9f22565a185ac892275328aece89856977ac51fde705cd314cdba29bef98f6b3

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 14:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13c6fa070912fcd3e018e252ce288dab_JaffaCakes118.html
Size

53KB
MD5

13c6fa070912fcd3e018e252ce288dab
SHA1

50fdf1ca639c62cb17a00668ff2b7e4c79d4ec47
SHA256

9f22565a185ac892275328aece89856977ac51fde705cd314cdba29bef98f6b3
SHA512

c05056662a86da6d2734c062b38a70cb0b677048fbab6167a95ebab99b9886578faff5c49ec4026e0a717ea28218598d6548a309cfc61a6171f38dd39530b550
SSDEEP

384:3F+IX5bg3mntelTDW09R9+m+ydsJiwydG:30IX5c3mnMTDtdk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000007dc538e17f19d31b2d97486a6e01fa56cf79470085008ab5a6ded0658c80410d000000000e8000000002000020000000a6c71b5b2d69963a8b3834793f252327aaed72dcd937a2da1f0107c5310a575220000000936201906818944034b34f34a457f5bc4e0d95572607d08aeca4f9ed58063a3a400000002e45053a143bb7531dc6b90dcd0ebaa5d1cc6cc277b9da53ec58b3a9fdc69eb724175d384348e35aa8c4f1789232d6da734eb4bae63bd7db387185be07236ce1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10487da36b16db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000007b81c6b67f067bf08adf9cbabf0e994c9b29fae13ecb3a1397bc390e6e1774d7000000000e8000000002000020000000c78b04a21378a11374077d7311c096ecd256256ac45f25aae070b9df9a87801a90000000a7226039b18113a00947c5847327f278ae1eea03e032f4bcc716dd2c1441b3102eb9c89c7a8dfd510d0660879b38767b3da7acaf05b349ee283ca828ced851bb490c1feec8e02e723e201ce09fe7869d012a8ba93a2ab3e68ec8bb76c870eb0fef4065257fde8bcfa308b477be31c678a2bea17bfbad48636275e8f26563f3590730ed1ea95ce23c5ad9186291747ffb400000005d4045ae7df0d1245b7d52d9f6f22a89ccc7bda78a3ae99e508cb48a7da56caa5cc485b848d1dcb134d829b1605e03328a300270d170ab325efd7459955d918c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434214786"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFA4E71-825E-11EF-A429-7A64CBF9805C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1520	iexplore.exe
1520	iexplore.exe
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1964	1520	iexplore.exe	30
PID 1520 wrote to memory of 1964	1520	iexplore.exe	30
PID 1520 wrote to memory of 1964	1520	iexplore.exe	30
PID 1520 wrote to memory of 1964	1520	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13c6fa070912fcd3e018e252ce288dab_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
504a68d8e09a7cf4897bf981138189d7

SHA1
0cb601fff84465b694c7c28a52b86d868f667bb1

SHA256
83123294eab6cabdf9baad0428a0dcd6cb8e110ddf28e3239f74f5e9c77c5a48

SHA512
de346bfdb97c06996b1c811f9be93b76794993f268ab6d5c02cc794e595eb33e4e09073f9bf3e13c19f8fd1a581cd01e6811aa3c2ec04892c8c86bc7b46092c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac870cf7ee1b97c8e8a908afd50b7286

SHA1
511f05c55d29e76c80ca9260515e62f50e8de79e

SHA256
30ab0f97d4d6632364e11340e57b55d271045c43ae9161096675fe88fcf4de55

SHA512
95b58fcd64c12677b6e9257331517dea7bb7a9d6d3739b935a175bc1777c2d416e7f841f7d0b5be9301bef8295c39f007505f2309c08e7cb87db0fc8b84b29c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51172cd1b4846e3bc1811d0782dd9a31

SHA1
579a4edce90b3e521fdfc0a7789aa2413827ac99

SHA256
d2b62812aeaddc3679e427b073b6e6b283acad585da705731d59d22e7f048ff4

SHA512
157052c2c95dac5bbcec4de67ff72b2a6ad3ca268858ee40a12358215d1f5d3b90f153f943a8754408d3abb62deb1b827735e3ac961c0aa41e38bd0affb66e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c116805e477d0d8fad162f40bfc1364

SHA1
dbb84cb30f06393858e23edfab55cfc43bf41fc8

SHA256
e4ecc1b603fb51974de0fa2ea93cbd77e14265687e2ddbac78bf0055d253b1eb

SHA512
8f6054eeed2345fcc9c3cd309fe2ac78c41d61e39eee14d1262f5ad7dcfa4882f1a87c379f07bd1744e19a9bde51097c39e9393d083e63ae14ae2a4914801c0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7adea441fa5a31bb11cd19b72d3eb416

SHA1
e72eb9065484af803c9931072646a28b2e8a011a

SHA256
4009f57e849bfe0973f3f06031238640b790a56bf8ef52d64133c5b85ea54c37

SHA512
ab4b7544556930cdcf30e2633ffa91057be16d21eaf50b831deb2181b16a8ef24d76d0d96fb3ad8f153bf8346d9111bda874ce2eedec002b017db8819281aa2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe342dd4d0891090202c0b893f1233e7

SHA1
9b85946a39ae4e3010909f5460053fe659759b70

SHA256
3ff70d794a091dfebe116d30fbd0e7ff05e74e8690734b63fb88cf003faeec09

SHA512
ce4a4f801fa25155a7184c23cb478c56b4d4b0d0d72dac0ed5167e6a0c83c262a67277330d0cc97975377f07009b066b2a1bba741508712aaf1461e9e54f2f31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2dcb1e0206267e1fd4b61fb4434f388

SHA1
f4a3ff0dd6c8ff1e5d7bb0f93b46518af1eec451

SHA256
1bf6a19ab10c9c74e4b4a263e886f8af81d1164ac76c68a297e098e99ebddbbe

SHA512
73834242a940dbfbda0ed1543be3c97dd5fa9480119adbd57597fbfcbc34953a7b54396f93fd0c79a388d7336ebfe5c4a720ac1b1eb54d0b5c824b20d57c60b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e58b3ddfb660d7a3e0eb0ff8aa673d6f

SHA1
de50ec5d3bb395a89ce22512a9121dfaa86c81b0

SHA256
d368883144e00cf8b26393282c15c08a6807a2b0106f2625ac986d4224167d23

SHA512
5532c0a5728aeb0fb05e0e57a197d3e696936a5b54f11227e3619f4214a792f8b4b2c619671ab9a3029b2eac3b8f134d1352accc4510deb6a48452c7da63afa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6957822a78c0d5059504bf970ca93f5

SHA1
53cea4e757f96cd96d1c5ae13717b4db49287c0d

SHA256
0ea936e6ba3cf087906c82899b12e8ed1cd90711de65aa91b037e3ff99e65552

SHA512
4473e1687ec6bdbfca6e6667c5e1b41b9a213bba6aa6631fc0b007c749b492a6cd7a38c8257760a1a64489b5e469083b0b8ab2f837ec21251b4cec337a5cfc9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a0318b2398f39d90a0a5925831293d5

SHA1
9316f20fd753bb49dfaceedb7cd03c191f03e5b7

SHA256
4491e140115e1eeb35904911dc5e1980caa83983f0dd2dd095cf1079ecf969f0

SHA512
fb10a308400ee5ae9716eed7664fa65047d22c5c7f894528e2ab6d30daca2ac3191d40bd6e238da464907068b7b11affe5e3a06ad2000d0eebe3abdd68c70c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa0610eb6fb3bb67ae176b46e4cbac28

SHA1
dcd8061cf8b8026a89f2b4d300a0a26f70404f61

SHA256
7662551eb3fa29997fbb1cd9921c8e6e78a48837dccadd21de3b170ac8341bf6

SHA512
bfeb68401571b338b2c49bb820300d0e6bf58ea531ade1f12514e445995411bca68f4914198392c46840b204cf29c55f991afc6436ac5a3fc979902e6b946db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3809832c46104876552e1eeeb33e146f

SHA1
4628063a26b22bf202b8bf27cc0d4a30c5fc4d5d

SHA256
eb81465afe07eca2ec823f82809131bab5fc087392018eb83b96b0e4c161df4b

SHA512
98781f0287345dbcafdd06959427ad2e056368c4cf2caa1583e23ebf9cb7b524ff2ac2ab0bcf67d713a31a2f7d8d1cfa899f48afbe73e9a2880ffd64633b245c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06b872bd9057c9ecf1ec953853c7d954

SHA1
9ee5d82873d0b869f91dd6d17f00b92ab5c79b92

SHA256
ff951bd61d1d3e441e58edaff441eb73dc11a21fff34390ec344af70b8eafa28

SHA512
824a508455827abe37dd4e0b4006ea57472152fb78b49020cb59b5d209b3b63f234cf4258249a38eefadbfdcb2eaa4975d5be4f03128702543b9b77c11a9c564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebe143621ce37eeff3c46d8d1b45aff4

SHA1
a6f5df0f1f29bcc1a55092f537581b9682ed8615

SHA256
0449491ed903bf8ef06c111da5601d06865efb29010aebdc8bbe31d2fec7eb8e

SHA512
da8ae000432216cf7b6dbb61d0cfd201db80d99b2a5763366968bfe437297d5f346b0c4a47df8b5146a4af24d2d7b2094155c996b0453b549bdcf85ff3e87bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d774973990c677490b2aa5fad3f1298

SHA1
2042e52f9064785b8aaf0b0593df110fec47873b

SHA256
488639e64964aa27e23086d002b997a0d1bc91b8c1db246afdc274f5014639f6

SHA512
e38bc805a816ac594e1ff4f6fafbb8b26d9d9da29fc72d927e22c560be0f3b420d615d9579819ddc15764f61a42e06a8e73c575375d87780833b44c414162c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6de45fed5f43e3af54cc4b8d5b602a5

SHA1
672ab853bba96fce1da90053831c4c7653678da2

SHA256
1ee0769ce3f94ecd3a5dedce39f50af156508506b5950ac2e98a25444dd172aa

SHA512
24fe407f168d8058a929996adb0aa79adbb60ce4c1ddd6e5c9eeafdf1a3e06f81413965cb533cb1ed19332ae95feb757f47b082130d714a70069a9909f69b36c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adeec1715f7df01c444eadf1c27efe31

SHA1
84e9a5bd7655f42bbc9e55c5add432415031dba6

SHA256
2b95949477cd2776224418ce90bde854b6caa218b53ea34ebcea82393f050006

SHA512
504567b9f70453cab44db7703ba9f796cff15b2a94f5f6eddf6dbb5b3847fbc2392803e4f4315fcbab11713a1b87591b992d46da405e902df60941d92935daba

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCAF0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB51.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit