c4e03ce6a1924d231491edb84928cc5ad5257d5a43f5efb37bd331d9ae6b3bd4

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9622bace1372ca3a5a7d4014df4c742_JaffaCakes118.html
Size

828B
MD5

c9622bace1372ca3a5a7d4014df4c742
SHA1

c327e030bfa49a7e48ce1f9e7a39c2fc36149c47
SHA256

c4e03ce6a1924d231491edb84928cc5ad5257d5a43f5efb37bd331d9ae6b3bd4
SHA512

f63f2bf61de227a918b94e235dac77f84140f891fd79912cc8f2015d341dc72624d8c57f86cbf8e26255c487dbb861eac5708c998da1cb5166d323b9c5501c64

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000002a2a1235bac9e84b61fe107d760fd8a6269a8ebe68c28ad0e60c433ca28aab35000000000e800000000200002000000087f1b702ec5bd013573eee13242cf1caa0bd7a5322db86bb272a5c6b2090674920000000e5122af4ddb46f1ade3552ed3b0c099fcca0d1bb61a6db42131589f0a411a8bb400000006e268dafbfc68dab0a8653eec7b1c0d4b4427a0f02796c25e323ecb3dc774055ba4b8480be446454fbb6870015f3ee8dcc3910e2db1532ba57bb8477d5cd996b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000049088b62616a029a8f61a80ef23b94da29b082f5979272754f26349023130d9b000000000e800000000200002000000060cc3d91e86b7784f99823239379fc8078dfb1d31a89d27e3b4e5d01c39e6dbd90000000dc7c40632b4f8ed1e1b5629f604c504eb8365baab47ef558bd328270a7c5eae7e01e1953daf05277e6bb1503f524f85e1aff1815361675867c6ddcc09692de51a0886bfd4af85d4b3d8e29174a05089428b668d5230eaa2696dc9434eb2c7f9431c0ae127559af9e75c815170d8dc16ad06a3a853454e9e1e11b23947f4e0c11b9a6719eee5fc6a0e5da21c5dec0d037400000007cc41acf1132475746a728ddd273e8ec4b424a7e7a99b2f61b4d6c73bbb39c45567c7a10017bb90ca1dd518835fc187fde06f84ec574920350b7156277108ecb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431118157"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E844AC91-6634-11EF-BAC8-6205450442D7} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70bd52ad41fada01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2360	iexplore.exe
2360	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2336	2360	iexplore.exe	31
PID 2360 wrote to memory of 2336	2360	iexplore.exe	31
PID 2360 wrote to memory of 2336	2360	iexplore.exe	31
PID 2360 wrote to memory of 2336	2360	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c9622bace1372ca3a5a7d4014df4c742_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa1f8a9ded8449094f53e3be844c9958

SHA1
3d5f3d499d8d231b2dc12037be72ca2193b66fe5

SHA256
9fb21b67bfa8453f3d61a7399cb69ca9af36cc3b93f5fd5dcdb76822ec96d436

SHA512
02c8caf9929ab7a3bc2fd8723d5cc627610abbf49e2e04817c1fd7fc14897f84efb7938d73b657c6526f6c59cf312bc984a51d39967e91f2db1bbe0c980a1b21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efb277445075658b5bbf368c1c2452bb

SHA1
b3f451bb76caee7ebbb8162df3ab9b5d325c663f

SHA256
7d38c90cd26adf1d6e43b84dbdf1a8a30560d01c5448bbff15a8e033f5a4f96c

SHA512
3f9072f03eee11c23a286405d219b5a300c5fb4f4429626bc143528327bd442d153a8479eed8dd4c7342571cff53315a9e2ebd586cf9960f5a98091b7bad566a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72a749ad2cdb930f5c7a9b9d6c67ea84

SHA1
9cb51029a8026c9972708fe9ff10a28fbaab96cc

SHA256
e3d4ed85baa8547068db60c892fc0edd1d65ca4580e0f2351287a0be2c88d8d4

SHA512
7423b354dbbbdd24a543c8609cc8d9d49f4af70f17d5ec6b237705ef6f62e4ba13b19124e55524914ad64192ab1bdf41ee384d8c274b5563ac1127f39b72cb4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e2a53f340bdc2229da7d18c1cfd1db3

SHA1
d8c516872e52fa4379feca7f8aae3817980882b9

SHA256
579a54183e4b7c95013df655cb1d572cb920e4f1e23a69dfc8cfe4b079f377ab

SHA512
b2d25fa6cc37a59de242b5fa62ca62599c26194fa40deffbdf12da25889c53df1ae67f6e533d0e327d7d58ff0b86490d6e5f2fb8e6f57c958bffecd1440932e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
420fb9dfbb4ccdf12d337c068f2c3983

SHA1
9aad7d3904c5a6fa2ee3855aff784a12c18ef4d2

SHA256
67f1d2ee4cfb6c266a8d0179d30c2917472d5705ed0538af4426ef606e855da2

SHA512
9a17ad3b3b665241e0a1811e6e14319c0322d5dd8da6123c768bb6d678d26113740fc472c2d30d52ba55a79e3a09fb24c960abf5d31efe1290d64cf74a1c711d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dabb5336074d426bb975e0dbffd4e95

SHA1
65eea67de46965e045ea980ffe034b7e1154600d

SHA256
9eede551f15b90d75b8653d4b3d4e375dd30c4a049a5a9d4e9d6a90b9c3cb779

SHA512
4c9310f0b7e3b433d5b1ca94e722082c8c83e627f51bf329c369eba905ad56268a9bd53e23a1f5aec32cec705d7820217d062a6368ae08b2359aeae875ab1789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b6cb3891e0d6841abdef4272e6d87c6

SHA1
79584af8bc140525f042af81fc5d373082c4204f

SHA256
50eea3687f46dac9bcee6a9b2a14c648b72233018edaa74a2309f29bb12e868a

SHA512
b5454581188b3c0f436e0c3185b9dcf43e75a094e5b4c3a5c9ad69521923dc7d54b9d728735cb6428391fbbb69baf78830cf00e56bc2eb6bc2ba48d2437da9e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
349a89283a4b6e3889202e1062a17436

SHA1
1b3c3f0c447ee910323112ec85edea0443b128af

SHA256
eafb9fa7b22aa1f1762643eea2ca8ef0ff844a7395300d15fe34f9005758798f

SHA512
8617dc20a9105fa6dd0a91088fb3fe3ad9e7ba41f0ff47d232f0a684563d47cdb7414b54411e4ca2122986fe65174aceafa44ca83fed6821e814645984b1e338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee3ac511d9fe9c1a6264db2b15fae51d

SHA1
68c115f48e3009670bb143f40ad9b81c29be0f06

SHA256
f567cd8d503e494f3d79907bafd0ebaa9d35fe36fba37207bf60f5836103596e

SHA512
4a9222ff2ec9256c79038266250cbf09fbdccd37605be5d420a20d18afcf2d1c2d8d591bf366a0ecdee0146a720c221973c425717017949272aeac3bae34ef42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ed056a7503819577c3eff90514a53e5

SHA1
ab41355c98a3a4c90813c025458a7ec10b55c2bf

SHA256
888ed307b46f44205aefee1b842c812ceab63933351592daeff74d39669bdd65

SHA512
98b14c3861456dcb4abfd1af67cf00dce2922ebc6bcbc535cfe9bf1f123c98e9dba77028c9084a790841b4197b9b41fae1f74fa4d1d2a43e0064309a883ff763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3917515ec2b2715033a8340bc449f323

SHA1
5e03b8ebe1adc410e0b6e63099cb3531ebfb40ae

SHA256
835f42715ca6d6c984c6b17999290f5465b5253d4c5fe4daa1832af812c9d587

SHA512
ea5103e6542fce10be8238fa3dbe34496e095e4245af8b276300a5c970449d331a25aae0a5d292da6290eab558fff4e0c2fb84cb883ac35ceb682b79faf29fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04296c058177650434b3dd9b517ea9b2

SHA1
5313f95dce7e35b075fd668004cd527e979fe3ba

SHA256
c35dca1db04a5696ab3ec05d3a1aa5dd0175e4dc977c7ae2d9866ab1de909a68

SHA512
f45cc3e1094b9fec6f4a1361c3159a88a60c6c3e9dbd1f08144336b05c7e082e43175f24ca73f3ecb3677dde0b616715ff50842a2a195ca060eaf770b551982b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e6d1af67bd5f3584500b11175382e45

SHA1
5412cc674f5f95a8f205f19a1a830fd661a09770

SHA256
4122cbf368bd2aa86d1cf95ec52e286ee143cc34a5228eb4950a287bb98f6a10

SHA512
12b69765e9e35de2e4f135b28fae347be75ff96f15923c557d346371a3ae633aed3a8d5ad0df2a07fa606ca84e8424479af7d9e300e6d91dacd57f45aee26f1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f95f861894e7a587ec96ce9e566623c

SHA1
638fe6d73cd1957faaca84cddb968837c5999901

SHA256
f0df9a4da2ea745124393c6090a6c537a7905d8bb414949dab37909ef4d340f8

SHA512
e1e23d86abe641d71b085410c5e3b203d338337b61a56466585519752c8ab4af7f49aedee3a2703e41e29ca71739d7fa18539563ef4f3c8890501938cc8685c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8652ce845eaf0de832110a95f47da12

SHA1
994bd7207f294be1660b01b592434fe0bdfa69f8

SHA256
17d21a1058cee15898c2bf957c0e80adf61167582bc6cd2d5f3a8d918e644ffc

SHA512
9fe8ad5175f2dd22829a68f3bc2e82a44a71092538f3f933f0932257a27e8672eade1372b5ede372aa57a06528b02684e799123af1b6dda57345075e6cc65830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7daa27230c84f9632294911053468f55

SHA1
db1b75848a3fa42778af196451c76122433ecced

SHA256
cf1250f970f6c9edbe538d489e8410ac07b7b4def978cad8773458e78c5cdc03

SHA512
eedb791b056f34d2f93f5da0bf65592039559b390b931b75535898cd93b3543ff12686cf988303e86dbbf78ee14d0814157a3d246d089a06fb2bcd5b309d87f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f55bb49a7cd7d9648e4305cfd18e28d

SHA1
463a3551b440268b728423a269c0c88301ef35c2

SHA256
c83b8219c1849d3f48e20b51fa17ed4db9f0b00dc75d96a4151c3b4e8854f99d

SHA512
2c5f3d3e29f561ba9175f90e2756618bf77b64112b17a2aed1bd0dbc93d3afce77c3107004eba84d35e6c9c55722af1d5a09107c1e426f19242049f890389913

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE477.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE537.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit