5ffb9e932776d828353c43cee754455310d12b34fb7c9a19775371ab63ae4d0c

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b32ee8b2a5ef2058c2d8d6d2a5e86fba_JaffaCakes118.html
Size

23KB
MD5

b32ee8b2a5ef2058c2d8d6d2a5e86fba
SHA1

da9c101ca2b9badc592e4f3e4f13e3932553b9bf
SHA256

5ffb9e932776d828353c43cee754455310d12b34fb7c9a19775371ab63ae4d0c
SHA512

7338c7aaff73f503397e04a063a16ba9ef12acc6688da96277ff7be7647cb6c9a5eff8b3f3dd9960b7126071ff64d79090259fcc1ec5e2b5190133356cc36da5
SSDEEP

384:dMQbWYiDztk4MagZ01mWRyk0RTCNVyvfow25:aIGeS0RTKRw25

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3214E51-5FAB-11EF-80BD-DAEE53C76889} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000eaa2f63d8970902c4953ed2b5672a16938143a453966a3db6fe37269f98ebeab000000000e80000000020000200000002e6e7a2b6e30036ac4d99e3f0d895323bb719faaa63b4fb53625d6a831747002200000003d1cc15119a37b047080e6a516bd48e7e0465388bbca16a61ab5154bff2b40ef40000000277561bf86998f610599d580f54bb767f53a8a6577dddc5af91c9eef28176937bff3009f98065edf2db006be69e2c5a787118643c2bd2587e020f7395b472280	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430399493"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50663d79b8f3da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000db320c9fedfe27cd5f885fc1e8521899a404fc93bf940ad6036ceb4c51226606000000000e800000000200002000000076ad5f64c229fa166086a921fc3f00148c184044066367e9c7d364821408c4ca9000000067fa3e7e0d714f83b4251bc848e0cd18f434a3edff6d2a1819ddeb7d00343d98f73ed7e38a10af2f1860921f17efe4deff6180eb171f375bf6ef001239cdd34586c5d78811f47d200eed458d773cc2be556d37d8b330fedec999dbe48453aef04033240172f001a9f88fd632aec3c0f1377f5a0fc0aadfbe8d17a819e7144b80823b5bd941fab73ce9dda0dfafc2b00d400000009374232faf9156c5018153fd0c427a95457b29ed3b28050aee0d542617ebf4a61cc4606e302a800658d0a8e43d1a086b7cc9b0eec12efdad545781dcf9e47915	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3028	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3028	iexplore.exe
3028	iexplore.exe
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2176	3028	iexplore.exe	30
PID 3028 wrote to memory of 2176	3028	iexplore.exe	30
PID 3028 wrote to memory of 2176	3028	iexplore.exe	30
PID 3028 wrote to memory of 2176	3028	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b32ee8b2a5ef2058c2d8d6d2a5e86fba_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2f68d22491ea24b75bf9519ebbf4df7

SHA1
f0d4bd53e295362c09cea51c4e69cb3b6f09d60a

SHA256
e38278085c6c67996b39dd99d467a69f3a2fe316bed333f019fe97121429f4e4

SHA512
6b34c7c3c8121af9320cd10f16907310f3b297e137f67b9f9928f88364d82fe6f94cd777c420ea1d766b72782fb67329de41aded300746a5472c23bee4432283

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bf5991e59fdda8c7f2a39363972b6cb

SHA1
9b382867a8051a8a92942b677b3c1e0892d1f5d6

SHA256
494b06003b0ca0129f2d6d5fc09bb7dee36af888b5d6f036bab8f346c299829c

SHA512
62438433f1942d4a23d20dfbbeddd9e3488f148121d9abafd98bd93cc6d357b100ca9178a75e88224e4d29cb1a64237d3a415241d1677cee853eeff13f001fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fb13859762f12805e2a8b7bcfe9db77

SHA1
a27dcc3df50fb281d26d047c26cc6d98e2a5a3d0

SHA256
fa9651502509dac86709328ff747c181de69d7edf16992214785539d47b90126

SHA512
4c60471f137cae736cf261d15acdbfd46f14acc40fcea899bb11485d54eb7a567d95dadb70171329b8b22c728e3164a81549c2b0d34db3c56a36849c2782fe39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c86d42d652206087f75f3221acdf987a

SHA1
00ecee594236140ddd2edf465d15d532aedb145c

SHA256
dc3de6b1146f71cf013146e39190bd4ae93629f4dedcfe740d1b14581254cfe5

SHA512
54e3c61ef1800124162ef4530c0ee062f03bbbff372934564b2fe4032bf9c61abe5aa882b8a0f5d5e0cf9b31c76c772b95b9a0bc16393474896292df014c5d6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd347613aef90106bcb1679369c2bdd7

SHA1
87b203f68a68d95b416d48b007f334f24ffd2ec3

SHA256
9a4a63c5d80a906a0d784d6c14923a692df557e40476e5716cd441ad3413556b

SHA512
4e18a5988554e1e363b31c428450d86f5482cc0cc5ed27cb2a5ae044522ea5cf4f2032bb296ee2ed17ffe8c65d7b138b7309056019db62e90f0d8aa73fc20332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dca79767f29b535cf23c85a0002b626

SHA1
71d5cc7792142ec7d62aa9a9a096d16c9cc15360

SHA256
3d43f1baa3c4cba4865f4a086c2be3d2c7a939a078e04515b58572a75a6059c6

SHA512
cd75581bc49ecdbfb22f4869ed129b22f9a62af96c5c46627d3f401da8f5035d167796c139cc4ffc8b437a226bafc79f07fcd57aa7745cd5a7de5a91b89e9bc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9566da045e6f6bbe9ae1ca6d9f3ae9ce

SHA1
ba464cd1c9c3843938adb7e693a1ed975217f015

SHA256
03bf298b917f46977e6705c2a6f05dc83b1ef0785a38a58b7bb46389cffb78df

SHA512
6807fa1f6ccd371878ceb448981cc01ac72b7eee6e8685db2462be3d5e459d7a3a015d08edb0acfbc1213335f52c161f313546276263eb8f6de432119724168f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dd05e8fd75908db6a8f8ffc02115cbf

SHA1
33398dceb5870ba3edebd4ab63e13ec35be2bab9

SHA256
4352951764f4acce640be4a468f4da016e2af95cc2fea0a637e4b5ca552072e1

SHA512
6249a68723547363d429df3157aafe48dde9d6e4c3bcc6a20aa1f501e7a11733729eb15f84eefb24e2087999e610c3e9c350eb232b70c02eaa237378f6b16d1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88a3b141de48e08c62a55829a0cc14b1

SHA1
ad77de09e18024b5e6f15efc3d218915fe23e177

SHA256
0cf7b92eb6021baf9d5addcfdff2d1c011e63195c889a53b88fd3f1b7792815a

SHA512
bc0e87084394228a021d396316e3b22bc23a35ec7f76f179aefce9f922a4d7a54637c16662b793e50b7aa8d636ffcab2361020f25a61baa5cd4c03bea630336c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
370c85db7b0c080f601f56e073c0f046

SHA1
4ffec1fdd5ca7754a27dfe6a52836dca32b0dfa1

SHA256
2c1da7fdbdc24f2e3e46216b777811b6efff6ba5b382b7b58f5c4db0a3e2753b

SHA512
8e665ba2193334af66e0f377f9bcc029096ccc92d69597b335c67a774af335928a37edb06705d209120d6b8bc84befbaec037d73fd9a7997efb49f6bef1ece2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
481dc0609897c3dacacd25a2c63b2c20

SHA1
58fc64be80c4556e87796145ceac07791833b5e8

SHA256
f191613a596c68ce99f773abe04386d62241c6c1871659b9f952de03c2ba4e2a

SHA512
80da994eb8a9844a9b1eb27f0e6957b08ec2ba0655f10de1a35560d069cfe2bf6f31d1c3d29f1eef7725d2b9589eb0477bf74514b8485fee14de32dd0d7b4386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9db3f09f8c566cce9b4c0e75b72757b4

SHA1
1f839d4ecfa941ba02b0446be9f38bc50a9cd59a

SHA256
6cf693cd030f81afde36ec5f985993b0c5296e4b976e4e84b65ad03d2c709469

SHA512
3e593d331d27236928c0e1c7daf47fcb7213a63d320fb66a6d6a04f83b7db088c95fc5e054b489c636c0ba2fcc4c43c9ca2ad46607b7b7f46e1890283c7ddb01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8879a6edb13b0a3624d941436c1bb4f9

SHA1
f7b4056203331c151ba4cb3581aafe0a5c004073

SHA256
592d0ac7df5d41d013a7d5bebea34bf95b49be27f1f8fd120c37f0af6afe2247

SHA512
a5e3b5955a5587ff97d73353c39601643f17ef61261db922ff8caf770954f235184ec2bb63ae18c814546ab837fb3d1d3d98a35a93e6d01c877c22b8b269f870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2bf3b4972488e98a4c7f7cd8b9a0906

SHA1
5f5a1b400e612c6a6f3892756f335e135b554744

SHA256
06cf91e33891f8f884a63cd80e92566cd84b47db0b496206b8a68487ea174d82

SHA512
06b855b56a3cb87473618267b9c855c69aa5ade610541d81449dbfb26d3d414587582da840f88fa909739d22d9029baefd8493055968c4db2f5a99167e0ea070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1da399a86539fa0cd16622a1effb30d8

SHA1
9d7077d855f75150ea692e0bbbe9a3e1d5e259b3

SHA256
b4a787ec774b72c4095f51f401d0c17258253b0077e19745cd21fc497c206f01

SHA512
1eeebffc4f134055d137a30843fee8c5b18ae0497dde3ee554c42b773fa78f9af8a86c7d072e25401073de2f76cd1bcc15e0983af495d5bf60f6d3d97de2f567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28efe695a23366561f4b47627ab3ae93

SHA1
48a469a437edc8292d5f4b64dba05e81db554665

SHA256
0278c719534a993cf4d04671db63813b18ac914d7895d9640c7ed25ad147a9b5

SHA512
cf32501a07801d23400d6a2d90e74a304fa6a6c38b35dbc73f8913ad74dea7a820c55b55bac811a8103db0f189d14ac0bd2721ce094d952cd7144166df29e1c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70549058036115a67a38e4ee5dcc12b4

SHA1
530b8ef105c7f92699b36d403aa0184f084b4384

SHA256
ee42461dc68ded186ae00cc7b6d2ed0c7cb4115e22b00141374443da11b12bfe

SHA512
f8bb54c19c25d9ea9a7118de5e311dfcfa7450675e9beb09d423756fc20198b4a45c825780211a822a7a780c5ae6a592b15e4bfe9dfb5227a93714c9697df8df

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAFE2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB467.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit