a355d15ab763e60fc7481a059da4fc18a41815708e353872681896f86b220729

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5613be67fddeed3ba86d9c44cde39076_JaffaCakes118.html
Size

53KB
MD5

5613be67fddeed3ba86d9c44cde39076
SHA1

d92e0513590f1ae39501abbfeb25f97eaa994b33
SHA256

a355d15ab763e60fc7481a059da4fc18a41815708e353872681896f86b220729
SHA512

2131711a777c262ae52dd68573578922fe663f5a752825e244320ca54a6fb972d3cf0f1ea51cf1236a73b51735ad4a7487f4a245c086b14fc6bcb7372285df04
SSDEEP

1536:CkgUiIakTqGivi+PyUTrunlYV63Nj+q5VyvR0w2AzTICbbso+/t9M/dNwIUTDmDZ:CkgUiIakTqGivi+PyUTrunlYV63Nj+qY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000002d8fb9fea693873aea13e8a1803729a893dbc0fdb86fdbe6288f8e2aa13d2d15000000000e80000000020000200000008f7b1c7d1ee923c27c21d1a0721b9f6f29ad312d90638c504eba073ac394f69f20000000b608b9fac8a7b40abcc35a1619b5e07c35f2904fd39264024271b0e54ea2c6724000000053df6e1a8aef60f69b2f876e1c84f98b9ecac9ce47862fc13d522f6f4759badbb601bdb62a7adc54d5b83e120268c6373424db4c4d21dfbf635559b0a451ff3c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905687ea2b21db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435396880"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1446F581-8D1F-11EF-B4EC-5E7C7FDA70D7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000080686f0d9e3126aee9527d6ed8115328d2baf56478bf7871bbe6e2050154306e000000000e800000000200002000000060e40b4f44966741b10bafe5bf9749ab85b65458730597317c94237cba11909990000000df15ba41f5435a878f53cfd5d3dbdfc07cfc69cd6f8977ebfbaa6f336b14f0170ca3f8ca956d93920fd8db3b6174d421c85bff837f21a0171e4a9658cd77dfb97e436adf917126576b00d7bc5d60e15ec88584c67448a1dbc34241b6db9db3029f0e219edcd98494c9ed93ad03c2551a6c95f475e4bdc659bc375d25d709d570a86012e2ae5c21b76bc7393846f31c8240000000b51f6629f3403fdde7096c11f6597a860341ed50a1629d2e95e638e76946c6d8b2ce98dbc368abfa04d7ee07323cb9cecdc33c8690824a8499a1f057422c90e9	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2852	2872	iexplore.exe	30
PID 2872 wrote to memory of 2852	2872	iexplore.exe	30
PID 2872 wrote to memory of 2852	2872	iexplore.exe	30
PID 2872 wrote to memory of 2852	2872	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5613be67fddeed3ba86d9c44cde39076_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a65fc9fca844e0d463b8df140d6d1bef

SHA1
f607452b49ae3d7763ac147f6482a07d0c7b2cbe

SHA256
8684a804383b8a3f875af8798270c14711ec5db8d1f3fee8cf3127307d77ea98

SHA512
cc791c1f44c502730d12bcac306836aff48598169319ffe80f18880ff9de9042c734b268c88d6eb661c69694127218a900fa282d55a50c449ddb65ba5ad1974b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a55c60451ee7c71f0c0060c7e36a500

SHA1
d2f503737de74e36f0d11b431c87170e7e2485f6

SHA256
34b44aea68e28363859db02420e978cd8a9782498d25227412eb23872754ccd1

SHA512
673ee6536f0e4fa55054fd46194760cfd99ee90c767e8fc0e08073118e44f09df22163f2fb5a464264b5cdf3bc69532508c503ba3b2d7866f7de9fe7c5cf5605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1434477cd6b0fa476f8ef376ae4003b

SHA1
f197e22d722ac89f5096099cfcb69d5c70f90c64

SHA256
dad7c640896f85ed26e87abff7e981c6f9829949feb859d44739c44ca97dae77

SHA512
a02f3fb890d56b03606a4d2a4194226f06de3531fde7b89d12f8afd418160c5d129ec5346b48367a43c8f290ad32fde66f574ce0606e84ecdc06dca414191de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93fe4a673415f26bf99b0a5aa3bc3da2

SHA1
d0dfda1820918f66e4d59a7af23d0f6029e61615

SHA256
fd237d212e2a4520ec14116b4b999c50535cf33ba5a078eb405a11a139eb33e0

SHA512
2bdd8cdf5b60ea9f3f01921b90c902ff9e55259e5890424f1ccfaeb645509fe48957eb5b7421bfaa70dada3b6d45b08b351b9e5ec775e3882839789120c1d2b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d7172c94bf7727c43b75238e543bf62

SHA1
7db904bb3d70c6152fb27ba616736fbf0266cc58

SHA256
8987781a59563ed48693033c2cb49fd60e175b295b7c73cc91132346384a6786

SHA512
91598457131f319dad7100f1301930d50b018ac7c4dafa72367a07a0ea6bb12329472c4748089a622f954659ab39eaa58a5289cc5b06b189a8e842d8e10952c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4174261d8a6280a1f23fe9ee0f525427

SHA1
fe135d3994594fe656e011b81c7692385f163804

SHA256
eedbb0ac7cc7980065dec9f9e6b910aaab494c2f0f69719ceec952525ee8be5e

SHA512
ba16ee7bc2e7d1bad0daca64738c7e96b276ba93e0685cc47c2dd9418cd957e065b19280e7ed72d118ffdce91d108da9f5ba28ebc86c499450c7fbc9a5f0c7cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f29e2d000606f8b1f68f0c7011b82a9d

SHA1
8232b5ce51343b4eeedc9fb2cd8d996e8333ecb2

SHA256
edcd4cbb03b93afdd7720a175078b2344d86896caf2d302b1c4d2a8a8f8749ef

SHA512
467d88f901385391d342c856a9ab7eab0a7dd11d5871d1d29f9a7638c60f5faa0380882bf13ec6b6ea25e777fbdd2905be0f58b6bb8221a5505e8116bcf80e12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa73ac1085b02067b3a212eefb7b8b57

SHA1
81584d62ee6d26118748029b1e2ae7b80b1ad9a2

SHA256
4d0ce28e585a64eed34941305c68ce12a6d721909cce29b993ffbee94fc2225d

SHA512
e98ffd77a2b29579c4603fdb01e7592c1afc492bd9e8a824246bd2e8b7106ee18bf035786416c9c37f7c3545ac60109f9c6f79bd0ec64f5441147c556a43399e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
553c1b721657976d75a2f48255a30cb7

SHA1
d5bc4d2fa25e6f3b5459f0860eb54cb70f8d0d44

SHA256
0a9df923e877c818b33bcce54d0c4d3b15234db8c8ff3ebdba5b0bd8d0d54be8

SHA512
c1b335fcd8d12403768bf925b82bb6cfbabbeb87e5a885b157550405ce9217eb5de5b282e7ddd3da7ddff71bca2fbd27cb9bc7a098e74a217b9d1da6de513ffa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
289eae0083b1263181041c1c95c66ce2

SHA1
5e6549be7ae35eab4bda75df80f2328df04c16a4

SHA256
7ac79ba61fb07012851ae02b37ca31a1b118da35b7667bdc7cdb20efca733d79

SHA512
268a334d022904eee10601c9a813c5efeb2389ad5c376c6280c7e8173d1187500fc6132faaaaea882bd201ab7000e34033ad16edfbe3f5d6ef9cd5f0f4d4a425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff0eb36be227b06dc657e2f6b41b1801

SHA1
5ebe5b506df8b0f5df40c8995d820ed5a51d33a0

SHA256
136408f807984a776ad577f3cc51c777993940f1406b3467ec72cf6967c2495d

SHA512
05ce29c419b8a4250d6834a5193b515710a086cdef5706a859195537293ba94d08f5b494fe8061801f7565b7e39927965e15b84d7f4f4dca43478945d7347504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76f74463d42a276a798dc641cf4ea994

SHA1
61e759f0379db6cca35e8688f6bd5f51fee82db6

SHA256
dc1be15073a12888a6bc7ceacfbf871fa0f053f271abed480918ab0aabf94ffe

SHA512
be4def6a9a13083618365feb99a668811552bda56718025e56212aff05acb7d721b1709358fcb7623bd064680eb409f02278c959a031a723eaf5a2bd86e973c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89ecd784b5bd2710ab193e3164c65486

SHA1
4cc6044937054f973daf324abb1169ce5d55b415

SHA256
f26e568dc90215218163e1ee17c26619e24e8806dd8534a1c526db4bc3431b72

SHA512
09e6f2922091e889714fb7a9417c8558411eee6f70221bc88b7c7180c9cebeb05d1d794a9cbbb37b042c829b4963b9c028172c33bf2e5c60efed6c1b77d6d42a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c589cbe0888a9c1010d99d67032c37ed

SHA1
f812cc9ce7d151663d9a130309a31e20c09ba94b

SHA256
2f4688bc1047e62e5b184cca9326c89d55dbc59fb6bdfae5edf2fc0a1f6dcd72

SHA512
99e707d26e0624484389be811b2312b719e1ebd2ac7ad327032f7b01f720b974f9974ed1443a4d31b482a8cd6ddcffaf74421dc52374244194b35bc24bd1f072

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b15ae755881499ed190a60a41a38c8a

SHA1
29cca3a41dc8819499c6002a35449a3f2a416ef9

SHA256
ca18c1faf208c2d690c7f3352fe99e7a9daf3561c20e21ab33a0f2373e4d1338

SHA512
af13a5e090424898a2cb33ef3e1caef279143c1731d0073dafc2a362183657b744929b818595278afbeb6538a47cb99b63a8603ceaf1ee9219ccd69194543e53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25a0aff353414c9b05ba94736682d63e

SHA1
d1bfb378f36604c9041badcc785356897a3596d2

SHA256
04f574b8235a2cada05469dceca64f4b59ec738e5f461d593edd05383077d302

SHA512
e02022cddc8044c2e4483b6568e8238f0a9f54ece17a141c722335667df5a13c10636458b669742e7ea46fdaef3590cc7f7052a57c5db035aca758bbad747919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\print[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5D02.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5DA1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit