cdad43a24e32d590bef8bc04d8180441e2a5f8b682466453185d8399025ff12d

Analysis

max time kernel
145s
max time network
145s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfaf2c14761b0a2bc0a2a6a08d5f2ba2_JaffaCakes118.html
Size

19KB
MD5

cfaf2c14761b0a2bc0a2a6a08d5f2ba2
SHA1

e404623e4d1bed6ec9d6c224a131a7007510dece
SHA256

cdad43a24e32d590bef8bc04d8180441e2a5f8b682466453185d8399025ff12d
SHA512

3754b7adaf4c609c0adede49ef3a177850143cd0430bbbf136117c841f560cac99f931dfde3991d576cd75e77b6822a5abeacb2da7694e46cc1dc64eb2610d7a
SSDEEP

384:SIgObOXOYF3CUksYG8lFUvPKmbCJLXqB0t47tgIcjGrbtJ3+7mnyvj:STC1DPmGO5+myvj

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{86E8E051-6C57-11EF-AB1A-5A9C960EEF88} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000001ea886076cad49b5399d5dbdf39714e2a22e797713b5560c12e0e0ad798879b9000000000e80000000020000200000008c075e5c02b641915152fd0fd915ba85a51a9e284b3afa9c930a3a29f025005b90000000be48b21188de543db000d236173ca2b855e194de8c0dd30ec8ac775438c073fcc602f0fcd1068787cfcd5e3f184f9553223201f25c50ffafea87205d65cccfabba85a801d4bd1f4ceb4862493c7044650978396eb787840bc6d119b01b495a4efa25c002f51aab842885622f703624537ee52eac83984b8034bc48f5e83224c39fbe136c71e968a27258e6e07d79f76f40000000933434eb95394b781a489d86d49d2aec3dcd8b6509121bef3ff45044dcad1715b4df1f4be7adfa48d97cede4fa87a82b896b329ed7a953bf7902575619ea4664	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431792739"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000051cd3fe7a6ff6267dd41198fab57d7ec972fa09aba848dec466449e5a5ed1e10000000000e8000000002000020000000e314c1ad1ddcf0bd3eed48c2a7cf78b1598fa5a5a15b2febf723120083dd6efb20000000558154dc7ea2355a9ae724f8985a4491c3ddacf12a785c008e17dd9e8755568640000000dca53c3da84d3d2902e7465b3b42ecca6a86783d46f04998e7afd8f0f03eb7420e5601f6859798c81c536e09f2ad6c929c8baece92fd83f504d4d23c3573b1ee	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a0525c6400db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cfaf2c14761b0a2bc0a2a6a08d5f2ba2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59bac7678d37a63a92630467e9c6fa12

SHA1
01bc02b419ed9a706e9f9a387583edbdb2e1d2c5

SHA256
be3f486657e2aacbf4ff8aec6d1cd7297201d36220b375348bc22f030420da0d

SHA512
6835a18b8fbaf420f18ab63dccf83efcd844416f96bb19b8e5b3a62a70b9d6378dfe0c1af69cc0c7e5f5f322de432615d94f3afcfc2657a91b3a8e9b2eb1f8fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf73319edf547a3a69fa7d9f47d3dfbc

SHA1
26407055413449c32d2ab8142872fe174a805a85

SHA256
9e1b34e3c1a7933c9d5f51e959f4f41be410ff0fc7f4c41f9622872b983471e5

SHA512
42fa6f72e0788862f78b30992ae4e3b06d9952a787af57a1b27acfe6025446ff08d45bca4380ece3f9371ea08f58431ff5c96390e3b2ead2c03ead5538b73688

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d27dc230e5a641007c7af7b4d9561706

SHA1
4a67cf93ea30e3feb8fa7ca10789c72a31863238

SHA256
4735757082121029c29a23f8d2bc441c5711eaf9d0ef51f815d222482185c00f

SHA512
be43b0e0e2fa5bd74638cf25e7fb3212d3cf1df54c56864a837e87f2f4d33b2888fa1cf4fdefd62657c405b217873347442051daba3d2fa382a2c12b14270488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfdd3049d417c6f7349a3d9d78dcf3da

SHA1
b9f7cc84ad39ca413ccf9157e59a18e652f17e60

SHA256
4e66f64d11f006ba1dddecddabad1d030b503c4382b749725d6abec71c292789

SHA512
4c6d89fc3c3c104536631a2ab728a53930604ad1e584a90a45006b7a47e14ef3e166aab89f2bf38146d4f8cb9acdaf75b6dd82fa48b8156afa65ad1264680481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00a2357b979a12688cc74f91aefc727c

SHA1
20f38d1d25fec9b1be010728008136e1ee2239d8

SHA256
925b9c41a620448388ec127d4841bfdaeb1798d7dff6ce1b20576e55adcd5391

SHA512
413b324479e48f36ccfb187c3b52159d4e79213b35e5053d28aeec839c873bda7df67f2b2305ba238bb0e38ba47f243f0774a834f4d1a3dd45fc666f27bde71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fe654ec24deeb7ccd7b3206634ad641

SHA1
a50dd04bc2107eed51f08f27c47c92e5580276b9

SHA256
17782c77227e176fd6da7045defc855d37b0f87174962faa79a53266e25c4294

SHA512
86d89b65149421ee4afd796d4016c535b26d1f1cbd97ac17962a31bff3518a4fdb88158767eb5f4106540066ebf326d992dc11c525a21acc5cc4c2e923bb0fb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc98345af7d21c4d3cbe7801f4cca7f6

SHA1
5f4221de39444c9cd7b485370d9631b4c2b5056b

SHA256
a55c4b162ba1e1c48479dc8587005fbb6dbc3096aac5885cbc98f3931b63c725

SHA512
4f054b7a3fecd62424f3842e7b22fd4070de17481320a65293a6e76bcf9e1723f564ad4c6a5d4f7260f86a31a789f8ea208ddcdcf828f9ea685e3a1c4cef6b38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2b9a0223d46562ad94dae11158cd44d

SHA1
d986bc98f1e7cb4c004820607a84e859fb99f835

SHA256
0b7f49b8be32faa250b1ecbc75899fb99b6d117d546345a22ebf902eb4592ed2

SHA512
5bf09a25efdcadc5af15993581bf78dd0fe3c61976e8b35bfcba82a8d55e5dedf3476ce44d48d4bf508ea89154f457d63c28f4d95a87b666c604bc197431a73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffb5212ce0fe4439c3f3f53fb51a5105

SHA1
cc020aa7280025b16f711e9eacad7559e1f951dc

SHA256
75e7bb11028545c8149bc79e48b17ad491da94978a0b102872502ace709b96e0

SHA512
1312e4a07749c92bf5d422e93e9b0e5d8f11ecf31109c87f71c48fb6cd2483c861a08ab9af043aacb37cc544c12f2cc95b223f2ab2de0648fea02a06a03dd4e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
817dc17b1e54379ce4fe3a555e249c6e

SHA1
851f02e79271ac908544e084f815be0bd528a50a

SHA256
899e63cc01e85cb08957a5299ff14ec3cbce20f05326c5e511c8a4c85ec70f48

SHA512
9d132449e97b0d44f21833dc38c26593233e9967fc9d3ce8db019796f72eee35d3d1ef792d7aac5c96a4fa0fd589861531bbe7396ab69b751d3e3dd0eb982048

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
857c51c8052de4c96bcc5fb469b2bddd

SHA1
c3bff1a46695bec41675dd95b917c06e22075acf

SHA256
a59e28704f09682f51bb39a401486016c9514bc049e6b552d1c278d006440d83

SHA512
716536819d90c1a4223b0ff1418901e0492cba834efa0971baca667d94ab14633299420adad119937f695b568c535fc93ecf0041ed1f47c9ab907f1209227b01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340798c0d6932853d51d594bcec0dd4b

SHA1
5d8a3db9ad291d8dd4af98ef4a343c7df1dc90d8

SHA256
ed1631a5dec41b6acc9caf4652043133f6fe12477bf11cd6798de1833b4d2cef

SHA512
4034696d46eabce797c5c42a7f2f0e17b066fd08fa1a0254dd9a29d1b82291a7a4feb779ce750016af61010288696126abe2efc494128317a775e2e991670a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68b811b6d302432680b96547ce1ace42

SHA1
d4b3ea8afd99d3bb205a7b41b2f8e48ea5b4027d

SHA256
cc56a85c25fccaa7812be0971b08164c044f313baafd3bd004066223631a21bd

SHA512
dec96d210fb52bfc8ef054fcff15cec60636d84e10cb1f7ff627a4f7fdab198d30f43783679f90ce5ed675afc85103eff18e98d2662b72210ce79d08d2a00c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b907c665bc44b4e37a4ae27a3fd37537

SHA1
4d30170ae0949782e1106d0bf0842182995422b6

SHA256
f1cecac082a80079fc20e1d1efd94305e86bf70112de12228663b0f8aa28ada9

SHA512
3e9403f068053672ea34c6466c03a70d845ca223b796e6030ad131ca8146b765057d8405a6753b1227e2b38db0d668be427af45c1b5e1cac206d9f8347737274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40a184598a93d12d24628ff81a1296e2

SHA1
b7cae32149987c3a98fce7d6052a37b5d0a6c4d7

SHA256
2fff306d7731494849f69ee752ec7da0101f86090beab179e96c9015d62783a7

SHA512
14d4bb9fc23d90acd9dd61e010891e324abbf2006a14d9b80af63a5fd6b59200850fe8a7f7766080e60897dfb1bd7e75d51d606e7b7c9957fbd420625fdb616f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
023a8f0ae87fd1e8b889bea8ce9bda36

SHA1
66e31c198a44900f4612c5467a52043f4c625496

SHA256
9825a9c8ae02d74d93a1270c44841cad194a7c736a03cb2fe05252b6d5c67876

SHA512
a55ced0d9c983de8d8a7564513468f1e5b9624032c02288c14d9feb69f840a75e039abee1f5922700facc8aa211caf9db06852d8b34c2973090251e52483f2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\descargar[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab80E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar87F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit