47ca0360b512640a963e37987419b78e87f08cc9ec6e53442f7a7a8be58427cd

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9763e88b93a877413ee93c6aa2292e30_JaffaCakes118.html
Size

56KB
MD5

9763e88b93a877413ee93c6aa2292e30
SHA1

08f47ed1dc60c2aafa7dceb687f1fb223c1db499
SHA256

47ca0360b512640a963e37987419b78e87f08cc9ec6e53442f7a7a8be58427cd
SHA512

bf1f0d701d25cbcf299ea3fa0e0a45b3a76290d29ca37660dbb85257c933c01bdd211652030d149b3ad9a5d873babf960f48761997ca2ae771aa957ee3b38c4e
SSDEEP

768:Zcd9QZBC7mOdMEbpC5I9nC470obKVi/HU0xPd:gQZBCCOdz0IxCU1x/hxPd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000098517db34618d5c03564792e99cf85738e3ad27bf832a1375cdf7019b14a3e01000000000e80000000020000200000005aaea46a5b85f0be6f520a6ce506cf0bbbaa0e0ae01cb5085397c67d43fcb412200000006e1596514260a214f4459d31174dbf6ba3db0c157a77ce9808fd3fc9d0fa597840000000309b0ed72e0c336a3c7787421266ac812a8760bf0c01f0d926b83a5e8009eb30c9b2bcef464077da57c28e84a05526a1a88b94c382c5dea54df1443f3b37f2d7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1028cf6f81eeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97F66421-5A74-11EF-9CED-F296DB73ED53} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429826097"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000de8f9ba85c5057076296d3b0a0022a770aae151e8ef2887a2421d02428e540e7000000000e8000000002000020000000c3d6f8e148849565bf8dadf827cc0da11991fd7260d8d0f8ebc48795256d36e390000000524a5a0819860ebb5ce8f47b8eede75737a3cb8e00c7634c0173811dcb39b20bf81a615ea735c8a8ec9071c741f2677398b3b045417aa338e97fd05a63c5fad419f601a18284e0eaf6cdcd9d148836b645dbbfe00375862b10157be946d2a102e5219c1b1c7c2cd92adc80163a034292f8d50465aa722e7dd3362a03474014a48c0d3c47ed34e792083a03bdd833dc6440000000826c59972713f1736a1e09442e42f0cafae12709cdfe8bf2538ea37f9ae805d7b1456ff7307604e59159fb757b787cc6f7739b6bc515ea104983f78db08338b7	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1580	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1580	iexplore.exe
1580	iexplore.exe
376	IEXPLORE.EXE
376	IEXPLORE.EXE
376	IEXPLORE.EXE
376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 376	1580	iexplore.exe	30
PID 1580 wrote to memory of 376	1580	iexplore.exe	30
PID 1580 wrote to memory of 376	1580	iexplore.exe	30
PID 1580 wrote to memory of 376	1580	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9763e88b93a877413ee93c6aa2292e30_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64fb1a03c37e87a3491a1188a2acf4d0

SHA1
d0d06fa95e4fa63bb27572f224b68a5c45529e0a

SHA256
f2ce634626008c47171aacfb47e44b87bdfb870a8d96bfad1d345256eb0f8fd9

SHA512
13022450673398273bf48267e14a34daf1bbcf53e02075c29aa69045f6d78770d8f3d1f3c19735d5087f04483ee3ee249434f532d3313a3d930532725097ca08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cab592af11af878b4786057687e5e866

SHA1
fbf7f3c591f54b1a3991af5c607c72ebcae3ac31

SHA256
3a67e021db9cdfdf8f07fd5c220c44c6d7a994e3239c7fb810ed4f0e10b02c4c

SHA512
1380b6b1e73293ce380b25a4d891de3f59c8d2759b627321c0a9f6ade0630e1aa1755956a9ac6586d3b34e1fc0f459cd306b33cc9441caa8eb878ecd311ea5b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5822078a0ddb9a982035c9db9b89927

SHA1
3ae2c3c30af0288649dbaa1eefe48c0f7532a262

SHA256
a90891bc1361e7683825731330b1d20d210f87164eb18386592b647071fb87c4

SHA512
0557f47231e75b52404f02c3ba30c32d99f66469804e933bf8f0d855dbe775d72d597fe5d5d35c3c82878eccaf83c7ab3fc9a55988f879c851538953ebb7dfc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8eeec36f1916f89e7888bc6473619a2

SHA1
ef28a1810d1819d720d3d999067f7d7f9c53e450

SHA256
36c9e3cf20417c3b3bd62cf7c08bbab3e9ecbd0e88929adad0648d25d82c8045

SHA512
d16d74999129d2c568f75f45b6d5343b666d159add4b96c9b4e8f87d6a9d1d7aecfb42ec033919cb4d687ebf14b4fc3d65547568ecc358ccdf3899919a1b95c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9164c5765250644f5395990c1313c246

SHA1
4d1a1d5c213a4a78fd084f318684600ccfeb4865

SHA256
8f667883fa67a3e75e4cd672ecb65d8d5561adeb9fe8dbf0741382bac8567d34

SHA512
4ffd29029ad06b4e9311594a99bccabd5bb30f3e408bca0da29a95cc13963da27ce1618b9fe91592dc9a36cd77e8a006b7a6494344fc6c995bbc2279d3805ee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4823d189d551dc3c750eac98de62daae

SHA1
d3e8c7eab66d2cc85fbdf0c3f32a644930656cea

SHA256
9e4035fbeca1c81edba620bd5efbab9f1a03a76a6b82a6771e7a233f6409c965

SHA512
6e67e8819dda27fc4622e1b9c0520c2809468f2a6fdda910a657e0bac4e8586234b86ead8a3639b13c2dc36568c78d38c8b6592fa245aa00f6e614224508151e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a850af5a1b400394a3ce4f7b43cd7fa7

SHA1
5cd3a5187e2a5c3183912cbf11a52cabf1e1272e

SHA256
876759406fd612dac7bbefd592cef35e60ef713d24e7d507ea31cf0dc6da98fc

SHA512
29f71599d412254b6a5bf8299b2066cd1786e0fba5b44767f24c2db657e04d476bffdf18083436655f7c959215e15322a3d30bf9949b6275bd81940a3702351c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0192c340c3b7060526f4daabf0bda6e9

SHA1
cd1d54726db614d09bb9f1a6b0ac317018b9e9fb

SHA256
5b96b0d212d11aadecb4dba323af7dd651648f7705975cad5e4b2030d2f50bae

SHA512
75b294937eb9e3cd511b0c9487f23ee152cdffc14cc4bbf01b1b857e8a7203a3ab05dd8106c394f989bf040d77d94f322b9c6f1273963d38713385ee9203e94d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55d1ca757b4ad93b4dd026fe42c69f96

SHA1
92be566847bd31258700737eb4b4020975fe854c

SHA256
f1ac828a1df03ca34aed01b6a717151bd4dc07a762098a314c85e6c8286b8287

SHA512
bd5b120a0d26b8b9c984efe432c1252e99eec7d90d8fb6909c78574b13600775dffa6450039025516ec98e8f8371a2ce21eaa2977225e2a2ee2d1cf5cc8cbe97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01f0a4f09f3979f9be2bdfaa6d04bf2e

SHA1
31b6bf7ea5651687d5f568eb988b7957449e275b

SHA256
73e71e748d357af06ff4c84b19f74ac21666b0ce90054396b2c7c73cfbcd3112

SHA512
6136c5b77dd780ef02a10e80bd5f3e106f40ce89e3d52d07a3e73b52812667f3c6fcc626d32bc7e766d5f5fca7600e2b3842ef4ab7bad4926c3f0dcb6ae8f373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf1c65abece3bc791cbcfb05a3686128

SHA1
f062d7bda196cc6fa02fcf564e5b0bd6a3d49530

SHA256
e6d4e513b52483c5ac351f41f75ece8d03f7e47d7058686d1407241dad9fdd97

SHA512
6d7912de905b18a0a376a3aea2286a1715a02579c9244898839877e01807d046f04da85931547227a39ba4f55d0d1b8a515d06c8baecdc5f0701f2b1d6e9ff58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1bc4729661cf1de6d4bd22d1886298a

SHA1
32506a10cb77f9aff5e922964b4f88293bf7b272

SHA256
53fd3499500161453fcab606dd187d0ca0bc30ab48e3a529ebcf97fb32ea2a68

SHA512
1ac3427c7f69ca5cca6a59336d6e9ab402f5a30e8aae78bee5eee349f78aff7b1f152a71e8d8a30cae12ab4a0a01483c90fdfdf05d74972ba8f33cbfa8a194f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cae97ad904f87473a2c78a58123210de

SHA1
48efc0e484b273fb4096c705a5614f1545ba4905

SHA256
3c7a97dddbfe75f774a4a32e746d7530925a37268758fa638de3aedf381fb92e

SHA512
71c449aa255908609e7f48a3a357309038e79d8d4b52d3dd9904f9326944f46c42417e859114d8f3039fa291382ec079415a544b803d60831488f5afdbbb9be9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b271b44ed15d697ed11fd2b9cfecf74

SHA1
d39e890634103912e5426e3e9bf85b355962a7fb

SHA256
c7a8463c00db7c162132e940874613f0b66215a7f9e7e63f559300869d04fdde

SHA512
2c05dab41e0c6d87730e5f7a3caaa36f9e6231a426622bf6497007c444dbf2dff0128d1faeb9a8a68456e08a91407b3eb60a1b51d61017b8014fcb22f9fc4f91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e017251d27aa4b77962779d55b51d101

SHA1
ea5fc74e0c70ba2adf80bb438e1683f280a01bad

SHA256
ed527bd3b2016237ccb29ab4192061eeab7b0ef61b2a27be738b202e2bf78158

SHA512
2f68fbc4e4aafe6736bb76c75cc7419b8cf140189ca7e546a7657629daa064bfbd10cd4bfbc4b467db982c84fe35b929981cbc1cca2e5987e609e0f4c002aa17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05c39da3b2d7f9d002949136583bfeab

SHA1
d6c068cbb5175c076fcda2c83948da5f08418646

SHA256
6d8f6302211f5696f0d5768580d0271c872d43088790f70da7836755d341af20

SHA512
2c83aadb6746f833e171e328ce39b7b527505b17d12cf81b7923a3cb073ee078a54b04f43a6550a537214d3ac891988f1a3bd9cac4cd7bd95c57adb148144b5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc507d1995ae566691f703a53f7244f8

SHA1
42fe1738a86f54f6749f8245e6b540324f39100a

SHA256
a940a8c8422ea0f594952d35050b04faba37e055d1137c57991f67df8de973d6

SHA512
e0f2432ed8d284d83913d44d03b271d0ec8b6e271d0579430ffeac11a76695162ed1356fcc02ec63f477a268190def0f1b262eb05e11df2754da744f37990224

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEE96.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEF74.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit