bdb6d612a2eb6c8160a5494877cdd43319d76e9da1dbbab39c3dbe3b4542366c

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 18:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

438665df759d6bce2e65acec40fc3a74_JaffaCakes118.html
Size

71KB
MD5

438665df759d6bce2e65acec40fc3a74
SHA1

34f68721196730e27161c0bf374fc491012a49a9
SHA256

bdb6d612a2eb6c8160a5494877cdd43319d76e9da1dbbab39c3dbe3b4542366c
SHA512

936bc07d876bccc71a3412321d2e766702ca02b801f4c110996e21541c2927a6241b56b52a766fce103a5a13d51f806a9ff1ebc9c51ad4f7cef75e98b9270bfc
SSDEEP

1536:Fead1RnRlNLEmULyFLCs3+6Va/Uu/gOpQ:QavRnRQmULyFLCs3+6Va/UsgOpQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000004cdf2b428a2d75751b203c65e7138c0f8dceab32dbb9729bf74be315ee945c47000000000e8000000002000020000000420742e86ffccc07e968286f726a188e1fbee5896bbe9f59dd4d5a4a3ce8b6e7900000007e5ca026950d604e333154624b6e205a9467d93fbd9f7cd209f9f2bf5a2623cf4755f69145db9f9282e806106e0f830b30c6d002ca5ef527c65352af5a58974963aeda5af14008de16d5d78fe49c24cf79b67d0efe8a0d4954291c8e085f0efe35e1ee234c193a9c0836245aed1019c3acbd4fd2ee6caaf8fc5a3cb30b0eb43ebd6d67b19492812a795a09e6a36f923540000000932a6397db9715f261827113b882225c278ed7db402fb335f04fc1763c125554cef72ec3083c93fb7bd6647b60abe6af88d22a8f111aa4f6c32dd5916d4b049d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000885df3506ca7995ab2bd19cf2961c09fb4b6a21a0d5f3ca43399d6bb4e894292000000000e8000000002000020000000d8610bb916e586189fc1ff59fc97f11d92d260770e26c9ef6f63a238e78fe31320000000d7949692e0b727433424eee20ca3ed9e7de9f4b18cbc95a3600a514ddbca4e3e4000000003c6cef8203a9ce2324b2bba2d1f2da90a2f995d523eae048cb1c37582d65cf07e1b14ffa87ea6fb81e1768ce84622910d86334767abdadd0452cbcda7afad4b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40328099641edb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435091369"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C32878A1-8A57-11EF-9C49-4E0B11BE40FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
536	IEXPLORE.EXE
536	IEXPLORE.EXE
536	IEXPLORE.EXE
536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 536	1600	iexplore.exe	30
PID 1600 wrote to memory of 536	1600	iexplore.exe	30
PID 1600 wrote to memory of 536	1600	iexplore.exe	30
PID 1600 wrote to memory of 536	1600	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\438665df759d6bce2e65acec40fc3a74_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c149577164247c8639cb93802f32994f

SHA1
01980697b3972d8640f6ccd215d80ded6a899408

SHA256
5d9fc82e84a593c8e7b7ca5015788c03e91b8046396a0dd77e5ad84022289d4d

SHA512
028414e88668e562b08894a8289deef1868f59352a418d1b0110b599b19aec225a0c4097fe7f82a282d144b05c83858857d2c57ea5ca6337115f786169626a2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d8f73e9810be4975b0d2e7af21df488

SHA1
dacbcb373f5caa4f9e6e9f97dbcdc9a3aa364b8a

SHA256
1b3cdef9e3659b27ee3042ba1738fbafa27d0b5b2488b372f48e20d65d4930d4

SHA512
f0b3c465079dbec9fac0e86d62d6cba5bb23d454b617dac7e46fce70cff21264620e13f450dcb389808c7522115ad1ef85c3945b1ae277947c4224589271067e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1854d9305264c5854b42e32747e91d35

SHA1
f588bb8d7219830cdee1bad309758c726512a644

SHA256
9a3ed592a9e79be4e3f1c424da860e5f427e52caa704a5ee9163f16d6c7c88c2

SHA512
acd23d1e4f5d57f2a57152342b19b9d5bb53571bcbacb2249452b454b45528b20b4ce78b295b13462491864c4e0deb774dd11ca3cc669e1062e6fe82b368ac0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14cf624aa629fdc1bde9e692f24a3e91

SHA1
8895fa8f38c9c7bf0d309570b3aae74f7197d2d8

SHA256
4631ae28e35b997a1ee0d9da6b885d9aa96264cc19a234114b7dd3a9b6b5f2f9

SHA512
5c52084b86ed6a4c351f0f1bce04b746d9ec02f73c6eae7852994ba33486fb108fec438a57e460e472be1bfa8872b77c822dee5e11675e2efaae7e29d8609446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a258907e2630b2ce658a6cf7d923f105

SHA1
8656ee146c0e0ae90dac80be97d6c88b258d3bbc

SHA256
e0c8cb87fe15dd020544851ceb4ad4177c77d2c74f1f591c12f1dafa7bb23d49

SHA512
261c2a02eca101ead94778da721ee2756f221b5bde1a1f6c8d16c9db843ecd137af1522a3135a0e0a6afbf8172b7f545f128303adcd0bc76f1f22ddf8b62c0ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25dcb0656df34d6a67528767d7b3caef

SHA1
21503d596e91593f49da2bf6889c8423b8268b8f

SHA256
96294686b4d604a6a80facc131b622b9356e4337377195a768351d6163c67c97

SHA512
a98c064b2a9914e84ae8998fbd4671612336285da29663e8d1abf4bb651326f1342cdc950dba6b64d0c75902990374390da247b085f1b7c08f245fd25f77e451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74ac1f5c82b8341beb4e0cd48c1cf1cb

SHA1
c6fb155a54d69f8668d05bb74021e17bb189ed4f

SHA256
d5b96608e9a84ae2a2b15c8d47ab62c17d723bd3434738603140d34287955d5f

SHA512
7d51b33c1321741d1687bdf05c082195e21d75d925af827239774b0ac2f97afffff862fb3fdda7cc549666f28cd2b522c256f0a657045d84049b348674fa7b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d491abe23d19caeb9b6d2dfaa1cb896d

SHA1
018fee524f8a1af72f1ecf1b0d924ee16cc464c1

SHA256
241f45a0ab1a779fa3eaa14ad92f6ff184952f8a37383d206f3ea77bd51fc824

SHA512
60113bed0f71615b5e46c59f32317f43fbe90c5838e8c62e300dcc2bcec883ea32bef9a00b963602a1430bc0d20c707dc4a6dd301610625e12baa281dfb7920f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b8863425ce616a1d598296b40550925

SHA1
ce37ebbb8d24fbe5e6d7db345fb02773cf5eb90b

SHA256
0a30eb0552c94d2620a998c859eb55b26542d3b9caa4bf7ddb53f5e0acde6070

SHA512
2e11402c4a1525d23a94281905fbc7939f04089fd2555b10ecf1244d7e795342a0c2bc72f962c8c034232f189446130dc98e31b85bfb98d3829be67b82abcb78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37beda6351b3ad2f695c89acd2798133

SHA1
d40c35f9d7ad5ec34f5e8f122758d44fbdf739b1

SHA256
465e9979edbb2801578c8a538315373396f7d8bbf5feb3eef02ccb624d2cbbe0

SHA512
898ba21326b47e3db1f69e7a67ebc9e26c07ffa823df55c7a218a7999caa7773df39cee97c900f661d575516d3194da47e44e4929ff385a360638ee9662fc8f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ae5c9b165e12386cd7c412568fe064b

SHA1
dd24b394572939829b26d333f0b15b5f5da673bb

SHA256
6a87117d3a8d4c1700ac393b26296d3ba4ca25d120c907a87edac5a4de76bbe7

SHA512
d60e480b3f591b31cff2cd008bc90bafd74854cf5a344a185fa5afb317aea9a435cb8c95f87ccacfb003153bd323ea087a252d29d1c5ffe2e3fabb3b23d4a086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64e397ccf41807ba4628623c6614930e

SHA1
3084c7d302ef899c664a507ace262d8a1514b790

SHA256
0930885050cca42b601bd64b892f109c28385b9fb26cbf24ec4e699b3ede5efd

SHA512
137a2fdd219c3c21ffb5560f2236c18face2943da055a737710587ad19641909c85d4f68d5b60aab6f792471c51280440b4e982df717d8de39dc80328992ea67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28e0f123a7dce1055e0fbcbbd66d1327

SHA1
89341b062ff22e2ede6d89db13d928c8645df1ca

SHA256
1cf7b3dcf33847c34a2cf9acb7478856f0b3eaa4c21d195f7d91a992e60d29e9

SHA512
56efddbce29b07a5c17f95aae1549add571d477cf65cf93d4d70586c76bc9df75bf808808a12dd5777645c77d29f6868e3c2d535af85ad9fdd4c9b8cae89b556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28ae0fe682d496063a91ee8a9a160933

SHA1
f258b850a5557c6204c4474e030f26d99dbbe0b6

SHA256
1bf8ac9b636b63fba7cf6447ef12256fbdaee501e87bb4cf676cb3577dd1071b

SHA512
b61204cf65d1a728ea13a873edd5736e9b6b1630a4e6a6754bb5c052d97855bb00389b0bcd410fe06990515b69575a664cf44a570a450f42afe6a6e5f2e51e58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb793cde7c6266f2607e8ccab59dd322

SHA1
78d1bbcc7c35469451e8470fe646d6182ce72264

SHA256
5f3086799a0e0f750136ca8ce8c42b43ab7e923009e3e02142521ecd2d8eccdb

SHA512
e7fd35bd1bdf2c5f453a4a42c85a82f9044dbb81a39aa265bdf64044b3ff1da0d6f44bf1de767c33148566c744899d786d5c842cac854cdf3722c7e973e882b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea2105fc21542a91378075690afa8f5e

SHA1
01a7f70557f04b6831e2a2f42473211bc5027faa

SHA256
f0a22a54f0c230804daedd0501ed64416f19fa7d16da204c817adb95d5720682

SHA512
60c735f38bde85367d13980403e78e9b9892af2cd3dc5acc0dee518f83b03c05145c8cbed3fb7d088fbb5779afa2f3a7b4c5b9f0c5839e83139fee6ee156ddec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25eab4817750661e15dc86b74b38d299

SHA1
67d040bf26562d0a1f601e0f05ad5fd0e7adf097

SHA256
28f0e714ea1df006b17972538b4e978b43f40a99b5749578292f75fcf5b05f9a

SHA512
b23c87a057ca860a35643af39e9cb911ebd7391657a3fc434f263e4ae4fd9c1df69d20e49c5d9c2f57bd5cead5d0e8a5b4231f102fbbed3527bd8ad37d63c3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDBC2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDC51.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit