3d1bca8374283c917945d919e01fa00906bf6fcac0db9a15844cd79004698827

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89a2fe10cc84c2abcf0259b9029bcf43_JaffaCakes118.html
Size

8KB
MD5

89a2fe10cc84c2abcf0259b9029bcf43
SHA1

b89baafe488a0f688a987871d46ffad3770858eb
SHA256

3d1bca8374283c917945d919e01fa00906bf6fcac0db9a15844cd79004698827
SHA512

c05f40d00b142db3e7148b35f68226472e1db7adfc43bc8c4fc93c9417900e51ac20aab943be43d07c32e38ecd2b7a04b0c0444f8ad15f9e75db34657b57840f
SSDEEP

96:cRswTT601iZr8iZp8i2itjP/IRHZDBF/vqbt1YDDZh:gpTmwndD6/IRR/vqbt1YDDZh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429525815"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000006d9a51ad51c171850adb7aa85e932ac47fb8fb0ba344bb684368594288ff6600000000000e8000000002000020000000f56cd1e37baa5840f305247b6e0b9f5ed8f83b439e93a5c51a1ab1d4473a552890000000007efdd8f771e5ee85051c3726ffb7302ce9bb3832baf0aa3c7f0911d8f0cdd6977669bc60ac145cff2a1419678f92c7ebed7ca2995310db5e7a68adf068a5e37071b3669482ad7df9aa971a9150fdd6e468f054b9877e3da1c5a11a7165ec50d16c53799cec8da61feb2f706adfd5470b7a66fcefc4c8ed3acf23b79d55e3137d2e0959c054cc13f3b3cdb364216d2f4000000047fd620f386a2b628d937bb89831f2ec4e64201d15ed34a1ee489ef17b1f5197e4b16d30aecfc263357cbaa5c6bdaac6e22a0080e8aa8a9c9c349242a91fcf13	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000080c988c4864be9a0347eabc66bf544b3bcfcbfccad532010cdf516a1dc6d9d54000000000e8000000002000020000000fb32a76ba68cd92145169ccca25fcbb994cfeb0149114b77096a5fe1962ef5ae2000000031ac135505f1a007528d1d481dfb7f8d358e37e46e1c576f8225524e346b199840000000bf45fc771ceff62789578c7a28fd95fc89186ea0728b6cc4db9ea1a8ecafcc6ae01884687cea7ad5d09969c73690321813fa57de4724646bc5e145ba86f55704	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{727E12F1-57B9-11EF-884B-46FE39DD2993} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07d2a47c6ebda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
668	iexplore.exe
668	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 2772	668	iexplore.exe	30
PID 668 wrote to memory of 2772	668	iexplore.exe	30
PID 668 wrote to memory of 2772	668	iexplore.exe	30
PID 668 wrote to memory of 2772	668	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89a2fe10cc84c2abcf0259b9029bcf43_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50cd769e221e7dd6d41e364f8a9f0e76

SHA1
353175d4ffc7785ec21644b83ff5882239759951

SHA256
89e216ac2c8811ac27983ae3130a69d2ee65d91ac88052ad322ae542ec8fa4f4

SHA512
876c8e412afaa231ca65c04e1864438fe64b7b1dec59bf8b55b53123f33750701c2c49909ad80db0709a8a8213cc31753336c6b919f3f4500cfff88a94cf9993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
beae29a385342b0066a7eba40cbfd4f2

SHA1
765bfcb189f47a36ebe08f1562086659a6eedc31

SHA256
49404b9197a940364f4a9875e5f66ef05c36e88b4bd1341d8da995c13629c93c

SHA512
3554d137aa3a016bbf8308149f823a04a5ff77774d3a9488a2895f6db08bb146698d2b2c08dfb54ff6716e29a19f37674cb672a8e239f869952ee55703f440ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e39b1711bce92f1f38ba2e931c0757a

SHA1
75dd323de7d5161076bfb8391d430759ca7f5189

SHA256
6474bec30c9a23576db35934f6916a2a0c6de3d27cfd4146e32496a1fe0e5dbb

SHA512
3651a7497fc5e7ef739d53a5613f076fab6bc5ec8e25a9e92cf2c93e5a67babdb2f0c77f32f871378308a2d880a3f0627c77133c85c139b3af758a83d77c7eda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8770f41cea151025972d909dcbdbdb59

SHA1
e84a7b73843a89464a65c7704c2629a0ab9baf61

SHA256
f9c5c024424236ef2a8664bc854ff02ad56e4d8e34f8b502edde08e940744420

SHA512
c8d5501fab8d35aea78df010dce5ba52e9e7c3da25558e7194d37eae06b6c97e9a0b3f2aebb405861020b995ebe1dc1c5a7c59d390ceba27d083c0894ad1e289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4b559c8da550084b3b7f12cee92826e

SHA1
052d8e3794f2ff64fcf44c601a3f9f378ae35fd5

SHA256
7d57a4e1848033659400c93d51f1029045691fc6fd570608b48618519d2b0ae0

SHA512
cb060b559a29dafeb6d7eaa43f4291d66a3c19a907489184a8b62fe72d5e2ffca6c267c2f58755862aadf9fbc71d630c35a78806517e65ed2aa8588d1bbb919d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc0728b277749195dc11e5d5c4106e2f

SHA1
cd28d2896bb930b3659aa51f99f6cd73b6c816e5

SHA256
c10505809dc45f4a17b504f28c4b52ee181596530b43d11d434e4caf9b594477

SHA512
33718fc25ed00731df1895c73465cce515fed13bbbe907e994a598ebf595e3e6b01f8e8aa992021b149087a9d5e215e0d0f3d169135417a943a5b43a4d8deeca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44478fe53884159372088fbf085f9dab

SHA1
7eb5eb0aabd33c175ff86f095a7ba98da0e5faf3

SHA256
bdcf350a134f2c52389e469561a82933b243a8c62f428896490dba382f31c24e

SHA512
d22ff2be52f55a9f86d0979826ef9fcef2572651e95c13d616c850013e978ba9f55f881e2f4892021f4f9efff6aa118ffbe33bdde0ff859782180747322551d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e56bd3f58a9967b8c61ab3e847e3224

SHA1
d6dae0d77cd47639f37f6b624137b5edc0ef06c7

SHA256
7075d0b3c4ca51c35cbfa3d3df94a1621d4bfaf3097c92d1fff60871797f0b07

SHA512
c71d52b9bb0e40896f2e303fe95588aa360a0839e1386b948c77894bb71cbd77b5a354dd421c9f1fc144277a6775dd786e288106e34bd540948f1794f80ba742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10479f002142701b4e0bf32ce511894e

SHA1
3e0645c0d5a5e96187e597f70487042456f1c74b

SHA256
5d59f483e998bb198d76bbc364dbfe610e105531d70b8ecc1bd37a2822eea6fe

SHA512
10320f626c5a838065d30014cfbba1ad784cbfed54cd644f8b0dd6f3481184d9bb0a43b4dc0a3f022f82f5c5c66283403eebecf037bc5344846df9ed37f47c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cae2ecb7cb5d82bed2df17b92ff5000

SHA1
05f0f4f39583b7cbb227d86282e26524a0027c58

SHA256
279a2335cccb9b7a8aa93a8215a3dd8158000bc976ec5686b4d3ca239568facc

SHA512
7330de7aa2922e952e178de8b648b4ae46df6ac2565185db0cf0a4723d05c2bdd066ee2e8a8ceb8f917a38e03e4c44e41e322918ba5617ccc7ce0c94e10ef109

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71be2f4f4354db514aa8b6ba85a0f7f1

SHA1
77a516cd584d9546c217ad9d346ea1327a743f7a

SHA256
dc3e5d25be286070bc8b5c1580cafefcca6cfafe4b36653f918529047995878b

SHA512
fdf4086765a4523e4a8cface6cb72ed491bd943d1eb2a9317a0acdd12cec8b595c2c36a6aed2c12e251ff79faa99cc050926b4b9f775f5b4238c2ef05de59798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbb95652a54010685ad8659bae4dcd6d

SHA1
5d7b0ea8faf2d58c747dd541bfd292ee0c28163c

SHA256
c29d3409a6db86bc7e37d3dab1320408b2d615f23529a7a92d53b977b9be1ba2

SHA512
9c748be458c084b33ca4e5fcb429b0b089b4f8b5a3303370c50725f0eb1a2b93bb724314bba95016151036b598e077a15a088b29758f704cd4aa34ad2238e1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4222f3f045696dda01125b72ec17c438

SHA1
7473120fa22e0e76004590237429e6f32ca1e2f8

SHA256
fce29d70f0db44c280cb7dd9ad5b39be8be282f2c3233fbeb2ac477c8f1650fd

SHA512
db95a507514c67a6b6fa989db84a9fc5554e6122cc82a802cabca916ee7277f4ffe10a45fa165af2934066962313829b427414f89aba95db1e381d460e808b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21acd557d9570bc699a3778adc53dd7a

SHA1
ee8df33c779729a621725edb92dafebd5175109b

SHA256
9410ce80611b3145fed4dfdad2ade45b1a4efee38a506d0a8fd640aff4fb1d3b

SHA512
7dd4f2cb9ab16a5c17780bdd0b7524222e86440d7b8a0ee2128a00e8efd8585a7719ed14aed69f40a5da7f449376f25d231f30f8e89bc87656db94ef988b0a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
492533b47140ebba96b5a839b78d3ab2

SHA1
e87c140baef52cf60861a01676be0416213e94f4

SHA256
29941880fec4a07be5faefa7a4d0e7cea045f5de4072d95fddaa005b27d15dbe

SHA512
7026054a0be6d885970fcfd1281a5c1286ad1bb66cdea1a6b23f83bb1fc586d34ca063e0b0eaa3e326258f92c54329a247a66376970867e4e3b04dc0b634e078

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
427c2bc8d380b9d5a51208181418f1a2

SHA1
a505175f7c60676399450e51b53754f117ca0238

SHA256
90657760220108fbd9519fbe638b164f98fef9919ee21a9793da52b05c4781ee

SHA512
a7b12c7c4eb8815e0f964e35f3c96991bf1ba8c6a39fdb929e8b39de2ce950692475e79736bf0739cc4d29e4bfc4e98d8f358dd41e17ba4e87e0165394712455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a09f160202d0a07eac016c59085e479

SHA1
e6c36d0df4dafce968239721ee88830da36c3d35

SHA256
5295b75c87987b5d0c813ca3ae083deeb303b40e8c8476a183d2d4c6f89b19d9

SHA512
4f8702ef523f376214ffafc5fc70230539e0ee35aea874179b27b0ab3e698b7d3f221b87f1b8242f5d3abf36b4c3537178865bab9753825fc4e4056f25c1bed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab657A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6619.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit