c52ef78048ea6048cf21d99679048785a844f649e77f64e8873b4734bc865375

Analysis

max time kernel
68s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7ea99a551e8fc487c24caf98b3a0e6c_JaffaCakes118.html
Size

91KB
MD5

a7ea99a551e8fc487c24caf98b3a0e6c
SHA1

54f7c48047c368f18c6ffe13d7a03d585cf870d8
SHA256

c52ef78048ea6048cf21d99679048785a844f649e77f64e8873b4734bc865375
SHA512

34e44d2d54ca84b7dd226d5c66620d926ba4bc47397537663d362ed7c3958646488c1f462b9e915a98ced00a39f9b1b7473dee0c0a103fe0602fec6409326669
SSDEEP

1536:aENIvHV96KyFOdNvj0SxEaukVN+O7fjet9ABuJtz3gYrs8clcR90FfeyGEO7:FNIvoOUSF+V3AEP3G9S0by

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000004ca29f6e870037ac1e9a15ddbdcc26979462f96bcab6b20a14e64824f7bab33e000000000e8000000002000020000000985b279deeacc6139a7cdb515f3bf20200e427d1310aa7170ff8132e242c8945200000007281b36db6ba685abc05294cbea16c454c9696f5864f343ab7498a5a7cd90892400000005ae59730871aabaa659e9996456385ceba776c32bf9095e039049a19903ae4f5b2425730e575a456a400f410ff09f6bb832d37f805225cc4bac0800f6e9c258f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000e94db6fa4aba7f1a53bdef44bda3bbfb8190a7ee24736d9616043093353210c5000000000e8000000002000020000000ca3ffaf4c92e4b260cee87861a0035e0f3cb91a51dbce30cd2f8cb6a939a5c7d900000004c76ab3d72fe1fb97355c111c8d35d992642bf507b755d6700dd7287e8a70e917719f89511fb3e4c7de36cd48e1f06bfbf18cea60ec7675e88ee631662943a37b66f2afa7d2d3ec0b5ea658799c8d8bfc69fce052c6a41f512b6097e2e8ad811e637a11b3fecbb6c6cb85b6f98568ac0b370e392476e35586ad9652c1adf3263aa80b6e181fcfa4f4576b9db1b9c613b40000000ef68f9edf3bc21f489760bfcd1dbda56cf77526c603e08bd25d81eb128aea19fe6d2296bd1eff4936fbff6fade85ec4dd860ac4719e6249ba12ded99dbebaee6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE2AFF81-5D97-11EF-BB68-FA57F1690589} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430171074"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d46ca3a4f1da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2152	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2152	iexplore.exe
2152	iexplore.exe
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1304	2152	iexplore.exe	29
PID 2152 wrote to memory of 1304	2152	iexplore.exe	29
PID 2152 wrote to memory of 1304	2152	iexplore.exe	29
PID 2152 wrote to memory of 1304	2152	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7ea99a551e8fc487c24caf98b3a0e6c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f2345925fdb28e4de9edeaa679bd1f2

SHA1
845aae5042af518f5377d9bf1f7308ae57aba9fc

SHA256
2864c3d2cf2df9ac15b203a6c948246b114c1a4294ad6c70f7c240a829489254

SHA512
b83db64852d843aa4b9c4d8da1b6cd2cfe6d9595b52bd09d8ac4a695f68f76a4c8384bfb7fdb8ea5860a8302d69123d55c2a1c19a07622ef5d6c694941ab21c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a460bdfb1aa001039f94e528b19e8a75

SHA1
1564b93da326a26cb5477c7ba35dc6dcd2ba1a88

SHA256
f7b7444b07106b597529eeddb830f90aff30d6993e98aa5b40a94fef132cd908

SHA512
4404de90683ab260eff639d87c6945dacd81d91daae9fd702b72d310e0504af850ef05c9ffc166db531e7954d14368f5d8553cd2e3f19f5d44bfe8ff9f1479ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f2112b15c76129857f60be2c9b1104a

SHA1
2b0614e2799d0f1f233abf8d2434a459cd41000d

SHA256
26eb7ee0a28b6726507c409190cd5fb4c595f20db9a66ee53d4d536c70c29575

SHA512
07679da63846ef3dbdf5abbd9b01bce0bc2cd117dac45b184a183b7e3a3bb6b4eae6929dbc382a8aff2a411fcfd41590814e31451920bd4868ba2d73009eedc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dca339e91468effb4352011a2d0f0185

SHA1
e4c6f4746c94964b5385e53fe109240198ec604f

SHA256
660b434933c2080cea85ea6342a5d6f29c6d734be60f7f5ae387eb46ae4204e5

SHA512
ec443e69090181200004fead127f1826cafc439fd3fcb43977ee9256cdb75d4708985c6817e814779ccf89a4e20fa802f1f33d47e8a4925d033e66b46f52deb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fff338e0d347a76e1fe52d5612a06120

SHA1
53f6ad5543986f9e813c0c3f37b1702595fdd519

SHA256
b1e75874e18c007ce5b8cb8d7a371b213b2344b4432ac33a1d7449414df4a41d

SHA512
5a9dc8c74dfcd551810db716185597d830c2cb197bc54ef46ffa76a2d2ad301ccd1510d44ed2d1124f0c6efde61d516c264edda2d306639b944c8f522141faae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3299d807061abe493438868009b219b8

SHA1
5b63280d093eb57a04571011f94668410059563f

SHA256
ebe25caf412c32de0ea063c0f909888110ef6df921fc1c382b07bf7c601f72f0

SHA512
64a876c155418c21bf7ee9c69ed236a7af2db59af5d7565d9ae0d93412eee957ac02248360ed74023aad440793818aadb371c24f2912ae3ed9b6bcb16b2f577d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c00adb9f9d6cd958e78594d6a67450b

SHA1
f9161f17f1a1e5685aafdb5af3c70a1ffdc8f271

SHA256
6becc14dd164c52c3ec667bec5df18c0b732d82af8193779807da4c62d9602ca

SHA512
9e448f68f4909be141ed2ead713c24c4fe9e38f3f6d523c8127272895d784bf7f70194fd02bb6d789e5132b64826faeabd84b0d3d18882eff693c9113650c9d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
644671f03bf9f3fe086f7d7d96e8db3e

SHA1
f89d4a8e7adf4465d08b4d3502ef0b09cab6b7d5

SHA256
03550b6de62186e6f8c1f96730b3689e6c5d4efb9fa0d45efe33fb9a9937ec16

SHA512
50b3d952ef204a793c9eb8f44ca9a5ed3f9f889f98aa98a469c53b0ceec7f55c4a10b03017dcd72b04f1d6b2251932cf02ae5b51f794fd495079251fb06b17c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e488ea54e1cd85a973414392ddb5b8c

SHA1
82c6d4203c011a48a671bb2c7b68995a63169165

SHA256
9c1d192858bb9356a1509c27788d7c97b93bf15e55406100197a87ee437b3bb8

SHA512
5406f2502b7a6a7886c69bada4e9fe60e63a0351141193409d5371a93f888043d2bcacb41dc7fe1f68c503ad87f3534fb110d09fdb6cc28209510323eab873f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4db410db1cd90fd754f784278dac39e2

SHA1
81af6ee7ca6dc81d4348bb92f48a7cf50bd17608

SHA256
37adbe226fdba43bd03394b677a33b7a8f4e57b01afedc2ae9f9c8242e0c7c63

SHA512
9730abf11b35313ab0d8833413158bf54e9b45a791d05410a9553d1acbc394a75fafc6cb011494da23efbd10cb78d05848d12190c25389c33576e7976e5b47ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91b339df9ce38c69fa32fca0bd6d3fd9

SHA1
f4326df25c567b2773d6b09c4e6e6fe59878d641

SHA256
d3260f41641681cf0be0e9a6b087ee4e847e9eb4b88d08ab8e2f84a5e838d7c6

SHA512
db8286d948f3c547f5e63a4f24e5200b2ea3262e80ec6da8831a94a070c62c4f1948de043ea431432905453ed569a60ee783ba570302a6e8e50a7832b0015970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
368fd553e7d7eba0f4ebe7bd9c837188

SHA1
06f3585e7511ec8d19a44a311c7c888ccf6359a7

SHA256
7da537aa35235ae0be8d181471ed902799587bd16183e5cfb9ee6edc824a39ad

SHA512
f95cb25395bd919122b91ea9f3523be9585ae1092e8739d4f39d9e5f6f224f9ef92cf4adfb24178b69ea3850d57730448b644367ffcbf9edfea591e36530d20f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f414b66829f579e2789fa5905ef1fd7b

SHA1
ca130308edd678e764fcf786a345704b3df6537f

SHA256
b8c85d05c131df3df619e424b4ed50f4b632011d9619b10345c5886b808f3d5c

SHA512
5df24b47924b246952b12e56f1acd2f87e9d0b3844e144a5ebd77f2546556c8a38bd0a6344deafc197b4ff41bf275194cbcdb3e52e01e1e7317c7f2421e620a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4486978d09b0b983e7c2fc2926e0c425

SHA1
10dbd1244d253716ccf4b1bd97a796bf207bb4e3

SHA256
60e94e61fab1b6b49b39160009e306824bdf50364a0d7d0c4d303102104d2629

SHA512
fd100a4ea60e3719395ccc06a8177a2301972c83e3ecb92c9858f51fbccb3612e2465d40fe5c2b1f4e6f2490ccbd63c267bd9ef175da42382890d6fa73432e82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
888df061bfab4f8bf1ad9351b0eca35d

SHA1
399b1895b3379f7135115a9fdda0187ed5a6aa9c

SHA256
03f70fe7a2a967ecabc61c31e9175ed3ff452a1f16363778e0758fdd443a5168

SHA512
6742baaa499e32abd5bf4ae3219a08e4a46343db335e1a70427272c078bb38955639a95bab3239b2b0e6fe14b5b417b1c7063a63cbcd6759b0f55c3170d3aad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
471b65666c00d6e75c2d9dec6fc82814

SHA1
d1b8318296134225c3ba4c28885db403469cf730

SHA256
57af4d3432289b65a784f9e234fd75d33ffd7197bf4d11d0e4a438a47ad7ae04

SHA512
b3e4052a447afa23cf403263ed817f4557c0f6c532f4ec66cb80164baffcaa3b0d7dcaa23518b835b9b23dfdfdbe5a2b0fb5f397893c14ef1dd61558f2a3c918

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12c63701c9e42595b708e3d7d4fa1124

SHA1
4bd461810cfbacfb87102a7c3ab92e62ebc04ec3

SHA256
83e0a04bfa8dd0fdc4adadb32a04ee5e0beb2a94388b774dda12d12d406da26b

SHA512
ac209e47537ff02d4c2a724ef53ec9369bb22466929b54f7dc79ba67321a5b7ac2b4aa4b0497789a5b063185442bdfdccb003acc37b97026cd5f4b3059ea1f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6672.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6751.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit