a1a88a90a5a843c3b36c095af59ba6989da1d74ebc9fa795ef0c07ed36d8b310

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

308a620de782498115964d95cf3f94c5_JaffaCakes118.html
Size

97KB
MD5

308a620de782498115964d95cf3f94c5
SHA1

8623e4ecf603dcfd658f827a56e49b58d595ff20
SHA256

a1a88a90a5a843c3b36c095af59ba6989da1d74ebc9fa795ef0c07ed36d8b310
SHA512

e742b9ac7549dad09fee87bc4e6a27689ef6e649240fb7b43e3c410ee0b1edf297498596de91f491e73ed623622e43ce526274c1ca4943faf86c5b7587b63925
SSDEEP

1536:SnS1bzQxECNor7pQTm8C4zZ2wQzROkFZWJRigGEFhH2csw:SnSEEyS8CTTzRRIigGQH2cF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A08624E1-871A-11EF-A76B-E67A421F41DB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000010dea5130e42691d490f1a17da512174b8ddda80b8eeb6e2cc12f58620996c47000000000e8000000002000020000000e4a72573143a7e431539f2da2929c87bea4072bb538438fcc9cd622b5217445a20000000a9fc77de7461ada72530bc1d74cc84d568238b5d6ecac1ceb4948225433d8d2e400000009b27f471533f2c0c516a41f2fa7f7307e26bef873f66d4f0a0c96185ced050736f4808dc9c178d8d79b5f65fc1ef7b488f9036f1fe9dedfb6fef0df8d41a57c8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434735258"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000b1621f60cf849ea6de9fe5e379c368d423b7f82d8e0da2c7b2de2898735d9f91000000000e8000000002000020000000f9085e6400ac7d192671e3f22c2a7989444e73f990009621b97d58cc69b77a2e900000009a921d86b518494bfc9e416a606bbc76ff2bce60e1fce63641953682f823bc149823fc982289747211346c66fe006c118929af21c88a6048cb5bb51ba6c3571a029bc5339cc8a78206ab5f2545248f6e601539be0c74ba3b19d4b10b409ae3f73a697c02c6da64d817ce3a6a835137855fb796455efa8c4368426d7c6ee6598331c6507e38e3c2eaded965d8717d3b3540000000566a4968edb81cc9c6d9b3784d45962a02ec3bae7998a4e81ade231af843606ffdc236522411516606e2bc89b661e2c8950eec189d9cb215b6cef54c44bb9f1c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08fbb8f271bdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2544	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2544	iexplore.exe
2544	iexplore.exe
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2208	2544	iexplore.exe	31
PID 2544 wrote to memory of 2208	2544	iexplore.exe	31
PID 2544 wrote to memory of 2208	2544	iexplore.exe	31
PID 2544 wrote to memory of 2208	2544	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\308a620de782498115964d95cf3f94c5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80d6580003242d786e5da4c89a38a172

SHA1
01696501408986c9d1bd5c55e3206fa85ada8d2e

SHA256
ddee553747e3d0679123ffb35513d770d04b0e780426442d256c2e9e80b77888

SHA512
0266a09ca521655d4304faa167f61ef6469414f16e02bc0e7bebaa59749d2383609858fa59549f82b6a7d65c31b3a2e38cf747356fcb80da25df6f3a957b6784

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abea0f1702a7b7fb0e5d63cc553688da

SHA1
57ca9fd9a094f6c70412e557918d935df6a82816

SHA256
aa3ef5534898ff79b4d69136e1e25a3af4b1728604f331b8ce7d49ef195aaa03

SHA512
a08b1a5bedf33821eda85d2aff720b4351a4da1b1251e852e2fc61dbb109cfeb7dbf8d3a11409464a831221bdafb6e520d03384ad836be005161b39b4ccb7fa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cffb58131c025ddf20e7df0d874f884d

SHA1
a495f18c03cfda1aeab9da6fe155d16020f5c248

SHA256
e1b385f6a611defff1cf32b1d111003e8ed9d6b995bb9779c892e6509dd39ae5

SHA512
354596e406ec275a18689fa1d4e855b24518e3a19ff538af012f6017be381ba7b6a4293ea26945e8521d381ddc91c9ea02a5329139894e30f3106f40f5a80973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34ae921efed14717454e3415ee777869

SHA1
9b206264755d9d3fcdf801fdae8b353656e8153e

SHA256
8bcc839435ae1ccd5779f3bf95f1f9de6befaad98fa0922edb36a7686849e38d

SHA512
8ec5a2d288821ec29d701935e411acbd1e97b06503975cceb76feebbde63e6bd18cd5005b3c9c91fc089ae337d74186a036388185da790e6f9729cb4b951c5f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c55bd1b06cbb351dea724dca59017a98

SHA1
adcbde5cc65117777bf8b3c17b2023d5281e3f18

SHA256
f37946e7b36bb9a0b9d6802b0245be1755ed31669bf7adc210de0a6f51d46dd8

SHA512
3fb9b0035dd28f7d6369f76e934b24500a3ea9e3cf4addd5e6f394c9db20b0db8e6a8f4c0341175d0bded2c9fed144afcf783569d24365b7e29b6f5b5279c17a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af81b874e0dc589df135f2af91833115

SHA1
9192e13060dba3c53ba9a1f12a1c8e193e7e3a7f

SHA256
24605a31771bba14754367309c3fed809a32a5da95e354b95c2d104ec32b6b84

SHA512
d6c4f3255f31cd0e6537f0728042e05485a1e116556e253bce5bbee079a5ba96ca43f650e684071bb7deab77eb58b3e3e4a59ebe46f9f2f773973277f4d00785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2362f286d35e2148dd139dcb9735728d

SHA1
ee2bd58330a10239a552bbdd503ab705aea2db3d

SHA256
0e81e4940a5bc6a794d3a1407547da593e0bdc5778aa7ee5ad03ddddeeef6f13

SHA512
7c9cb6ceb84ae5ff8a0fc837f2a1f58011ce13a7a878b67b519f5ad91ade61d757b01957db1cbd887caf77b661ef9d2e5dd9d75dcb4c8976732264a24cb19215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0364b1379495824e47ba85a5a866335

SHA1
af688466439ddeb9293fd6dc5df5da2a9962d59a

SHA256
936287b7cc24522540ecef739379e43c6a9934a7d4a9b1069af5fff12aebb3cc

SHA512
0dab3f8c415ed48990f05939b3c8d8a2e966cdcefd5ad87830473eb47a1d7bf97757ebb11a80536983d7ac2f7df8690132f5b29d2ae2f72cbaa408a0d5c096bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da09541b2ecab1757b1e39bb53e602a1

SHA1
6d03fa881e6ccb6ebc23e3051ee7d504cf80758c

SHA256
c21dd193e14c51bec41ef55a62159df3ebb199ba536070eb9b53589dcbcc1842

SHA512
70f011a3d1113c2b031dac9cfa78f4cea4d3b07f6a110ebf1c8b54a31cb82443278ab8f8a6beda0773ebd33b1d2ffbb0cf5dcfc476909abffacc3915afde3746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31ff5c6e7f1f408b31edde08bc0acca7

SHA1
a4829cd6807ee26802158914ac758b0d4a76dc69

SHA256
d53170b6a00ad4d5303fd9ec96a7334b4f2a984409b1d1305ac99c34dde150c5

SHA512
b2a96f1f5b504ca337b94857dc9d6e8f0bf985625ce51655a7dc25749d2174acd8a8eb80985f37c48f9ccee1c3b76776176afeb144db049e4b7098de01496a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9a9eae6e0efa71aca6b7220a263674b

SHA1
9a0b61016ddada6f597938fbc26274bf7a8c5ba3

SHA256
2f127223b711af23dc2e0c49e5b45b16f746858051d8370e295a8d01b81f07ea

SHA512
c16a5fc51606e4a9b76aa77f3ee49033a845490aa2e709b54837a5bea101059f12071e55f3ed7632216eead592c7efc1e68bc7ad635657dc5a8a0d85b4e98a02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46d03721e4380ce2ef005cbffec09720

SHA1
55b86ec095771d0eb940cfb64c5083b04222c8b7

SHA256
fb49edbc1a5819f88b2d9cab0a5ff36cda285a44d72cf76650f56d5f5ee75530

SHA512
161fd6644af64923e05a6f12ff7a86425c4f43e022b65abec521431c90f0600da3541a401a00d097a4db7a5be386565e69f9bb84c6d5887621429ff386c291aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f32979597cbc86a0c1ebe619f210050e

SHA1
5f461b3faec816b6ad636630cdedf06d3aa12091

SHA256
a504c4b707777ddd238c69b12bb9a59892b7510c40676f9f68056da4ff591e17

SHA512
efcb56235913bce15b77e9dc15ec49c4b218088535d7e9670f9c653321384390fb25d8b067addca70685c1a3dfe2f19fa708f8ca21abef78c4204c7320b8ee4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dc25ffae010ae48db5ad3d8508b9c82

SHA1
585259debeb98571ff702a3b253f93ecc6601db1

SHA256
86a2eadbb2b96405d3da720ad54c7639c0c1a392f6b396526c0ae533716f9d8c

SHA512
186d7552490d7b2f48d556dad7111e193742320c646ff662723b525010d02cd30bd10de3357082adba64eb42a3b9bb0043441e2b3b746f00de0482a93d892b98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68226ab0b87530da17dbce3e2b75a23b

SHA1
2a55fc1d5eab422e3ac70796753711d5689d5e00

SHA256
27fc77a8768cb31e582657b845b3d0a818eaf1a745c6eda92b8841304b65d2a8

SHA512
9211e3f14106dccb1e42b6dfbbb661b1b6c8d01ae367b7ae0436d2642a40680f1fadd5c913532d3f39fa02efb485a1f707ba40d024e70d3ef863bd8d8e2b88a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b3f62ed7f9d534275b5aad16aa0cc62

SHA1
c28147cd045991323c73d54d544337fdefd8991d

SHA256
554547b0fde521ecebde597a67fd6e029b51f2b2e4d3a2581c33c8d22721da8c

SHA512
559cd173061e11728f5460535305fe609bc7062e6fd9ff091dc803c8e657812170f728c5f21a9ff426cb77803d7f675f7aa382b2e2ef7e30181faaa9b153353a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faf1df725862df35fc4accb6b334b68b

SHA1
7ca387c27bb0549e2d18f7b695fe8a51670d33dc

SHA256
08126a6531c6dc815d7806820eb88d217c1b0e1a8f191a446ffa090765ed3c6f

SHA512
43d1832367c5d1f6e12f0d989bb1440b996132bd77d85e60e13b5e3d1ecc26e3db6459a15b9bb46cd1949be8430afc8568ba04149b1c76f80029732425167d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA834.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA895.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit