46e3caec52bb82cc3a637e2e6bdd8c315733e3f016f9eb83a1e52f660f2b2404

Analysis

max time kernel
73s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c48836a34c5cf1c26b44cf8dc19c3d_JaffaCakes118.html
Size

6KB
MD5

81c48836a34c5cf1c26b44cf8dc19c3d
SHA1

6f0bfb8a66f9cf3cfc056beb2e9adc6909207729
SHA256

46e3caec52bb82cc3a637e2e6bdd8c315733e3f016f9eb83a1e52f660f2b2404
SHA512

4883b0ebf4342e0ea95a564cd67d55c8760b9347108cd2ba32a8eb448a133329915683551cb730cc97b0bf0983d26956c1671d6560efd97698edab04c33c03a2
SSDEEP

96:uzVs+ux7dyLLY1k9o84d12ef7CSTUp3/6/NcEZ7ru7f:csz7dyAYS/C4Nb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428708326"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e050dd0157e4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13E81EA1-504A-11EF-A251-667598992E52} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b36529da38d8232bd5c6ce92fba17034ab438b0194dc1110c439841a9095138f000000000e80000000020000200000004cac42ae490ab56a4026625367801a6eb371ab86d3016397e327616f7ab1213620000000c515d42c6e71abeda2a5bbd4fb4290160989bb912befb8bd38861a1531b113d74000000055e8b3ea6d98d92f0d011d1d795e1b54bf4032831eb33577ec224f8e9afafe426401f5cbe1201f9010aba16f627fbcbea309b7964a213c4c6c7d61937e576038	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b367c907f84527d096f349989b079865964533bd01efc491dddf0ff085d18c56000000000e8000000002000020000000f97d2ed867dd07586b2c1a61cdf3b3318c872704fb6120b0b1b8ab4c13bfb9fd90000000666e3a0b52588a3f9ce8d020ce47d47ee32a1d1d3b30a7edf9f37ae95f2d291c1f33f292a42ea070c0561daff10d82e010f9c8af0809775d9945badfc6e5805ebcf943b417c1dcb31915ec638d39d26bbf099ead97b1df43272079ad7d02d1eb92f7402a52af4f093e6e488942df5cac119ae647326cb19818d2aebcba798010e2b841d92f23c5bd0d100cce9e67e49940000000394b0a93546c41af7409796edee913a2efa6845499b8631f751aa7283c4b8e32c0cca4723ffe93f39ce26df9de4e012399cacaba99f3e905d1a3c284e44fc305	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2776	iexplore.exe
2776	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2804	2776	iexplore.exe	30
PID 2776 wrote to memory of 2804	2776	iexplore.exe	30
PID 2776 wrote to memory of 2804	2776	iexplore.exe	30
PID 2776 wrote to memory of 2804	2776	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\81c48836a34c5cf1c26b44cf8dc19c3d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b5fac59ede562163f320208346246fd

SHA1
feb88a02eeaa04056484b1f4402f01a708b34060

SHA256
b845aa58a210abcb79d4590a547fd3b589dedadd52d0cd6ff53a4615b0c8390e

SHA512
b1b17843094024ae0f1d4dae26c5b55fcf34e1ea46f33f382871ff8c364038dd323c0bd12d92c4198ed363a307f5e725f780dbfc34ebda743b050ebbd0978b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0088ed029762d6655a3ab2f91144c90d

SHA1
b0cf7fbb80fe90c6e4e1007e78db49396344d2df

SHA256
0c06dc0d813cafbd2972f040de16c235b2d5a866187e8311b963a4d850a8bc40

SHA512
3f65991778a962734e5c5d4f8fe20d1b82df8e568899d2ed8ff574c846ff967707a706fd6c3dcdff49925093346a6164f50873ac1ade4b7e80c8f1da040d882d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec88d64d5b9f06c6f17dab1d6c59fddf

SHA1
01455fe0aead45fed34ff605e4e643876e1ee2d2

SHA256
3bb3e2df543cc220a230301d5733787fa81b32e41a09e59fc2d87ee5a69880ec

SHA512
d2e7e0ce0f7dbb12a4c04510d52631e9462aafa59e9a34683d4c7720b4f2e651712ee3fdb0e61fb85683276aae72a5ec866fc9364229e2900d7597be33c5a6bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0544b9eda3508dac7658623a33cbd63e

SHA1
f15deb5cb3e8b37cd67b177da4b6d2a594b33c01

SHA256
88f3be7c87821648fb377507a971064c8d88949d279cdfddb3461456aabd11dc

SHA512
a636df90ef977c8e54f20513aa0c4643b53f92e8db0b0c323ac9b9ef0a3057c67c41e87c648b400c3cbc43bf8a9d8d76225afe2a0f138b9e12488e7eaa8cac24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82ec37f160cbac99a627ea59349723ab

SHA1
e367902a8ccf20df25999a8f64861a4084f748e3

SHA256
f13c3252de25427e44ebe325bccf2db1c74bd0b00977f5bf6c4a2e2027783eec

SHA512
1d9af49e5a3887e1bd68bb0fd41eae98a63087a2505e5ed9000e7770793cf17c79091b787732c40576ce5a94b2bcc84da8f7a932629dfa224f373c4751b50a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1217d892415fd8f1994252662d8349e2

SHA1
50c66f4ba8789fd3aa3500f221a3f7ef88fd1f04

SHA256
b23db0acf7dee4fca6ad41adfec0f3774654d3a1c261105d73f639e585794549

SHA512
babbce089e9a2b6b442b5df0c3f60e5947b9f4f0ecaae9c617805e0726639294ea2795ff4afd20cc7228f7f1e70e9367a1f17cbc4e998f8325ff756d46b3486c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eb9f10b2c5c8ce822cc19f0e38de2f6

SHA1
d6e9ccdea4bcc8aaca73d0cbe246c247e80fecf5

SHA256
bb4fe72258fdf362382638c8d2ae2ec0c290d0c2f95b372b0de532bc81557e80

SHA512
ea6a1dee60409490d3267932e9b161ed5728721e4f04385c8d9bc184b93a68740e0210e1fca69aebefacd02552424ba220e6d850c3c3cad005e089a7610be907

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ef7584b1596d8aa9a1f5e7c50916398

SHA1
029d47eceb6ca1159e6190e22311bd251999e05e

SHA256
e9d9a6be56f41ee14584c6fd3bdd8c8819edbef7ee17de498a45e22a731a382f

SHA512
eda3b25041387ccb237f1f6f794db082ad70fe2305be7530848d743cab03bf20d737ade0cd56c11ebc17203e7ee1306e63b758182105e5e019b65ad8187066ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
caaa7e51d0992529a87d390728ee6cd6

SHA1
e246d89815cb18094ea8a9230c6d555e54bf89ab

SHA256
778b39d3f6d9475221b27847e9ad81915b93257a7f8739851c618ac7e67a6c4e

SHA512
7ca98d5f31ec8fe38be515ff6de5aff76e66e0aa028cecdce4c9cdde14e3eee400ebfee64e7860451e4ec24103e057c411902b681964226b8096ba24fd2e0484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07661ba54e1b440b180661bcc7409419

SHA1
30e7cad0fc18d8f02a6c7fcc3c7c19fbbdfc6ec9

SHA256
5b1612ed843d5cf6c0db4206f5f779e24642568ac9cafeed7170d83632bb31bc

SHA512
6a0877511c7f081f310ceeb0621759f4f29a39bd487194ce0a5984e2d334a0cde89c8ec11cb5b6b878029102a50c6e74a5030234fc82cdca2cf5724fa1b23d28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3b54dfc1fbc339d9bd54f076fa1fe23

SHA1
f5531437654282d7b3abc456d261f2a226274d25

SHA256
7efd1c863beb1732d34647c8a1b379e39ab95f0117553b85ce9eafc969d31a3e

SHA512
8732ccfb3b3d5433def8d173574c86487cf6566999be9958f3d3a09cc0d662e6a109698938f89cbb5c04acf82fc0dd522e1a5dec1835a1aa4c46f07577578c09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff49002b98f55331b27a3a0feffe7c7f

SHA1
eb98f4bbf4015364c5bedb65429684ea980bf6ad

SHA256
1a3d3819bd30b5357cd128bcdbde3a41638e2c9a8e578faee2684ae8f867b357

SHA512
9ba3500b9ca01d3a523f58a69e9db904fa2cb96c9fa1802b415fa0e349f2a874558e2fa52dacc2da745e067a15d712704e62fface9696a8549c492e3381dd85c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3038b95410e76fc2c7df0498bd7c8dca

SHA1
2317860ceb5d2eafe58e6c53a970f1cc9b7d658d

SHA256
ddd638c484c91ce8adf60d2a2780998fd001a9d26640a135c291ebcaa929e910

SHA512
944aae684da9e56d9e40a2956a29960c6e379cb23cbf27d307d355baec4e3be726140cca4d0077b5b7d0dd14e7b952bc5caef1be0b185651bbc0c7dc1f60e1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8336751745e517b255dd335dca1c98a

SHA1
61414a41dba96000ab11977f6b5e55f809e346f8

SHA256
de465f2ee24a32286514b3fec4da7de03963ae86ea053e108a087df0901b27d6

SHA512
163cf31f8e96995466bfd645a2a6c4c255b56369927ca2186a1c45b1816d16bc194906bdc1c56ed396772ccaa0c24ce15922395edbd73dae506078c03cd560df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
079eb233b45a8699a0883a68459729c9

SHA1
1b72438db2f3b5082802c3ee323bad40916ef83c

SHA256
08f4f1591dd7927f9c1a26c8ba0a88e0769ec8e7c519a8b00b2addd92ddbe2b6

SHA512
de30d8534869bfdedb7857b3c95169b2a172e891aea425048975d44a7d0f254e31a7d32390daeeb23d4ee2ba8ff295118adf3d42bb2c8c0923de0d9ccd04a42d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fe76f168d2d9558e47ab7eebf875325

SHA1
ff38ae9f95061a6c73c737a318dd60e6e333a334

SHA256
41e8d58add83f4bff252c53e61f73d05c0e2ff2b1da171f193c96ee5aaab9f66

SHA512
b6c91b7b322aece8e9574ec40c60404122b5e2921cb3ce2c7fee88ef823be097ad9009b991937e2ffb5b0aee3553513f34fa12554f2514d7aa1ac1dfb8c85b2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ea0d9f00a34121121b10fe741cfd98f

SHA1
ae5a3fa2eeedc89968cc5c617e0ee89cdf5badd4

SHA256
9861c278e9fbcacc15a14529e7438505d46592dc2e7c189627f9f6fc560045f9

SHA512
86f0e8a9e481a07619865a0e557b8314a8f8c16a55019c579c741c96ad711ddb167f2186fce48f024e8b5ddce4e9ef0e1eef11f5f7d92ad00b44f8303e50c75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab74B5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7593.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit