ab1cf92c2844198dad3ec5c0670f1324a31fc80f160708c5077742d8f79bd2f6

Analysis

max time kernel
138s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf476f741acb5d736d063cbbe732056c_JaffaCakes118.html
Size

349KB
MD5

bf476f741acb5d736d063cbbe732056c
SHA1

0e9fe22e833a39972561183b2a06aa4915b5ddcb
SHA256

ab1cf92c2844198dad3ec5c0670f1324a31fc80f160708c5077742d8f79bd2f6
SHA512

ba1c12b6de3ca22b520d6feca6307719720bf9925db71fc222fcffd86c9bfc28f9d2eca010663407dabc6e3e2d2d1035927c52ba4f7407c4f349cf3e177a679b
SSDEEP

6144:SSsMYod+X3oI+YfTsMYod+X3oI+YAsMYod+X3oI+YQ:b5d+X3Z5d+X3Y5d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000052db3efd4e377078d70e2d818cfde220d55212cfcf67c59fcee704b9e6f60882000000000e80000000020000200000008f4a2738f823d60edcb07720909154a2e8ef99cf4f07f73b281b30fd6bb191789000000074a5bf5d296382e1afe7ebbfbd825a8d334d0a50640a4f24c18b4e2d9329b90ce571b40a5b7a325027234c56950526f1b6ef5d18b0cb4267f50e7e95ff8452335dce68ae14aaadba9ec32a160ab7240ebeaaad345f022ced934c28e880e9f5f50a5e9ed1187fe4ab110148c22e03852c3856720894b0a620369e23a1a6743996dde497a86ddfb7dca59e4a36afb2a8584000000097e270e061a57e4f65a273efea02bea06b27801a53c5718032d81ded5a75b9f37a6a67561bc4645ef95cc6cd3b6c876ac47c405afd8b34c28334a2671179b764	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000026fee5142d4bd25a4f080317e6d7aac9260d72852943eee71f1a1a50a4a385d6000000000e80000000020000200000008147cea43678b2b4b7879bca1e867f82176946892740343873fd9035980f04d320000000237fd677c9a2175ed9edec7918ff0962b8f24fc0b913d6e48afe467407f9cc7a40000000dd75508cbcd3f6f17b90ecf84485528627a7ba985ed991a1c039b9f0b6904b13fa044a0d37d841b7ed5cb396fe67d25d9d6e858cfb8354f2c1e524a860318f47	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{068DB531-6251-11EF-AD83-5E6560CBCC6E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430690430"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ba751b5ef6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2432	2440	iexplore.exe	30
PID 2440 wrote to memory of 2432	2440	iexplore.exe	30
PID 2440 wrote to memory of 2432	2440	iexplore.exe	30
PID 2440 wrote to memory of 2432	2440	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf476f741acb5d736d063cbbe732056c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9021a8ebef5155161e246cb872410fe7

SHA1
b5d0a876ae4ba8c7a5a7af7500915116db83e1ab

SHA256
52385b0872217f755b6722903ebe04a351e8c37733d31946b848678ab48f28f3

SHA512
7e57d1fd2ae391925a59dad647ec19b4539805752b18a099c4a0f0b247dc4730f7c3b11796cd244341f584d3bc9e86c7a1f4a3fe829e887e8abf94e7c455f79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
061e595499f39f9073c33d83443a88af

SHA1
e13ca53028181e325415092a579d8e3b6d2ae4b9

SHA256
c7846be6d3d3f0d597c15568e40711ba3edc2eb5756e69b8b0dfbe128df28196

SHA512
10f512e9c3b0b3412d80f4cc2b96c1aea30103cde9f2e282f35cccc8e039617afc117459859b29186e3c3d024c4b2c8ba2dd57239ba6066eea4cc871aa64bf60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
812492fafd0b127745824b5096095289

SHA1
a4bd16e34acbbf5f5918136e002533f2ae5af359

SHA256
f7c8baf46e630245de21c927d28c916b6ea8677a079df309662b3238b0e42de0

SHA512
f1dc301eb3233cb77d3bbcb1a8568022152a7ca28e9f52b3b842ccd26198e281f6b2f7038d5f87b7d8fdf9944ad26b61621841c53e1b70849b567386de8d79fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20123204bcce1401952c4044462f3575

SHA1
c5872709e9f71765b7b8cda0a0d704b871127fb2

SHA256
78971db0725a4865a266755f1d74f1a7514696856b3f62771fcd335c79faef76

SHA512
b810075e3388ec6b0b532652cd28cdc9df301d5173a24f1ad5c6781d1b024d03b46f607fcc01bbd5a4ea1885e5d09e665fbdc32005401b920ca34bb056390fa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fada02be12d5e99420c07a5b3160effc

SHA1
a0dc87fdcafadd4e1e0340c240dfab18116105fa

SHA256
e9ad7cf05d60614efd958692df29b0078964c9802a29706bce7ad458cf715630

SHA512
780c947c49d5e4faee2681a63c84d4e88f19ff0864c4296d340923f8a29b88927b93b48149c8fb762b6745ff9a2b1673bf579ef0ccfafbaff60a537fd3c84651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5e336f66b8b815cef3c254997d1ed5e

SHA1
bcb0d070e85aad5402406f2f5738262785391be9

SHA256
d4a94cec95a6958a8a1cdf1bc0cc25ef2319368e1fb22381f120348cb29f37e4

SHA512
1793403610992181a4e527b9d5244619f66e08d5633028d6279dfc11d37848ccc3ba18f252f1d55d35d0e58c0b06a9bb2de58df1921ce15916026e454b9df5e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2f9096000dbf9de976998da9c42b2fe

SHA1
220f45000b1328f52de9e2cc629266391283cb08

SHA256
c0e7e50d85e2407478e9cd7bb8e33fd1d8f0a5607ee26a73a31ed066d7acf27f

SHA512
c7823311f84d4a8eba35cb19da226b9723c3e820515e9d749a460c0e32c837082a6bbee5decee1768c3bcec3c5a99ebbe78442e4667e0128204654f3ca53b49d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4e007a5e95faf58b667f1f03bbdc4b4

SHA1
f3a669b6a3976abbc01d89cc8363ecb978f1034c

SHA256
144be2ce45b12fefb22c010554447c931ea3b635395b12c0f94689abeb7ac769

SHA512
3370c3acd91b431331db4427698a576fc00fbe62e476b66804ece47e2ca5aa76822299abbd22169c175deadcac796be0902553476a5d138d24710a64a5f57afb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9db0831433d8670bb12a75c0d5577d7

SHA1
d5aad152cd021ee244a96f1957f7bd66384bc8cc

SHA256
1853beaf1d7af126fa1f4755cb0ef6a6b9122d7d15bdcae226af98d7eccc8efc

SHA512
4a2c4dc99a2f0ea996eecf41a1bd6946e0894325ac8618235918a30be211ec920ba4eb4a6335eb5530b177333867e5eacb7452f27afef3d9e49b9144b3ae7663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2efa3e248533f5247471ed7c1dfb34d

SHA1
f2399d0cab8c054572d75609e88fd2e1c4aae3f9

SHA256
668d52275a75513b5c31bd3702222465f031aa0d57988306fc036403eaae8470

SHA512
ec43481a4c8afe957c45fe592bf8418ee481a7bdf4e64f8114ccb115a00e6118f4db8af1df0afc7d50311cd545b68033140340b65aa27b95669e38b495a8facc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2b20dbca23468b3578e6918800930f9

SHA1
8591f8c013272cc9de70bccc2fed7b5723428699

SHA256
b0712722d688a70ca04232b17dee936d738d5df49316e276ac8f0710f311278b

SHA512
5d7fac0f4d7cdcb3034e0bb83ccdcc9b48fcc3a8dcdb996dafc2cf7cc2a3ef66c77d7629aeaf2def6530cc61ba70cac49faa81635d113cce820fd006af1a353a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38a6fbcb01c46390d4f857265c190399

SHA1
6c92d1973bc6310a79016ba9d426d396654e088e

SHA256
f20a948d81e041723b130b63a01039658c4458ad6247f73a5c220ae91c316ce5

SHA512
be5c6cf835150d06a92dac85a1ccea0b18a292f8aa469cfff8247c13589a03bdd3ae6d348cf867af7aab1dbca3e0b1532678dba48e341213cd3731efbfcbdf98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed678c256a3c4ebdc9b60cab70c1e3af

SHA1
31f6b83e556ffd893b4b604181acab2bed63e060

SHA256
04446e7d5ee789d55839c223311201611ccbc6d46642c5b6c1a60a08ade2fd53

SHA512
a0316db6401e6a1ee430cf26caa4f594ad3660815467472d7ac4e69a057245e1dc5129ae718383ccce7f6a56014f11b64dc5887c27c46d81288f88b9f3a959af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e02b20c37007c0ff7e42d3d1226bfc9b

SHA1
ea441b70a6b7522d5a1e1eac766d282be3497a65

SHA256
7899f40eeed0a0dad10babeb202c28191614ab6e0432d382f8896be1050112eb

SHA512
11985316e8f1a70deb5a993964b9610fb9bda4bf805150e8cd0d5124cab6caaf0cb8a025ec284b377db530c3fe41b7032be9bc92382a089dbadb4c5c5d33d1ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17520978333ef4a9495bb9af972f8c5e

SHA1
a67ffce842303265b6380b1e59057f378e680105

SHA256
f218b80ca19abb56ee50bfbd60b712684bce6026d72213eb214554fd9c28aa5c

SHA512
47165b6b4bb5323aa79136c1ab87dc545ec8ac8a9280bcf029c1545f48dcf31be66ba379caec00ffc60f24b5465da0e41cef0853cb4b4f07f41bf82b8f10044e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88561d23497d4e2d070fef2e5d00d5dc

SHA1
c7be65b51007d38a34737015ece75d54f27506da

SHA256
8e12bf51d36baa95d67d6d4100138a04be6fa0c056873123f554235de2bcd235

SHA512
2180407e42b087845f129b9dd15617eb5884b8741deef97c48e2440629c78a669c3c31cbc3e4c1e0953221102b16d39894f7bb8bc441c3966738c01aff748569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39151a15d16a646c4f1e8222215a3c7c

SHA1
64eb8ded599979526b02339681a1324f17f772a5

SHA256
7cf2d386e607f99a7deb4b790cec040ec31a6d2a75ad11a67c07f2f0a3d91397

SHA512
c27c4032ccdc3d44f9da578f1abc24d2b97e492e12d5255a0cf73be3ddec111aecc91eaf2027366394600ad8053eaa68331d257b035b0a926ff2352dd6a0a98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB654.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB705.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit