89b27d40833688b17d04309b0df54c9bbbe4cd945949bff48581c96ac6aa2724

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

939ec6f2ac393aa9142c0afb247b8d3d_JaffaCakes118.html
Size

3KB
MD5

939ec6f2ac393aa9142c0afb247b8d3d
SHA1

1099616c57ca0798a5372369df3784bc6cf3cd2a
SHA256

89b27d40833688b17d04309b0df54c9bbbe4cd945949bff48581c96ac6aa2724
SHA512

7d6d548c5dedbc84fc498262230d514cf3d818631327f37308cc2b973fe66408f0dcddb58480d4f2337598b3173036b297f82964b19cb4b0c9009d67b11c83c3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5C278D1-5986-11EF-8B31-72E825B5BD5B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20519b7c93edda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000c5b5005e3e33de5dd067b502ad3709ce860a918f4e84c6241378b3bde03dc10c000000000e80000000020000200000009fe9d06b77268aababe6674e6e964176e658b15098f4e92aafdff6720485e3522000000044a0d21b4af0543f4b51ad6b94a00d20209285e2504a47c983a5c9cbc688ffeb40000000a53d943ee4198a31c232a27b26e265cb9ab94f011b66fc9e82851c41745b4196bacec28a8f9d24a0a3c381e9df4479f3fcbf572c0669f431d9d5ca4e08885efb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb780000000002000000000010660000000100002000000001000c04e54d9412caa8649a5d742dd4cbc4f02e41e366dd39b6bd11df701162000000000e8000000002000020000000fc374932a57fdd159f9998b1d3a23067991860b3738423da8b9199feaa596f4d900000002945fc3a6f9d7ef60da8bd50e2d990a5677738e2880b42844590487bb065e9266c11a43e1d236e98ef1920e97afe8c8f9d3da15652d7d81b9e9eec530f30d0277cb2b85a79955e53d3eb6bb4ba100aefe7dc537ac2a996ebd9d7364947701de770d740e54139a993d74ba7101449e7f9a357d9f1847f5d6ea4f30db2ba4f1adbe3e355ad7a6a3ed60c88d5fe877ced5140000000cc00fd6b036b2eaad1b3b2d919c7920f76d5f31f2ea4a02e27b851e6ce5454b9885fee17a79adc1a3c254384e43554aac1e385ba72fb625efbf9c9a53534a33c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429723898"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2152	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2152	iexplore.exe
2152	iexplore.exe
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2948	2152	iexplore.exe	30
PID 2152 wrote to memory of 2948	2152	iexplore.exe	30
PID 2152 wrote to memory of 2948	2152	iexplore.exe	30
PID 2152 wrote to memory of 2948	2152	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\939ec6f2ac393aa9142c0afb247b8d3d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c99a64df613a4a869ca06d69e82e807

SHA1
b858c32e547d9fc9416c4fa9602aa499817a6522

SHA256
5ac45b3978363c1c16ad5fb424fcd51cd140b72b34115476d306e3191e644613

SHA512
14660bf8bdae8e1fa4119aac3f55c64b093457636b6f42401817cb4623d6563daf5764811019951915b9925770185be0e11aa19620f7d14540dace8827a078e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9aba88bd19ff931cb398f7a0e32e9ab4

SHA1
22cc89984ffc3fea4b8c7abed128064704d07ea8

SHA256
c32d3c6ee3b6fa9d593b4206a4b5887449d660f2f21e41463c9823a65285a50f

SHA512
d6d4ed493bd2ed1cd9203cb3218f5be322bc4d6a6c88d68f68bba92d1fb363c40d7889b4d8ba4ca660325f619c117e92963e18b6c52fda2e39c14f49773794f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ffc53a61fc29ec542fc065f2d25c664

SHA1
efc5ef297b6e1f8c5c23e75cab17979deda05277

SHA256
5dc97efd3fab281d1583cd76da984874d4d11f1096676ae6a8076b5e264a57e7

SHA512
9de7f670652f536725a3e0557ce577f2bff0cde2eb67be55bede2c96368bf3808273134922260b614ac6b2ad858e6aa5537ad10f415ffba7904e14690c371f99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5aa326ab546126d6a3ac024a02c725ca

SHA1
5e306416e663f417829d030f5233f556ad9ce06b

SHA256
79880c07167b2aa9265c6fb2630b1a7d9e11a6f41e8fcf96ab35f9a3df7cf00a

SHA512
6c37c65d61c25143dd1c29c67e6655412cf89e90a9092ce15eab41d7fed86e91fafa78ca5178753d31850818e182389992d8f93c96329db972eb25d2f2740e77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f449f36257e8138df418eba0c5ac016a

SHA1
9ea6c727c46ebedb3fde4dbc4987307ba31d45c2

SHA256
3d17f74629121d5fb27ff4742bd6be48e4a45af784e22a112665ac2bf5c6d454

SHA512
42025dfeac22173a00508f426310804a485d28610116fc1b36da28988299e3cfbbfa52e549ac3c80c2a79e06f77323464267b9b02388641973462402a18d92bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
287f20b6ec6008c30aecb06b21e3af48

SHA1
73de92f6d77cf31f488c24a29468ffe268f3f53d

SHA256
36220e8fe5c8a2f791c83b892a949d7a145b10913364cdd95d99fa18c46ef6ff

SHA512
908de709eaf2bdb9d6c3da9d333205b3dd4526de15a76739bb34cf91741d1b6835790b8e16226c0ed4cc4c4db8d681384050f38919f370bb86f6c65d00f4139e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
711791a715a5db0af2d4c65cc5d90de8

SHA1
eb0364d734b0c526e2d1c03fa2a275cabe7fcfb4

SHA256
e961390a3618e55bf0d910c0a0eb75c03a8d7dd7e0a16b76790f73201399fe43

SHA512
2cdc0badcd7ef91ac673dc4f3b1346779eb0e155a25b8b9b2766f9ff021bb611094fb407f489b4eca6c4d6aa317db9f2ca5f3a1844e18da997f0f98d9a40e53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17153fff9dade2e2247767133edcaef8

SHA1
38885703b96de0e246f974d8edd518fbad69dc9a

SHA256
2be0269cbb3ed74cf05ceb2545ad33d0f4e2d9d54c4f82a8563fd56fbe1cd615

SHA512
fe56f75730e737f4e9afd4a6e90490ec5a53fa07f19abde68a140b12e7607568bdace1916f4696befc06b90b8d3a3ae9eed201a01dd7d6dab512aa82de9be14c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc6e2ce8269d75bd45cb540df2f6bf14

SHA1
f85233b5b18f314e7532c67d86ccd092333e439b

SHA256
c43d7c534e8655453433393aa23c032cc7621a58aeb0d039c64ecd648d4bb11d

SHA512
682e4fba434388cf6f5e091bb59b7d7b3241845e238f6e2ff004846dcfc7ffb15abb91031f98a3081d061b99376303de2d6d72aa1fb8065aac66c0849a127e9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8e2124a2303843bfc1179c66468a6c5

SHA1
04493ae027dfaa9f2c764791eaa1d2cfb52dc672

SHA256
f2fea9bdcaf7e8328ddb0d38ca26cba12fbde553217babfa5103fa242ac05310

SHA512
f2b50686fcac280f1b69192a9695f5929eb4320803d8edf7a02ae8004f8f93fb4372f0d2babb2839cf059b6e25df83d8e11e4c877e4c0d2a063dcb46c41dd927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4f7f8682c980d23d1b82481ea901d93

SHA1
541f2d3eeef48d71ff652e2449492845d89c2948

SHA256
9c8543d25a315339dc9dc3a614bbbc0bf674b33a90db23d2febfabd4b0b1feac

SHA512
984ff47d9cbcaed0b5313ba99f623d0c2d37c57e5dfb61e5611337f5ef56d003745a1042722e30d6dba68520e133bfc0221211a546f74dc308a50b5a075b8f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7708302a1e3b235d4f4d24857f0af357

SHA1
62076846cfe2c7001c113c66581ab02e9f598982

SHA256
dd7f1fd39b4313ed8fa4c9c6af2b7356eee077a3cc77e7bda8cd5bf01b2bd84c

SHA512
d20686cb6a2c5e7e9e426dea0faba45d53bd4c2e0d46fd84bb47a7bc629ebcc8612822fbfe957b2528399ef826ff4cc74d75f6145b00f52ee2a0ffceefe4ab9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37875c796a143e5b18634147382fd3cb

SHA1
09ae6ac4c5db2e42690cc322febaa513cad9a8e9

SHA256
d074a3946f08ec0c4ecb32fc757707666d38099f04eb03b37f22ff4226676e81

SHA512
1749591b565f1adc032788b6f3033b3d939de08b2ec94969554ff54f7cfb9e24dce5e3442232d46102e9c3d7f8326455f63bb76f24e2b0e5f4be32c3a8a471b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5a035768b0fba870b072c95518b4380

SHA1
81a0aa9ec31f70260b745722f204f3de5e0006b0

SHA256
9a527651e59f25737ba06db602177aad4ca112cc79cbd568c3f59515fb60b702

SHA512
517f9f7e923704f3ab381969bb10f792bd4583473aaceeee99aa303b4021d1bdd1b88fb73681fe6750b1b8ad8b1b1dbd5a8897dd8218930681b4eb5dfd62c465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
151bf53786391b2bbd526794b7287d45

SHA1
c601fa0e0bffc9355f65a4c0044615f2c24c0046

SHA256
9bc5895745754f68b99184149d868c55faa1002fb34e440b76e982434e16ff68

SHA512
055f14e83151b775a68b64d5528fe388121e6d3dbaef22632e52e43e6768de547ad46c70ca0be5bb5e16cc27dd6b25a1808dcbd2e44e1a63610f6fbfd3712f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe2abc3d4ddf30e10c4fee05ff05813c

SHA1
dd8fcc742bc43dfe0f664a222d93cbf60ea38f7a

SHA256
4a23f6a7ac97b89fa3df627dc234216b11eb50fc358636a0c8a654af582e89e4

SHA512
7adf606576406fac23aafd40281fa385adb5ddadc616e831a5caaa6418e9fff99560a556d87d84192876127b6aaaf22cb786e23f060a7196ad81bc1c3b31f2ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f018cf97f3a2bd4b3157b08305f0d7d0

SHA1
e31f1dc0a4202c23ed8fb1b679afa7d34addcfd6

SHA256
7c90c5b0dac89f657d960c5909965371e337626e28f7842d25802f119256f98d

SHA512
81632a0ed790898c9d3ee83087e3277df7aed6ff94511de006666321de278657722bc18d5ea1c832eea0bb8515319b388e5bfd8e127715a5a9a9d0fd669571b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE7F2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE862.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit