ab7c8fe5f5921cc3994de195b2d7fe45f4b303a1655cbfab6565d93fa5f96cec

Analysis

max time kernel
136s
max time network
130s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 15:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8aeea253b6192c8fd380f91794244e08_JaffaCakes118.html
Size

68KB
MD5

8aeea253b6192c8fd380f91794244e08
SHA1

9066bf4c607bf9ae4c4e1ce6792b743bb008a617
SHA256

ab7c8fe5f5921cc3994de195b2d7fe45f4b303a1655cbfab6565d93fa5f96cec
SHA512

96e8f7086caf86b18be123614ba750ed0827c8d4cecf0a5ee300f78892ab8219358bfe053d0931835d470a0be5f573254d0ffc2ca2218d5cf9c3e9fd478ec11c
SSDEEP

384:TVftfYntgb1BQ8tV7PB0YhPQzfvfWi3HrYjzYmKjapiP9LtX/2S7H1yYbhQxU700:7w/riWrm7O5tM0NZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E0518A1-57F7-11EF-B985-CA26F3F7E98A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000251e8b3c812ebb0b0cf6bb8452dd29749220707db29a5c18530b127decdeeb37000000000e8000000002000020000000daf6576253549b693309e131bd5a4e2d6ca400a6661aacbdcbfa9e0ccdfee82890000000cdcce9e0056b1fb96dbbb8b1375570f5ce2535e3b56af33b13d4a9842918f148e41730daae42b047e2307d544ad4393d38d84148f9f86ea721e96a737b50e4b9e528761c24d503643a46050a9ab00e1f1d1e949ba221959f0d43381225135e31b5be4961e4aa76def3e03f013cd81e1313e7bd34047b931ed62d45e784b3010727f0807acc5de151c4b0641276139978400000003e339b4f8bb2c98d874b51d4aeb9b9ea41b69928018de175cd916b3a641d526f27711d50cb0086d167e4b2eb7dd97cc3605a1dffd916852b91b01dc23703d8d2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429552492"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000c4e4517e12930e35a3bf04467476296b3ac5591ea2bb430891c7f558bd71b574000000000e8000000002000020000000b3d266a8cb296201165d5ee29ffadb65735c8b7246c49762afaa2ce70902f09020000000677aecde73e4ed630e83abf55a484f841bafeb1a21b867b0bb2f849ab6aa81e1400000007e0344b058ea34fb286e179c107fbdd0fe425bc1c2bcae7ae89a90a20fdd28fab22237d4872696a3b7a3071410ec6d61a04280701f36dd5d3e831d6498c2a0e4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0dba16204ecda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
900	iexplore.exe
900	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 2512	900	iexplore.exe	30
PID 900 wrote to memory of 2512	900	iexplore.exe	30
PID 900 wrote to memory of 2512	900	iexplore.exe	30
PID 900 wrote to memory of 2512	900	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8aeea253b6192c8fd380f91794244e08_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cfdcc36edc9740d0210184dc9899b0a

SHA1
a61082ee90532c16bb1f6800c91d2abec1cdbd01

SHA256
4ef8b1d2e33c057c19c5a2fae8d037340e4e0ecc628419cd41a72fd931176124

SHA512
21611eecf723f501cbba36a0ed28334fb9c1c14707606cffcf178a6480d81a61f4d81dbf9af3262ac037edad14d041c7ebe55a716ae763295d1ac8f38caa413b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebb2b2b47df6c847b409117f495775ba

SHA1
114e36298b02a93ed135652baffa760891a44981

SHA256
34d095c5a58e2d6d9ad32d4208c5dcffb806794c18bde1d64d6befac6033c782

SHA512
278ce952fcbd2e1dc3cf3428e144ff952885b5669d2f0ea831c51d7639ad39641995767708b457d9395f2981cac143215466a0217204c800d77e3c2913f7525b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91ebc84211e4bfb0daf733bcab934954

SHA1
09eb29faa9bd58ea7a847692c4b4ec776b9f1954

SHA256
bbc3d8ebb85b769eadfac5bb07bc5bb399be7f575b6d7f199914ca4168688604

SHA512
c99858603e28fe84af77b7a08cb49e701f45c6c324aa0b78e31cec3e6b063415ff25daec22d098c2f6299d6518e2f74c2d604d53e0514c9fb68561037e465323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2354a029a99d746a3a2f9b4a0b42de75

SHA1
a6fa7c34ef781416c15bc82ef230a435751ffe1f

SHA256
21a96191d8a4bcb44fd457fc768020b8fe40ea05cfec40ace9de9c899ae51253

SHA512
4a35840442098b7ea4f1381e491308687daba586d543fae1533edfe03592df27f231597febd44bf55cba1ac6299ac7682cd615fc95ed4b153435ff9680bffc59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21891fbd2b2a29cac92699200ed35934

SHA1
2584fa13fa7f32e504aea0838f6915196edb48a1

SHA256
2e9db3613f5f498f6d7e4c048cdb410eb2a4fa477fcd29437c64c2e170a5ca89

SHA512
43679cd90a325bb8b3fe2a99eab37aae35441c0a0a9e5190aa487321bef4f092b17237996a8129fcc6361eddd48509e97c8389554d133632ce8299dde4e18186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c3c46b3dcb34e8b13b4e27155f92f47

SHA1
b145ba80140c06dfda2ae6cc1da462a11f4b7259

SHA256
31819ffc6e092746d2a3f5fcd694fe4716867480241131e971721f8448e32613

SHA512
1a61b3d7bb226a36b1b665243421d55dd04428a8cfdb5477bf8394f9f1332887ea493eb04721a7be14b3914f5d99ce8cf8aa018d773b858786d4aca204d59272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa40dfb076eeb02247516d7fda4cd763

SHA1
1fad03908c00ae82de4fabf212f4da21d249bfbc

SHA256
062e4fcb18e188783e0bd40e553d590b0b36c78af95ee9f205c585eeb6f96d34

SHA512
2e1d9974f7d321c910bee856ea98661ea4794bb7e322c27045315ccf04fa2ae132b9852325eda55e409be7ca02822fd35c3c21b83115cf0a270941fb0c5d698c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ace7c407de3c643822a535804b71099f

SHA1
19b1c70cbc2353d983f47e1cbff681c08aca9c26

SHA256
93e6a1b0c0ed61fcea17f9598839cf84a95d2b6c6aec760e51706450b299bc57

SHA512
a3c41df10700a330cbdea59a59e464b5f8dcb34dd1c64342c475ee4fb54217099ac45e3622a04eccfde71f769d0d013bad3c84d04e362f7d09f9eccf2edd6b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa710547c6689f6f2138401349e955fe

SHA1
8c49ca2ce7395eeb52eed85a46a606703c83b24b

SHA256
86f1fda0f8fc0f3fd77b9992172b7e321f7eac55d20bf1b26fc1b4a5509e9afa

SHA512
6d4fe65a875e1f730d51cbadff878fb02486a78144e72703ef7956184816359f23b19a7baa1a684d20c9e95153dac6567f3aae6c9676112ad56dac2a258185e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
114a68f67de374b9fd999312f1e87252

SHA1
b73af1269bfd34798322bcc00bc0a8762a853465

SHA256
016cb07beba94255b54411cacab8d767caca6c6dd74c4170574d880c24c4fc30

SHA512
e70abcad5479c8eb836dab9293bf7c9276a3ef59cc26d09ae99d0cd686daf06bf095e2522a9fbaf53bfa68bd2bd9eb4fb957ade8cfb0116772ac0aaff9f1e27b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19b4d887fdbc84f44183da5abbd70126

SHA1
160a65da6ee4668fc6b84c6b38537709cc08af4f

SHA256
3d760656cc8f16a740ba1d5cc241f4e2bb7338cb5c5ffaafb0d7202a3e2c7e35

SHA512
caeb43fc0061a296218c5d7df211c776868612e7b3913e95dacff509f21d959963dad751c86ce40aabcc6ffac951ab93f4ece5ab719bc7dcdd19af58992c5343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85d9b4d0d623b5c949185cfac9b69d93

SHA1
86e3c8e5d969d53da16e87269af9867883aae8e4

SHA256
69bd055a9c4cfc5e341d35dba3b748e37e8117ef5cad293a6ef924d31b15eb49

SHA512
1e795a654487a12027a6bb46bc3064dd3c16bdbeac82825997a3440bea762235148e207f900c2aba2daad1ed149fd44f05215122c58ee0b6c8712a2d91f68d79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfee4bd4277945761e6a1f7a2ce1f959

SHA1
59ff159ff774939ab86c61d5760de835065440f5

SHA256
72728a21e51e29fa9e9f7acdaf583ce7eee7febb667e9a038328e1d912242bb0

SHA512
b9a70a050b580f448100dc91a60847d6a0be120ca86c5f69c098930401510d607f99041ccc21321f26baf9bd1d7b396460892e16acbc74d361f1d7808f28b1d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b77e0f1b1472a82ee66f9288233ed50e

SHA1
84e28a89b12675012cacc201d64d8afe24e529bd

SHA256
9bc1e843feaafdba3d7a35193a1704a599ee4f2f0b988a9dd3e4cd7dfab894d5

SHA512
91df710bb26ad8762fdd3935c62f635439eb47014217490ef8f31ce74826d35c98dbb2782ec4eac32648f0cf81dd2eba750c6aa415c979d4de06cbcfa11ec275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00199a953be70688b2b8ea381a55154a

SHA1
d8ea3e18c933727710ba280bc8269e58f67bce3c

SHA256
e9277a9c3d205bda238bb9065f7786e8bfd9a3545d878f176fa5752b90e087e3

SHA512
52b591bdb3335606ab28b63855fbb0e877f66e0be53a2951f874070ae800750045296e76b95b053e31825c7e1d845124f72267d673614e2935c8f19c1f9db2a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4d4558a7e2aa56361ef94a79730ffb0

SHA1
5241c8302cd8e96867662e0351aed442818ea59d

SHA256
a1466a15a5000f4b971fb561fdd04423577bdaacdbbe83ed847fbb20fc9542b2

SHA512
421989f7c94f4573d08171ce731c97f78252d28a48b25f8ea1a50a96bbb56b3d23985d86f0cf8593fa4c25cb3e401191cfc747e36f95e128edb39cca99b3c3b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a681c121b20cb59a9437795b1ab1694d

SHA1
6ad4a34b41e3f4dfaf1c4bb4bae1833018d2ae13

SHA256
d1bab6e87162cd3c7cd3f6031b98a8c13d07ed0efef44de5a29b03c6621c56cd

SHA512
3c449693160320a05597c7e7d1937fd30d83a1f4ab27b669a97544026b6739435a6e2ead8db2a51d9b4b15660d269211f9b54946563ccf8cabbe16cf88f51fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD9EC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDA6D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit