d7160ba535d486cdf20f0ee204ddd40077dc133f724f08a3358d847cf2929a39

Analysis

max time kernel
144s
max time network
146s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cb34530a7a79f3a7a217dbd9eda3d94_JaffaCakes118.html
Size

121KB
MD5

7cb34530a7a79f3a7a217dbd9eda3d94
SHA1

ba6909b54edc162e4308a65af7523ecbf8d8b72e
SHA256

d7160ba535d486cdf20f0ee204ddd40077dc133f724f08a3358d847cf2929a39
SHA512

80ee725203272c7a2389c0c2a4cc753f426ae97625a6630042a0a31f6e458a02c251b31e964242ed6c4abd9a508183f9af2249174e7a55e9280720a35b90a08f
SSDEEP

3072:EbZkpFS8ppVtbp8hDWsGr3LEmSZzFzuzKa+8O:ckpFS8pZbp8hDWsGr3NSNa+P

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A6B09F1-1CE0-11EF-9A0E-5A3343F4B92A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423055459"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2456	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2456	iexplore.exe
2456	iexplore.exe
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2144	2456	iexplore.exe	28
PID 2456 wrote to memory of 2144	2456	iexplore.exe	28
PID 2456 wrote to memory of 2144	2456	iexplore.exe	28
PID 2456 wrote to memory of 2144	2456	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7cb34530a7a79f3a7a217dbd9eda3d94_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
19210b33f8175b1dff5884571e578759

SHA1
e9a1bd15c3ff53a8287f89a5387392a87e70fce6

SHA256
505834b6e5c72d68aac4858b875d1c6a7119bc1753aeef703ea31ed8858f6742

SHA512
66af1ffed252707836392b90ea4b76f81be482a764c458fc784b4610a1555fb85a20de7fe762b82fd125128749db887e0d58cf6feff078b1c718bc0a408039a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c7f2b37d7a292ec943589757b7748af

SHA1
379848c02ef9ace05d3af6fe80cfe1f935b8d927

SHA256
e6c5b21e26ab774eb1c0e739fa01a9fb0b76a224e9ac23dc6747a7eb743b93a4

SHA512
3ea290ccb08828744d80ff94cbaca2ef53895968224b4bbbc771618d3cac8dda12ff4da5532822d8b07f518fb9c722f6690b5430a82b9b284fbb7e741fc91237

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc1fd951a9f77b23c66585676c64e41b

SHA1
88599d2b7be459c265797e7239f470d1fde193f2

SHA256
7052a7c714eb11f8b49a3e6c675ec85e3942b20ecb23c6db1e9b22d3449c4bc7

SHA512
f3f16e35e9315999afcd47bebee68afbd831c273366c1f8e214d9f4794858f5c243a7d40c8aede4127579929114afb935dc8c5a9e7f1292b2e74113761239d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
064019f0cb283bd55adf17482b5a34e8

SHA1
5ea7c2876655feb8fbc45224492f4ed91a1df3e5

SHA256
c4e30d7796904af35821d2ae12af44e1ed7b45d4dd55047086df813fd023293a

SHA512
f025e4aa4cd3de5089c301b663c32fb9da2cbb74ad2b79b35eae3bb55010e31aa7b26bcea6be9535ed5917b79973c9347a41a17641177d1017e2a1c5f56a3974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c13d3e7cd2e7bfb6d42d084d6ddfcfce

SHA1
e87d50b40d82b038aa675c94ecfac20e9cab4fcc

SHA256
cedec6d761e40b039792df246c918f895ab5b3759f2bba385473c738e9793f8f

SHA512
7d63613f63b729c24d15c803e7846e93bf7466e13d09d9ab7a12bbba2eb74e0821ff67272764d02f89d38db3d2706e0ae2337d8ce4232318607df6d931bd591c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a700138d353d581aa2da3b39899d10f

SHA1
e692d50aa217f7ffe45c48232049412f8f606c3b

SHA256
04a609e8a0deb0148a9046245c5af0fd8b81f0c0498991b70c3cea16eb7d5f87

SHA512
0fc2b3fbc99dafa72cc6d219abd4286b49c3b8f0921fe416ef2b7159be64dcfe226b95917a44dbca6f957d1e5b9e76f72ea304c51547118e6fb0f956b255e3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c33376483d2f1bdba1414c6d54c382d6

SHA1
69d935c98444c661a68558de70fb15f6658539b1

SHA256
b353e0e7f5d69f7d5387ffc64134bf872b5b6aadb52c965e59beec8dea3c16c9

SHA512
91fb443e65a19afc8665ee1cd6bd92ee3fbc584d66d6a1fc2ed081e14cb618c8e24191ae2fe35d594c8a04d97c6bda9a7220ecef2693cfcc561bf37ced25fe84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e12a1ced037cf4c3bbaa288900050248

SHA1
9e6dac18c06a02ea46dc0e3674c2083a28b2f2b6

SHA256
6b386264fa6dc574a9f7f04b7c0c5b9da1dd234a40539db73d69981b4b6dabfe

SHA512
0df3dd61ff7433e66b866fa94d474b388ce2f17751a949b4e2703abdecfba4246480437df99ab5f58b8f05818dba375beefbfe0ae1cbd24e51d528f955f5e825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
418349233696a76b93697b429f56c23c

SHA1
f109a2da50e0708438f423417120d58ca3de02d3

SHA256
12143f6b4608d1df33e256f8b5a0abdc7d939d6858cbc5c7962592656775e99b

SHA512
748177242aedcbef712740eacea6e77dd1728711c229deb862e118a27ce7d515b0d873a557640b15a8d875bf3f714f3a43b3754e4cbf928632645e2b74bc85c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2293c4be2dd62c30bd331f1ac4625c1f

SHA1
b67e5f7a4efaf7bac40232a2e788cf7f9b67640d

SHA256
3aef2e9145eff9f4544e76a2ec04aaa93366229cca82a2a17ac0e2f7804b65ec

SHA512
d565fe2ecd703ec832899a3c952de1ffd6cefcb651e876742d1e91717f158415a0dfc23b89a31df7b0ca2d95818e806f6f780b8d2e1cac62ea569cbd4d6d610d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c28cdce7e683b44c2c41b0ac80ab997

SHA1
596a09562c4808f0047555150baa81a386c0380e

SHA256
4a9a38631ab8bedf9834ca3943b5166483f16282e20ac2faf73a9b66eb951edd

SHA512
59535f1d64ef1406c9e6cd858c71eee00f76adc3a57dcccebf291e48e76774f0d343c5b5d1217f0efdb1be984c50ca65e0c5e1381d316bcd0637fa22c5b17f00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1d2df9ba62fa6a92ffeaf301386fe2b

SHA1
3d50fd09812906e043ace12957e8bcbc69475eb4

SHA256
96b0f570ce8eef19fde5b362ccce06c33fe763e4a66de308b4856f924d1cc79c

SHA512
71888b2e92b86968cbaf2743f21f48e49967792ba4f273f7a9efb6be8f1b008a6f16f4446ecaf561be721adf18e9c224f38efe82db95963ce994ba88fdcae101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a677e569f6ab4fd23bb4830d435361d0

SHA1
fe9bacd4b390508ee59ab32a5d3d3b677f14650f

SHA256
9fd4fa065549499a7e1c7daca1e9b89b4f7f63b309ae3e0fc3afa41936663b99

SHA512
9419786a82de04714720dd8ee96395df9deab78e47d54121a417460d4521431acae446f71d45a3044813b9917825600ca6106a3f41ce52e1d21fcae58675f443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24d44e1fdc1f2fade64bccc28b85b95c

SHA1
535fa2b2a30f29e8c61210bc26e615f58c1f0115

SHA256
4a40b119aa29e69a94b9de22b23e38068bf3487653b5115ff0f2f665f7b8ed2e

SHA512
c1b76f6d12297925ef4dd4dd641d4eed0fea39d623a133132937b42f3eb79ab097b1a497c4e751d454b55426a491a3c154a8434c6f454d261ff349a33d3c060f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28fd955617ba80bbc9b4556f1ce55d51

SHA1
a3b022f6842a3580bbebb9ebc0dae8bc3d904065

SHA256
a2ae2effa7aba040b28b16264ec42b6414029ddd1f1835577161de285bc49ea2

SHA512
a4f6d86cf54316799fc216d4d84847a47ed2c3470c54759dc4f9a9b579846aac3c2af01fe2d7c3c3c686a50f413f50160340dabafc7a2d2269418a326625601b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df2642d450481722cc1524c1159caf20

SHA1
4a483bdf051119695f63e099da1a4dd09dcef0d1

SHA256
277a4b5946114918c4af5f73a90974a0713dbf5aa22d1e3069b582e35cfe8f5e

SHA512
d7b9640320784211ad413441b443437049675c34340395bef8c3c04bfa1feb5f91780913dcf9e72ca4101d176ccb88677ad7c1fa57603e0cdd032ef4ba591807

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e78072956c37928ed474c93b69e7e82

SHA1
41aac7b33b9f0afd7174f6e672bb1f05a8a4da79

SHA256
a3d08926c226f959a7371ec1454868163ba6ecf9498620fb3d6b6b74ca143e28

SHA512
0a4857165bf9063c79fd9701a33122aa88762f0c723aeca199cc767589febd054c7db40a89a451dfd2a7ef2c045e8f1b8b8dd90d5ddd2f233415613731f7ba6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc9f2705a9919938402aa83c0d4e06d3

SHA1
c9f7cf7f657fa173160f1517702c82c2c93a98ac

SHA256
8dc5beef3b875fa04488fe1e5edb812f8e9647cf683d21edd3ad79bc769c9ae1

SHA512
9fd2d3b49a990f96fe39d1024a21a792413290d3d61c4b508f7269aa46cf206ace9e43c7145ee7202fe1662bc437612ae19b1333f0d033ef4fa9a88ac6fce634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cdeedc3f3a0b17c0ea1b2319c3fce27

SHA1
28869397b6d9fc5e8f4ee36b0fc5b771b286971c

SHA256
2a17ffb4454a04ff3405a0286376a79f7b1ff5d30979a97c04f4ea3d8212ce1d

SHA512
b6a7ef1d14cd695b968bc6cf1fb11f307e81fdfdf143f9ea5b2db9c9603cbc282725771643f2e169711beed64be4d8d27524e09602ea0c58f219dc41bf44f669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ca33bed0994a28011c434385749ded82

SHA1
513b70b9ba9a0ea59ec0e041c72023087a6eb872

SHA256
38f9edbaa71897fa9c0245ee295b2ad6839568985c194985a5a0278608268ae8

SHA512
aaa08079fd7b205a16aa48495ab0794caf94cce76620c8c7ab38c4a63e6680bc5e193610318e9707bbc6a1cf4acb8963e94f8e9c01af820f2c957b0dce5a3fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab78F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar792.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit