d7ca259e6311ed6aef276617dab2544a867bb54c982b62721200c969910b3837

Analysis

max time kernel
136s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a6cfb187244c9c96ad2e2c96ce94b76_JaffaCakes118.html
Size

727B
MD5

2a6cfb187244c9c96ad2e2c96ce94b76
SHA1

911221751de0124ce8c5b0d5a9f00342f87ec874
SHA256

d7ca259e6311ed6aef276617dab2544a867bb54c982b62721200c969910b3837
SHA512

c9f856bd203b710a05e3e55adc81984b97bb31c0eb077abf90482da9260877226fa96a6f10dfc532bdf23ad9b3b91e0e1cce75ad1b9609e83e9ace82f36163de

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434640488"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000008b9f96e620d3896c55780d9296c11bf775a796d90a749e9b61dbc604dffbd19e000000000e8000000002000020000000983d023a235fa458367722fd54986a8bc5c20f3a48fee5d5b7ef4f203a299a5f200000007d36767351b31d0e464b8481ef463a6152d7ec9d99c7efd87631c737e320bb89400000004298ae2172f7b85c506dd6c8441bdef8b6a4e9d6be526a02d9bc8985c8ad905973eb976c75617c1bbfe3ed240edacd0fbed642b14f6bde4fc8655e7ac11c2fc0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000ecec5a505e2e1eb280970deb15bcc62362d0d7a0fa0bed23a393f7b1d5ec759b000000000e80000000020000200000003408ae0fdc1b6d063f5b017c692228bb2a3e9c52ccf87a9e6478a8640520ff11900000006881c841ef6d458fa3b97a5a398c3ff7b560d7002ac88ffc92b7605f569d30f7d9d67881a1f180c9b8566eee4201cee0cc85097ca7467e7235dc5353df390106a9e7a71ac1bc6563cd0474c874c503d021de55f561274ecd2f5f1f39196df0686c985b35fd73d43644ee78a40820d09153ff8486cfb7643e798e3608b4545c86a516fd8d42171776f26327fa22ffd8e1400000003a0eb057b078f9352276534e51c001ea8555e05e5c6990657a06593b0d5a735927167125c6404e2fdf258d38d3c1ee382573fb6361d366ce5560428f0ac74998	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d045be4a1adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F899C201-863D-11EF-AA6F-523A95B0E536} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2536	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2536	iexplore.exe
2536	iexplore.exe
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2296	2536	iexplore.exe	31
PID 2536 wrote to memory of 2296	2536	iexplore.exe	31
PID 2536 wrote to memory of 2296	2536	iexplore.exe	31
PID 2536 wrote to memory of 2296	2536	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2a6cfb187244c9c96ad2e2c96ce94b76_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90a7014ed516fb0ecec86b1bba3709f6

SHA1
ea367e4351ceab3207cd8286076d094e789ed4ed

SHA256
9cd0855216d276998291a6a398267e1d647c5bfdbce11ef977980ed66cf1e177

SHA512
345754a24b212ba20bcb75bdb3a6d5220f34428ad3a1c36d7f820d621e828fdf8b8f300edc29b7ae6dd165db7fe173e2f10560401b0a3598e97b015528891282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c65e4bafffc999b4c5dcfd06cfb553af

SHA1
610fc33ba779bee953a2d45f17281e50efee8d3f

SHA256
88ae84a40ad0f5a195db7f9493ad4916972476604fcc465b37f2ece7bd469d98

SHA512
66ddb98230e48c1b766f195b33d1dec19bd1ce36a6a47ab57ad1a1e946e073976a1e0fc95b7c5852f63654cee0d8dc1b3ba626f5be9400cf207fd93d2326f539

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d94d05f9906a07b4d91d4167f2e5f295

SHA1
6153b9a77bdec92d8c58af381d6f4461891ca2bd

SHA256
2b65dd3bf54342755979dd9128e9774ba821dcc3e825cd8f9a367703a847747b

SHA512
a70e50dbb8ab26a7d50b612193bdb2726ef09403fc8f43032acc06b7eae68c795468c912f356748065327f51779fcf92107a9f1a6bd8acc3c9415217e2f506a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57770f0c80b5ef9e82eeff21cc199ec1

SHA1
9611c9868616c5d48bd0c176da4444b93f34c073

SHA256
28f0c9ce6f31ab2479999adfb8710af0c340d93f65dedef5c61e2eb37de9363c

SHA512
cc8692cb1e9ceb5895c7d0dd455b1b0f16a6213fc23904b0ae0840dc065ceb65d0ebd6709f924840d17932819f6363f53f24f66a520bd02725f56d91dc04720d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5b529b75ad078494ff32a1469bc9b51

SHA1
b37e69ff37b8d10ac9ce627dfc53ab69934e62c4

SHA256
c5e4407250147cb00e8828a3a70cb503e029b63c7faa8917eb896ac47963abb4

SHA512
55dfcc317f463812099364330eb2acd4a5c7641e490af5b75c4601ebc8b00cf0f14876c8c99d872c8ed5bf2554092114709acf6f95d0511952ddbea4bb4771c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8a001d81d4aa8c4850cb450a0a1f462

SHA1
a2b818221e8bd88b0f9f7e609f28822ae18b2755

SHA256
cb904ee91614b37198c5330193ecea024c106e0191cc6ac5d8a2fbdcbd8d5ed5

SHA512
9fe1241647305b8966fa998bc5ee6e8c31ace49ece20c3b9983683ba1293d6e564f392f8cd01579dcb278c267972b88ce2e25cc5e2c39516775730c56d490a8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f921de260c031bd5b039e8f13c60ad07

SHA1
1aadb01c92610a4aba39b8caac21a237cd07b3cb

SHA256
ba96c9ae083b14ab08d70aed013849fb47c3f333a8ddbf3d1354fff5e62a451c

SHA512
eb8cab66b4e234c1ea2b687c55c31dd4adceb867934de162b36b3c42b9eb7fa83d377729ad2cecfe7b049a7ae21cbbabf96afdf06dffd57865e78055ce7c6e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0be8f802b8f6bd48fa0d174766fcf23

SHA1
850ef62667ddc6aea46e915329d29cf90a189b14

SHA256
9bfcef03826acf8f059e183e2ddc5e1afa7112a68934779676ae9aa1fe9ce0fe

SHA512
702033831dd523236a0e3c7bb69426f2cb679c0729a31aed088f13633d164bae9ad9e1d093c984b7ae439b5bc9981f8786a32dec64e9e6c19f2663cd7181ee7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a469e7a6d20b7b86f2feb78f10bcab2

SHA1
789ad193c18dc08b00245ac2f56bc5da952a6fcd

SHA256
6f0d087fdcd8c029d9c22ed61e0c4a048aefcd0fe1ad30790a3fc6b60869c197

SHA512
34bb9acfc910583155c21b833823e2e6ea9a93a4f00c9b2e20aa2c6ca9c70f118045bf3ed2221f373b2e92d66bbd0890fc9c527d46e7a90c11037249fa5f0347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
482a2c14ae0dd3abd115fa4d74d78d70

SHA1
88f41fb2c77e082c524e4ac9594de72acf101937

SHA256
ff9408da6f9af869b46110c842b3d1bccd66208e471590a278addcdd16035362

SHA512
dd8d27d4a1c5e4844e6ed4bf468fdb92fe2bbc6527b8a5e1101398dd4913ff79fbf6e242ddda4b9aaa67d1bb2fea316343602296e9310be177f711b1da9cb611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
903bec6e859006b17ae06c175e1292d6

SHA1
56837060c00160ffede18104113ab1193c6e3ebb

SHA256
f902c7180fdb7431eedc7f946c5042160bb44b6bf8bd761c3a3f3e36665366aa

SHA512
b888e23f26ec26dacea780871e69970f0e7ab3a6a2259293347bbb476ba790375b5c25fb058cb59833101f96dca816fa9e5e5a9461fe9f4fcf74476d7e989ec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e5b7595be0fd3ee5a4cc4425a93587b

SHA1
ba57686605b2767ffa0dfaadcff9420dd0212ef1

SHA256
1d915d09ab59ba30ce3c6cfb15355e9a48118fd8fa7506cea8bd34edf657c9e7

SHA512
0560cdbeb14228eb8e611f683e41d929a7f8a126e9718b4cde51dccab02f2453f271a431e6356a0db230b81f0f25df1f29470880b5178f0bf3250873193f0cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4671e7f084843cf7d51c3fd22ddd779c

SHA1
33f65f19914b7a83cfe25be1c4a5401ced7c63a6

SHA256
0bc8f79f8eef271ccdb92cdeb6cf5e19d515266bcf49f66b33e5214ecd4458ee

SHA512
1d30adda2aaad5fb108a25a5f807c9fc5f229955049366d0c0e5c8e6f6a9f572cfdc462fd7df09c44761c79d55278522a8cbcc924f70724c96ef033aa0aaa3e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1796cc985d5331360745b4d94b097ab4

SHA1
d4d13cf4e93f659fb2f6f91b8214b4ec0e2152d2

SHA256
2bdd912cf4ad9d87cae8dd5ea34213317b0314368bed0d0c08cfc95043aeb18a

SHA512
98c73fa0a4be3737fcb7d54da438fa909c551f4f3ee6d94445831faac1c9f015344c8684cd2e01490e97cbd285729bde5767ff5662a3bfc74aed8f9aa06a8519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31e5264d1334b534b2dc70f648980fa9

SHA1
c6dcc357e866f45290cb182a983dc1eed957c3b4

SHA256
3ce192860db0babf4b85ec3a9993eb5d462711fa04eb40ed97079e803389e516

SHA512
c6745ab374a3f854daffd4c8921d2a2e14fe07fa64713e202224dbe4849a9046ceae91408e83b611bc7591286073c2d1b199ff48bb8def831119afc7caf4fb1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6722b8397d2252971ebedceafbadcd5

SHA1
f76ffdd9a031a3c434781d54d54c0fedc8148815

SHA256
8ef3a2f70fd1b8a222d6838dcb0f7434818ce608ca9cdee2a32c33f71a14315b

SHA512
ffe6726d8afc10b8ed2fab281ffae4216ed2dbcb85afddcb0b8c569a277387106a07bc4f4d7715a4538a548e363d5ddaa8b4e3d3bef91487ed4b4afb0d054c7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8beab78a38a6a7d828cfb25aee3ba002

SHA1
930f18a15f7e5f868683641acb7116fcfb951d3a

SHA256
7f2e8b8984e1fecd4c887e7c728ba46a3112bea208c59ca601f1c306a3f92817

SHA512
1447d228314bee8bed5165b037b747f2f3e09253a5c825f738dc469e5b90df445cabf0bdc13e485789a3d81f043874a9c9b580c3cc08d26bf92470906414789a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar19C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit