247510f26230a6b25ba74b3b34b1bdd010634bd1d1b853d2f9a793621607c7f5064d416a930ef749ed041ca130a1e0c4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428099421"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1952	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1952	iexplore.exe
1952	iexplore.exe
1352	IEXPLORE.EXE
1352	IEXPLORE.EXE
1352	IEXPLORE.EXE
1352	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1352	1952	iexplore.exe	30
PID 1952 wrote to memory of 1352	1952	iexplore.exe	30
PID 1952 wrote to memory of 1352	1952	iexplore.exe	30
PID 1952 wrote to memory of 1352	1952	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\71024eb0a30d6d59cb443b7507cabb02_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ffc0d5a874f5ac095abdbf45e5e366

SHA1
4f8a2be4592542fdd31037113d29687bb4df2c4c

SHA256
9bd9287403dd88b1dab729c1d160a8bb5a8f1057722c17e6ad39883513e49f85

SHA512
32ade84703f7e978f1d6fd68608a33a3d38dc3871e5c5781b6ddf261594280edc30beb6b5b1082d77d5517ce092dd192848c495e2bad9b7a04f6ffd4aa18189b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
434376e35bd883034b7f059825bbea91

SHA1
c87e09b794488995d845938e31f0baa5749b9b4e

SHA256
fee6688209a6b78b4eccee176ba0b949b8382e0fea194f55e869e366f2a0f6ff

SHA512
2460e63c56cb5438c39d6c3af7f97987191e218c85c40da91062b683a7fd59c2b6886b1f14f14577e072a7064b2bde7e741cb78880cbe6b8b1fcef00928f3364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c4bed7183119600770d7ec406844e8d

SHA1
18e2452d28b34701fdef56900a2ff51af1810315

SHA256
6684097317f2fb79d7f64b42ef8843b52702642ef7aed82f3049e0a4f4ea0e7f

SHA512
27aced8c0ebe55a9bc7892e32d3ae4c4dec7abc162f9787238c09b892f35977eee8583f3f82e642f4041c0af3fb6e211df3d6d363a37ef2578a187c215c9b6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65cac090601724acd43f603dfd4568f7

SHA1
0278299dcecce15fa14cdf935f3d139e900b0182

SHA256
5c175968bb86b3976efc62e31f6499a552bf0f88958873262330448bc480badb

SHA512
518e89895454f0cf64bbb01a34e1de8752cd0811b22c2442d3994e845dcbc654eb267b6ba812f9471dd030e30adcbc7ca883a81081a5d714ab1a17d16f91794d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3930c0dce6679a6c955d5e995b949229

SHA1
30917528b7cdd44399fb506ef759bef46e4b4db3

SHA256
3b8d6b8830d2668f5305bd885bd2080ae38c95e4b1becce50ae685c03042d7bb

SHA512
f022ac6dfa78e354cb46e523f588eb7d6ec40b7f7691885352e1c538dc87b4946d1790378c98f80ea6fb43b3e17e501f37bf08691f70f3f404c96558b2bcccf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f184f60bac047fdffc511ea942a3ec7

SHA1
2745ac47faebd9c7d6d6cafaa57bbac8c83f13b0

SHA256
4982d68f18a62d3bc1227d6afd30b1d2a5c286c8de5966e4c20743289650e7db

SHA512
0e6019f70479f42db9c1658d5c5518aced9c7e33f09fd729d61fac6539aed6ca46699c5c02546d4a021aa289f896b2aff48489e8d950eba2ec91fdde46f34242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
affceb479eb55132f3db50b7f2937dd1

SHA1
c7900c003e4e88739dd74aafe976573e5a206eee

SHA256
147422a89000028b9e01246d0e6351fc08cf78e7cd0f9da98d7da3469017c926

SHA512
48f019f0cb078afb914e15f50f8aef75270e482a6eb2be211f22b21aff070813e3a4d798cf6319175876b863d918a8f15e8ba10016b637477f6f9bd9c7f4ff0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da10055823501fdb33efc50a41e30eee

SHA1
a8691c38f71ec76601141f061b8c634b2c4eb898

SHA256
13f433a631023937d801cd3ac6e37b92190d19492a2ba7cf53678f45edf123ea

SHA512
2b9bd581c71a0e6ca535f53628fbd4d98d073ca30cd6fd8118c12d3a39f999f264e5d80f91a53efb8a24fce58a48f404c7ac71e57707ae93d0806b7b3b88857c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72c81514239a9d78efaf0bf0400da8f5

SHA1
65349aba3a32474aba57cfc1deeff99285c4671a

SHA256
51d82624e8810213410a982443157ac1675564376d9d3a107434b869d35b4769

SHA512
90296ccef776969a43b95cf792a4b13479e56308b6ae9aa71d16f269294bd9846c772d42f87cbffda80f5b13f2fff142b138fe608630fa325950908436a23cf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
929f64ce56b42fa1101e5c3117ea8e86

SHA1
6e06430d108f1016aa00731dd87d1229c514aaf2

SHA256
42e091b30921078605bdca39dfafb69f25068a3e38a94669061da228c30f5811

SHA512
07fbdaad683978dbabcacb920c4b13e7a0396c3ffcc929bb5ce01f571d770562de845defa219ece971a5829a4c94af54129bac649ebd532f519acfed71b4ea75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dee278425704881c16f438fe41d16293

SHA1
5cfea9e786fc217778ddfd4c32b67aa6e5637849

SHA256
1bd183953db841060cfee776f5c6b28e42c06bc8d6eaa4ae23b36832492a0637

SHA512
d8c78244bd8983d2b3c91aab639cf303532e1170551e8a7a9f7bbdcdfc37b1c48dfe85b8d9a49252e7fcda36c7e8ebf5f8adf7c2162218074590a51601adfd0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9f9dac568cb28e6cbb29497089284d7

SHA1
30367dbf3d48fbcd77cf8039e4399f8bcaa16154

SHA256
2208adfe5ee92f2163d1603366788aad0cfdcb94bd1cab451bc607fb6ba1eec1

SHA512
108b00706e973bf2ee379795ddba66fc20b06d5cdfb8e523826e79a45b762f61b8e2eedd73742db3b7af8b991f38d71beccec14aa1327baad7afb70a1a633b02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d5dce0a6f43217cf0cbaa1026bbe605

SHA1
eaaf888324d057e4d5db8df32474784dcd1a6431

SHA256
4b8c9727199c95747cccad1e3f5ee100e49b5428cd1ac333adbb3bee13a09fdc

SHA512
8019fb8ad1ca1964b94b00f3d40773ed44b59d46de5aea38eebf3e4fa7381d38760eb32175326082dcd68f2f5bfe17e158df1c782f8956843a11889715de3945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
274afd338dced1769388b9f0b0da4a36

SHA1
ae18d101181e8bbaf4d12f05ee8ab245831f80f1

SHA256
325b053942df018b7bf27563bb576d68230f2ef1a495c594f1cf243638e5a5fd

SHA512
c2f89dbf0e7c43181841c585abd7726b0220e2d9b6d339bf0864076a4f8d67a3236e7681b2fc0aee75b2100ac4560da546fb94323245a66542a39d9ee70ed894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61d55b20fea1122f53ce1738d24f6614

SHA1
5f97c0d37e8e280715ca2b792bbfeea339f9062b

SHA256
6ba23d8e33478e8a26e7e53ac369b3765c5dea1561a95f7937b8f059d9fe2da0

SHA512
f4bcd84d1d183fde54e9bcf5944a6c34c060e21a8c8e0651fbd1e2254425afc42c9ada2374da9ecc75dacf31f14b381f7b156a93bad88fcfde065ec92431e0bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0cc1a220743ce0f2013ebe3520c3e6f

SHA1
7135813522a5f5711fef6657c3c09f27b7e84ebc

SHA256
94d3a343b6fa529abd52a84b2cab2c5c766f13f6ce489ce39ab6eb0c9c4ee232

SHA512
5fde7dd4686a498a5e57e3a612c98b54320fa7f59926c508bb240c78ed052a348cffce8b6b1c514cdfd723677de3673f600c9849455438552b3cab86b517e22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5429c9568f28d5750042fe37d92b75f0

SHA1
7cea34aaff89f4d9dded55ca96fa71011f23d598

SHA256
93f8fe81b8e06292aeeae9dd53039f450a378c74d7700740d979ad2277f01b4e

SHA512
57475e0a37cefd15019c06531090fb8a1f2b195cc2470b9f9657fea0bdc45eb535a9c6e763ff010702c2d3ed5b6df226cbd0bd7c314b283a2f25ea34c36f0cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D88.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E38.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit