3dc9f1b5e7218518f2469d41f28a2fa6d6743feb4a83ef8e344d56176dc6dc15

Analysis

max time kernel
71s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 00:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5635472c13497d9a793e3e564a68ce1_JaffaCakes118.html
Size

460KB
MD5

d5635472c13497d9a793e3e564a68ce1
SHA1

44d799a2a5d3c7d9db10081d0443436ce129365c
SHA256

3dc9f1b5e7218518f2469d41f28a2fa6d6743feb4a83ef8e344d56176dc6dc15
SHA512

0378082c089b2c53d45fb14c5281d80322301fc14cd73b63a45ff5d1e758b2e930529399a20b9444cf1d50c5cd41e16db22507d3323b56426a103ddd7eb9849e
SSDEEP

6144:SisMYod+X3oI+Y7XsMYod+X3oI+YwsMYod+X3oI+YLsMYod+X3oI+YQ:35d+X3575d+X3c5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000291361fcdc644ee1b145cafb5aa2c63ea350b7301b07c99557605e5294688ca8000000000e8000000002000020000000ff168d6b7a4ca858c2637afa2fb8e8b3bb5d9e2bd021dec3cf992222d21449fc90000000b40d89b12f90997f4835ca0b5292e4a28522fa5124fd235aa1357be17554b6f66ff5cc023f0b74646ee2704595fb4f926bad3df3a7db326ccf3b31b75ccb48f0f86a489b76257a4056076c3eb638dfa74eb962d25524439a234ced288f4359be193531e30227203804429434268ca8c6adb4dca981476bd3d7234fdee95404a79b98c9045223b056fdf14bfd71b17f2d4000000007e024bd8a1eb53b36dcfe7377f5e3c636925d4a9c8f4149a6eee7eae7374d625d1fdc9dfced62e9857e4ef0b6508e53198ed2ed4ea80f742c13fe9b5b0a03b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00dabc835102db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000d0e3e608922746b341c47016bdb6f1cd6a09ee43096a5ed3b87606c03cf7b9ea000000000e800000000200002000000097837c14b54b2b1b5c4ca3c31885413bf2f5c469fedbd7c76626016bf73c8b2e2000000026df73323cf33a410c4727fabbcca393ed86c3304c1b7f6ae01533831c52b3ec400000008e4d79b22447a960f65f95c3a772417184044ac0abe9fb7f4ad68919e93deed1970954d3a0c95459c2b8c2b8044310aec36c67b7295128f3cf342c6752313803	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432004538"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAB4B601-6E44-11EF-B2A2-C6DA928D33CD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1956	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1956	iexplore.exe
1956	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2704	1956	iexplore.exe	29
PID 1956 wrote to memory of 2704	1956	iexplore.exe	29
PID 1956 wrote to memory of 2704	1956	iexplore.exe	29
PID 1956 wrote to memory of 2704	1956	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d5635472c13497d9a793e3e564a68ce1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adc984908d1d5b6ef67ba4f8c799fbbe

SHA1
153c81cdf30b440453f38c07a0c924375c31efda

SHA256
ab143eed9a06fa972ba98d4a35d911f869942384e2e61631e232f3dc84eccf39

SHA512
9405a0e07ba91255d4139f98f1fd058db20bac3e8f668b7d9465d040bd2497d8213e6d0d020b7b6c1d90466eaecb5665063596d01be7bb6b11ab1be205e66014

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6e81aff547034fb0cb0ab24884efe15

SHA1
9c2ca4b61b6069e46128e4282c0ef81b440b1747

SHA256
7002654d2ce1b8f982b7ae4bb7ff97597c224c7ad380c5f6f187ac0e367b359e

SHA512
8a3d772f85d89f289969779d7c27e85b5dbbdf9b3f1c722f00430e5674575e1f080f137a7b1e9a4a8c4bc70092b34e5e67d8308287be27b781f9bb618e649132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
496e46abb7596c55f17b70744e5b1e6d

SHA1
65beba0eee8d9ded1a22a0a34229f1ab691a753a

SHA256
d3f0c950255825d248e0713a3d3544022f9b77397db064d00ad5d928bfa46117

SHA512
0528df8e3c891f824aa1219173dd411d23f548cf2ed8c1319e954fc916e729bdc62ed0837fc8a34ad1c812b52ac20c1e1e0d0f9338f53136f9c41b33a5543629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
556e9568093f5630014a589302ae299d

SHA1
18f4395c8f16cfbb0114a970f8ddfbdf2cc04396

SHA256
e8aa414aa2efa69de5f09e5b1a7382ec3b6faea3d49e768dcc2b117b3d57c054

SHA512
f724dfbb8fb5858dcec4e9c5fc02c22d2522c18cfb86550a2afc6d62115b533bcb1904d4584adfd49d5dbb3d7befc69832c14a9a11cd98ff7913ddda56845c5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98d647a808a85cfacbb3c67e197cf282

SHA1
9cfc8779e7636fca188cea7ee5d46292ce4744a1

SHA256
03c8e22842364277d361a64094fffa47d15a7e29b7120d440670d0b4648ad1f3

SHA512
f42613e873fd49d4937e4f89f9a2aac50dbc777120cae76f021d398abb7d1b64a4a5b5daebcf0dc980c33c76c03481142e787abc4bc5a12554998de4ffba24a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d2c31702940d9f3cc07fe59bf195e90

SHA1
78449642d10b664bcecaeaad7e2490971f62e6bf

SHA256
102b5e0fee7ea577dca46940029c0f978b2ca2bbf0e2d3bdf1f881e48c9501c2

SHA512
0ee5d300c2e40e1047898a9bade8c0b1a9288bfd052ec08c1e0eb176bc05d4b96c6ec46d149cd60bc1e35119121fd7fa2028639f2032cc478c34db17bf6b5c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
644bee8c5edb74bd334360b2709959c6

SHA1
f79ed54e9d9a18c0710fea9a8c95b53df405e777

SHA256
63dada96781eb245fd7c4f635df06e2401dac7609934237df4a402513ec02e38

SHA512
945f851339554b1c82acc6557fe14324b856ab44c202e330bc0d668c5cc38bf3b6108c4a63d933a4d7a49c62ea35b89d22121ec9b2c09e29f831278fa43a93ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d0ed74006c1450d80255e5d5d963b1d

SHA1
6b1db1b28c9833caee4da74ac5d4e562aaf396ca

SHA256
160e3a048bf573b516c81091b204bccbecb857674303058899e4076d88d5fd30

SHA512
28ff58f1e21ba096cd37742b88da99a11ee00e125eb5c486ec2a024887c5ff4a6d5cbdeae53db58ccb4f268ef38b912544c5cd48cb8fb8bc2e921dc0cd6a61dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9ab745d91f6f4962c8274c13351d86b

SHA1
f8519fe64db02110c2a7a5cb122b791508900406

SHA256
9e3b37b4fd8c292429b42a24a194b3921565b1b4db26b8faa9cd803be60ae829

SHA512
458b40dcab59631043bfb42f02b2ce8dc351144f689f2592badcaeb6de840d1374111a9c04274b416e125d3ae77a8f146fe8a408b7b489174300fcb2db82a3af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf5bf1485b3766c91753fde16a166545

SHA1
f5537e4bf1108e18002f9c3a65368cf8b2283b07

SHA256
5ef17ebef4f78f41b09b01360a86bca47dbf925dd930535a5e57a8fa9aee4a77

SHA512
382a6e8b7345c61a4cb0cba30883e9829a71e7f9093053550bee2ad438b0a141ca02576cf29b0fb1665b42e79e84ee691ce41246965a7e714f4657223502a77b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa91b52c68477795fbc470e027840d59

SHA1
d624fde5e816771385599d399603cb55664522cf

SHA256
9ffe018e8434d647b4a703f399bbfd597c8e7af76811c13c660fee406c84176e

SHA512
1c6973400cfd51542cd65790ab3d9885ff8b734fb186780eefb9a052e41787730af2b3b34a6fba0764726a018edf88189907c41cc2223cd4612f1ea07c2abbe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be02d4c775b504f80f3ece493df2eee1

SHA1
f7f3a2fd7a05043919615d8154b5c983daec71bc

SHA256
2529584c14197a387bd00598b6923cb6bfe5051112154fee179c2b9e64cacca3

SHA512
a7dcec84220d9da29f74f1d5b58cd7aad916f4841c2ab08b1d1f140a301bdf286f7d5df721f8c5546916813cd480aac18f3274e4d3e977edc066c63499192f28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f04a3158cedb74a20c27cf6388e41791

SHA1
fed49d1d3c5e214ac76d212f09d9b0476feee76a

SHA256
3ed566b9b4705993bbd93b35a56d8075ab386ec8916860a7e283d0a6af80ee1f

SHA512
7128ed748acaf3fb997c9604d25f1f9f97364d8bfe80b0e16d3b7a23a0fc6e56023b778955a266179dcce3b6e00ab9beb0b14a55c8c5ba7682ad7e02b9d8c4b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2caab8732df1cab07cfdbf44e2ae2330

SHA1
37749a5eab656ba9c7aeaba7caee13e9bbe062bd

SHA256
5cb69b8da360a2e703845b5e5a8fc76e31fb290fca200a577f083bfca7b6d920

SHA512
cebb77ee27f91e249e9c0b17fcfe607c7179cc8b753433397cd9f99605b5d021c7cb38f0433e5777f9bbd32f90a82d4e5f7f964f314d4a52fc4993590b6fd22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f815efb2272525fe98a817c526ffda40

SHA1
dbc0ccdb57431ed18d2b01f1addd6f4aba352512

SHA256
a65950d9790b74cc35a7321edc0bf16f308b371b098ff2f9c8d8158ef5f673cf

SHA512
781c0e60128fc0c64ea96ca796e416e2d5b96078a9afb6d97a9131f9b4cf17982e6381f06ce05b9d24c614f1b81b60e7e6d11eef32635d3ec68a891fbc27a086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c9b28ca4a02d16612662db9f4dcdd1

SHA1
2794f7b5026bc86fd988c51228df3405e3fa8448

SHA256
f5b3d42b2b0213f4361502d52c7a81ff26cb4a1e496bfda807b1e08cf486466d

SHA512
65cc99ba8a3f8d6c2902a59da9e9a23476044cd3c67ea62d8b7caf2f7326a1492907c4d9cd39d6bcb6afc813ca2453510fe4a1eb969472118c0696efbefa88c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d327168d57a5d25e84fa1cee3515c08

SHA1
67dd724e8692179c9dd36e682a019427729f0b53

SHA256
fee2335976b321d8f62ee1c1db03baa865ead004309ca01cfd261c541bec93c0

SHA512
d8afb03649c6fe90a0f1f697f69057fb500e2f7b7baf994b765a814562d5463ddaa359b56d8f8aa27cf5e8c57e35d0dc334dc6e2686367fa00be1170daedae35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab63C5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6474.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit