43f58c35af8de003f183a28a47660c3eec84a838ec74dd6652e8b1e92d79de1e

Analysis

max time kernel
137s
max time network
116s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec0894f251a18d3174119badf6c52763_JaffaCakes118.html
Size

157KB
MD5

ec0894f251a18d3174119badf6c52763
SHA1

a4d2ac999e3f28d97e71be622c9482030b5bb0a1
SHA256

43f58c35af8de003f183a28a47660c3eec84a838ec74dd6652e8b1e92d79de1e
SHA512

432397709dee3be59f6d71d5ae7b7ec6be7acc63f924ada24c7e56349bc4db3d626588b8790a479f26c0ad2d1d8213f30db3f6dbd7adbb9deedffcf31b05e07a
SSDEEP

3072:S20nTTqMB3yfkMY+BES09JXAnyrZalI+YQ:S20JCsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000dc0edf9696a0677930f651fb9b1a09cb215df028989cf1022ffca21d70063317000000000e80000000020000200000001e3756a2d879b2f8aa4c546dd42c7e16dc52f3b09c6d4a1ac3a262f3e8c34df22000000004e6f84611b5ef0b4324172f04ee27dba65482fc9b155e8573bde4a73318e80840000000121f3068c02ff0ec5406002b31134bf519c64216d335c75ca98bec2caf27e6e0e9008c5e6e8d61798bc86d0a44d61ae92f8d6e794efc1a0c214f7538bd396402	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ad4405ca0adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000447b59ddd611e0e65ff18925f9b1eabc22b188a1eaafa17eafdf1133d302383d000000000e80000000020000200000003a3a3fe1dc39a40bc06b29548d381b9c99e8313a23f2ba07aab5ac846ef1a18e9000000028ffe27eb9c9d8451e213a41145e04c1b0cc0b4fed47ce32ff6cb327837bfb68884535d4fa377385fe828d784f722ae35a6c419a204f9e38c52986e527faba5634f81df466dd9e62693c127b790e8fe0ccc0544850e023779fb085e5c0abb0ef69ea45a5bf2b902959bb058718ee92d94c873fa21a6b79e9ed77e755f6edcf24f67eb605d498202c061806950bce42ef40000000b833878250c6474aaa7642effd7f0ca6ac69ea2e78b1883b6864be656d9e6d786b20c7b8ef31ad62363bf8aac5843b0e9898c3bb57f7dd7ce86f2113a65faa03	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F123B0C1-76BC-11EF-AD51-4E66A3E0FBF8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432935802"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2368	iexplore.exe
2368	iexplore.exe
2892	IEXPLORE.EXE
2892	IEXPLORE.EXE
2892	IEXPLORE.EXE
2892	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2892	2368	iexplore.exe	29
PID 2368 wrote to memory of 2892	2368	iexplore.exe	29
PID 2368 wrote to memory of 2892	2368	iexplore.exe	29
PID 2368 wrote to memory of 2892	2368	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ec0894f251a18d3174119badf6c52763_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
426a0b73cc46be6dd2195297205e8ec8

SHA1
acd15bafad2088dc7b52a6d23f79f19ead56e4d6

SHA256
5c697a1394bd5994cc28d35c6b65941cfcf816e85a1bf7aec92150e9e7a11f14

SHA512
a6bd0b42406c8e6f1a168bb9b8b9570ffe9791c4b93b7934942bfc16a69265ae3248e115113aec6ab28923a9fa53bf53393ba2d85b09a93f01832cd92ee22eec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6424dc498d1c655b7ca7c9eedeef5677

SHA1
e1bac63a9fd39330a49ec3c6c82becded4078b91

SHA256
0c22625cde2dc17d9595cb7301e6df5ddefb102d316b8c82f41132e7b330522a

SHA512
7c060f1220a75a58558bc6cff9cb873559b46a1e274be47c1fc06599c2516e013379e43140f3dece6368b3ed6b3742a0881398d816d88f817e10d32e38d3f9d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc60dbb646ddda7bb395e6f34b0cde0b

SHA1
918e12fa41eaf0c0a01ff0a771c207bd7588287e

SHA256
7563895f8d37e68c766a5d6ee15cf14a488b1667bd239b761df7fa815f1e4238

SHA512
0a392c967300daf14f0a83b8523039ea0e7a8aaf1e7fada99d54ef796479026ed3c7f440db49371904bbf7e889640f3c8da182d4feb3704a9ee27a7134522a45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87f191fe075edd42cb50c4f83ed93471

SHA1
1d86fa1bd5b1022369ea5adf6d45e75454b7703e

SHA256
666949c0880b12e59eebf3bc77d421840cd6b5cd23d75d1fe18b64ee80b6ac8b

SHA512
7f437e3517e8b637b97ee60115f199bd548c96b5609f30eb766848d8391b43b38fbe2d9b1f80c00d5aac54b01ce3cb368cee0d3bfd8a0e22e7635e6d25821189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ad59c4079cc6414fffab3ceaad10eca

SHA1
58742e84616f9b55fa2257afa09950ba2e962eca

SHA256
0d1dcc1ad83623862c423096a2168094c5486e5a51e2d05b492cd3802ee5dc0f

SHA512
9a1d5b56a1e56e67786491ad0182ac34a47b6a53dc0dc6b8021c6fdcd577a4d9f2675d484d3297437391572e2625f9c14fba249d84192d68335d764d5b49b1c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcc2cc70f9320a41ad46a030fbf26062

SHA1
01f3ab8fcbc734ef75dc20e7d4b9a05987531ee8

SHA256
e99450f67e906df22205bbf4a4dd81364c2921e6e4cf750432aafd8a32a20e12

SHA512
623a2dce795fbc36f666a4c9ae1c4bf5b5734e2f1372f043d9d2bd0e320d32b69b46fd3a215006b8e07becfcd8debbfc3cb51cd6f2772d89660b7a3e875aebfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f5925cc56b410c41936ccc074f50899

SHA1
5b0907467674db456a99b2494121f739ac0554eb

SHA256
a6fc4990767cb9c19748a0310f7f8e86817fc27baa9a5d608a51af0c70296a00

SHA512
0fd2d6970076593862079c967ffd50d029164cafac8e2fdd0cb113cfdb724f538b8c4b3b8b85f8f830a8f09197276fc3e893a42752af686fcaca4b48711b781f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d803e6ca94eaf301c34547883a05125c

SHA1
d621683f01b6f5006974adaac041c3edb4d3490f

SHA256
5ea0f42e49e4ff3d8908250a9ddb7fc0d12de5702832d55e53d4f8020d659e4a

SHA512
4ac183c407a28a084805661fa074ea3acb3176502a279ddbf3b1f8c932f23d63bb02aaf4e0b7da8b0fe64ffaeb9aa9858c47e332b89de686adebbf6ba3a7ee98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0052c21e5af7eac2fb1cbb95e654700

SHA1
ac966af789cfcfabcc84fbc7b5ddba43aa3ed43a

SHA256
0b46b8e6f73c49ae0777147db1166321e8c5c233b6d3c15eb229e99df41830ef

SHA512
905438440dccd290719dc2754f3bfeef017dd74d9fbda572be892b991adc792da4e2e31a547a2f5e1660bb5f44eb5ca2a6926f9c38da656d901cf062edfa4778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36e3c106598512b11da207bfd57e2e7e

SHA1
24a3e43353641b1a19dff7e42b55c3f6ab163d5e

SHA256
bfedf57c23d2942741760af46d1081468085070631c97595f5a6d1b9b80eb594

SHA512
215698945817b16b703acfdd86eb85553e3a0d4b0cd245931a0854bcf78a7cd01428b76e6bab78ed872fa835aa139b75dce46ee397b862859698b9d8fcbf2936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f525d4cd4097aef541c909213528f611

SHA1
b3bd6e8d1e75c91362d1e2b040f5d064f8e5768b

SHA256
24d7cc309a09e65896cda725c29294a0da5160bff5eb755d6f97e3b815ef94e8

SHA512
dfccf0f04dff6f3ee9b6d88d8bb11a0fd5a25dff0bbf8895173d6e32ad52a205552774ee20260be672be9b2ee4f674bba4a2b06da5e7dacaa40c2b3aa3c656ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69a5b523beb0dcec284419916285469a

SHA1
600d1ae5393a81971dd5387057874a628ad02ec7

SHA256
8971da89118f59e3d0f66b74fff23c93c4c4b5a15f55bd1f66c6926c2aef3519

SHA512
b4ea4370d20e2180a51a9aa89190c9a5a2ec0daa2d1a842b4447a3b6e43e313a931e1a9479ba65fd7db5f297360cfee45f829ea831f1e67bf6eaca8eb4732af7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
249c718e82e0b39bca401f1797f5e306

SHA1
7de299b2bf697ef692c2b0b2a7f1a4e5acf8bfc0

SHA256
6bf943bd31b738e0831699c071e7a2b93a2dcf0f1a8a396b0d7ec1e2a4167b9d

SHA512
6b492c8384a25e22b1eb617c2d4c8c1fef9e85786d9075040d7a9fec7c49c3a60dc6e8982558eccce56a49fec469de32faa19eb6c930cc888bbfbb45c25eecef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c0d2f7579325bbdf86e93f34112576f

SHA1
0c52fd81554c158405118c41e4fe34b5b7531d22

SHA256
befc8a081f27687e7e59324fe068b777fa52da83509911a2716594c28a543955

SHA512
42ef6d1af4ed09a1a07cbcbff50f0492a9324de011bfad7f704aa7d5119f1f13b38faafb57183fac0fa27e9de0adc20fb9f877cdb768c621c6649e10ba721ac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dacea9db3ac7002ab4d6833e7aa02cb

SHA1
1fdf5e0c7496c6a4274f651ff0fd4f07f8f9bab2

SHA256
c976e252e184e409536a9a829b40a4957eaeabba1ca796be9a1d84787e461cb3

SHA512
0090ef3678b5faab1440150c89fe8fb34c15b3d12ee2fa0cf0fb2010fb66e41769b256dd7be77a9148b782a02c69134d7e96344ac4e48a07efa7a4cd85541918

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab41F2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar42B0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit