33ac31709cf7220b71f73b6943bd6612e9b35fb1457fb5365fee827562c1f21a

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 23:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d743aebab5861c59f6809e62624863b2_JaffaCakes118.html
Size

2KB
MD5

d743aebab5861c59f6809e62624863b2
SHA1

b835963dfa140fea26951bbec65ef23b915473e0
SHA256

33ac31709cf7220b71f73b6943bd6612e9b35fb1457fb5365fee827562c1f21a
SHA512

0e7c3c2b245aefc3824842f924c5c3b90ece620a5cab5a19a5f2ad8d28dc2780d289987a81328d288331d058fb54921dcdc04167eff653f700d51c40a95fee3f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000ab11564c67ad0fdf134671eeb2a0b470d40f7a095b6c38c373f0b0c123b57711000000000e8000000002000020000000541fd32479d52c3660870266e68fe7affafc840d4efc0f5a782479234d9ba5e3200000004f2a82a18e72cd141aeaad555e7f7057da9f70f5915f8ab0730959f78b1c5f4a40000000eef1edc176fca92ea8d11ce96b3877efbf509871ced27dc18eee7bb184232b6605d96b61311650f6e8e887d6805488c620e4a998d7ee39beeac36f5cfe0f7f16	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432086250"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05be4c20f03db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000a29e4c723f1fde4e5d39d22a3bf733606c37e10edfdb3e63a29c809e6c5d5545000000000e8000000002000020000000b043b25d6b5db5de5044c9ca1f1b27837da12ec3085b88d27e496f46f39cd60290000000353670648e73634455369344e492c162bf644cc58b3f69ae467fb8cbc179d1ca5f93aa05cc485ed42c6ca112162a0f22b9111ca4d6991498d0a4a5ef0e89b1d408b3fbfe4c62ea2f17db502d7876bd6239f7157bdda6ad295407536d25349c2c564a5dc8cb797188023faf997662cd64af79f0362247e90a80301d29720ed6509bb6197cdcd873524f63ecf0ffa6e889400000004d52b2927b06a666a4747470373e4ce928c92624841db979146a93bb4b421d4fc6a894836c4809c76d1e43186014040c5f3e51ef0add6153311ad9a360f6c122	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ECA9C731-6F02-11EF-8287-5EE01BAFE073} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
828	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
828	iexplore.exe
828	iexplore.exe
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 2348	828	iexplore.exe	31
PID 828 wrote to memory of 2348	828	iexplore.exe	31
PID 828 wrote to memory of 2348	828	iexplore.exe	31
PID 828 wrote to memory of 2348	828	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d743aebab5861c59f6809e62624863b2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:828 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
960cc5118b926d6fbfaacfebb68c1983

SHA1
386928431ba3131a8fbd7add7fff8888ffba381f

SHA256
d7ee2a25c9cfbe2ae48c14b48bfe883fe843428779c95d1fa4b7a44793fccafd

SHA512
c54c66de8097f00673a4e0db70dcfb81e7e7023920d9443edd3b8c781c58ed55f1f20e75ee523cb6ed8257937741d52982811ed32722d63efe3daaea7daf57b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a9391aebd80d523091908aa1cb07134

SHA1
2a3c16b968cd3842e6aa9e6bba1298e58fb2e615

SHA256
ac006509291fa09bc1f3d25884f8084523d179ebb1a6c0d6704c4d3c6274d8f4

SHA512
259a916e767dde5d0b681e4da820a2b78cddb71d9ebaa3813d38dea482bdb939054b2125eea6339e7efaac7d3d5fbff9d8eebd45798f5b334d9ad934b4ef050e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa850eaf648483a72db256b50be00de7

SHA1
0921eb591313a335b42dd14fcfedddc50f449df7

SHA256
74fe5fcab9b8cf5bd2a30df92b963f24defb825806a29d20bcdb71da2e487045

SHA512
149f0944590d8097135730bb7a7af3b664c57d895829bcd2bcb88dec54786aed2a80830cb28a97573b07f1bd6df33e5364b0d114e0ec04c4b3ceb1429154f62a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6072b1cce25a79411899e0d883984464

SHA1
20a4e11415bfbc56ca08fb29888c11c02bdc01b5

SHA256
b8af25ad6648df65c960c095c6a10913dedf5e9ab872321c854fbf12c7e25f82

SHA512
6bb5f3b1c143cfa30b8040355a0025b004c3037c02f198e8a62c5ccfcf7ed0139e229c5a02db964e3eaee3c31ca97a2513fc1457cab30572e298f5128aa10735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0f481f2659017124dab3b9e846fbdd2

SHA1
97c78bbe776ffadfe75826a7caa4795728cfac97

SHA256
a39cead7c6a469b4ce5453367f6732e69b1deda7653573930090873756ccd566

SHA512
e0dfb4c7f7247e5cf155ea9177891622ecead4040beebe309de1b50bfdb516233daf187a6dc832528bca5db5a7223e290b6cd9ac8bcce877ae9d6e3f72203cb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a236d624010e2b54c3529e8d630cf44c

SHA1
ebeb2ee6164babf7d92f6e64c5bf3b9cf1b3f3d0

SHA256
b6eaf6150652a0c85be0cc2875009731b4eb7ccf668ff69b7cc06dc2639641f5

SHA512
87c2526a3577071779e59552180b5e3f0f573d9c6591eb973119850233f0cb4803c5bdb382523b6c1932239f0286133834910cb12ad6b518f1dedf40f452b615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e844911398fb603218bb5eadc84db02

SHA1
55aafe23220471565a1442b34259c275b10618c5

SHA256
43f8fb27842ad09542e7e60a3995daa95ba9a3e451acc735ac3dff7c8999ea28

SHA512
f7024f32b20ee0c89a8a7f6843920d8dbe271a1c99b1230c789df3f6fb8be56fdb5871a242e936b7e7d5b21c57bbed0fd28a6795537dbef370264191735bfa1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9da98434296118e0661428a46a2a4477

SHA1
0be92dbffe6275c06c97d2f9c638655c94d98a52

SHA256
3e9b88d9d1a6f3999db7f8ad45d185b1a282589ae820e4f4d56372fff2e929c9

SHA512
a319fa309f00e5dbc7cb1811d44810387163a885a88a29f459d216855cea7900379d34c59b9c14796a6d5aedeac3f82a6ec9c82b4c2bda72e8202c05a105cfd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
084ae4e48a97307d6d5e6f24ef817e01

SHA1
457f12d1844e23b164b1ed6cda1cd31359d96dbc

SHA256
481232796268e21d652156d54ed0e180ba11477bfcad66913b1cd8ffeef6416f

SHA512
39c7cab041e0f5fc3d289e95698df7e1c332d2fb66ff73656d9be34287afb982d6692da386d4dcbd48ecf1db6abebf3261b346ce300d017022addf2e8bc13870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff32e99a3d4239b39d8a8fc846342be5

SHA1
10dd0c1dfc0d2af0de62352464bccfde8498c59c

SHA256
63ef9d9ba713c70061b7d6f2546e96cafe9c89884ab6adcb86255d61954d2fe1

SHA512
8d23bfb32d00728e88c3a9e03e9c6ae959c7bed715f3af5d593308a547be373940e974e05185bd87182043687e9aa1a3e5623546b46a4961742d1749a13fe3f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcf33374592f978815e3dea0ef9ed266

SHA1
0fe76a443602f1666bc99712fb7695043c56f462

SHA256
8d435c22d8bf93f1688ba4c23a51fba1d58924e59c49d5151874dd5280f3cc74

SHA512
a23ec1b42bce2b7ce0cf195b99ac02c695fb390dba96c1a52889b8e812b1fc4e9a35f96cf35ce91f8feadf535b51300b23d4c5ef47259f7be84799c90d9a9514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a728ec08b39b8c579561067ff92ce51

SHA1
0d7c821e3d6bc8ee872449a9894819cb03179501

SHA256
2440975a3f3b95e99d085a8558a28dac6333129ee0687196bd86ad34b2edab78

SHA512
fe83b80c92e88782614773dc599cd43ef065787b7643a7ee32424e88087311122fbccb49e0d4991fbbc2fec9dd82cba50179a88829213fb2294ad9777956283e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a76c835b1e8108b6ddbc64a076b0c59

SHA1
5a7c354490d94a5c3f5b2b7286d69747e9444d7d

SHA256
68a996869eacc0fec2089ed55759c2ad3911c7c752826b5299cfe290c638c5d3

SHA512
2b06f2c5ed080682de9d88b3dbf779970328124960cf7319f6b17c6a61e8524df06430bed91fdf7296132faacc47addfbd3ef19e73f2fa990a763ce8fe41fe95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38862142c17aba1199e9fbab4a7c8337

SHA1
df9d114edb9b35956f073b06c11583c33f7902bf

SHA256
5f342aa1ddffda843ae13ded4a8cfc432c5cc4a98c208e00580b9109fa34a1c5

SHA512
1fc8e5eee67d224754212077377b210e315ba42908776bd0556d79f9017ce0cdd1087a35c521ec5f68ea6c56383f6fcc9af8dde050dabe46658580a94aa86140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
371742c9c77ef3aed21b223744c82a20

SHA1
f63d027db14411a9ec4124bbb362199dfba463df

SHA256
75eae0f3775686f4e72365cc4a310cd0a78d830fbd6f076e1a30973812933df5

SHA512
f788e531e74a0185dfe74d64479c1ad519b55d41f5de7b7f82fb60f6f19f0dd6b1e3b4f49c55510a3d461709ea8c6bd40ee6da8520dddb8da5abcfdc3b0aafbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e7b633bdbef899552dd1d398b96d68d

SHA1
49cc6230dcc6d19856364f3c5a1a1dbe3d363737

SHA256
d890fd31c9928b6a0124f712920d8dcc844ae4a13b386ad52696e5f560d345ae

SHA512
e4fe91f2121c0211609a70b01bacd479fdd1d260caa0ea17589136eabf16f04a017872561db28967fd2b1afdf573488163a696fc4b1c49f31d32ebbab73f76e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6253fd630d5a0e704bb182089fb14ff

SHA1
a96a82ca6e4852aa9b37a514bf91a111efd5e9be

SHA256
8b6214294003c020b1b0e4c512c1ab9e408ba3405c43942984d205a963ae6c80

SHA512
c1bbcbcd794e3b01515ceeefc504d601667a5e8d60e164362b3b566deb00b25256c2a1e7a07f65cccebf848af9bc3656b2fc005c5541965b3627f39e1df51ae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
934d0bdca32e54345b6065abc1e2905e

SHA1
ff9eed594ab65f379a1b24793f48ca174ad6260d

SHA256
79782033655254ee0b0a23f35000cddeb76b2a308f3cce623a8833e7868d63dd

SHA512
5fd0f327996446a4e3ed69b0df907610393ee499922d33e5b000f268665f00ea3cbe4691984f88377064d42a0d87f76936b5dd53f3f88cb0174633ea9370ec28

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF3A3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF415.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit