cf3efa9403800f660d990399fe16ea80f59d1bc69eca84a676fc90f60980d541

Analysis

max time kernel
111s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 20:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d70ba76f74d069f7eb6f0755db4d350a_JaffaCakes118.html
Size

460KB
MD5

d70ba76f74d069f7eb6f0755db4d350a
SHA1

634af0c11024ec5471ed8966d2c34d4d6b52ce6c
SHA256

cf3efa9403800f660d990399fe16ea80f59d1bc69eca84a676fc90f60980d541
SHA512

de5440f903860e2adc56ceb77587bb48ffe6733339e728794cf8d5fe58fa2837068206343f33d7fddfe3d46c9b8e0b47ef3a32447b227e89fe173c52e6ef4e2f
SSDEEP

6144:S7sMYod+X3oI+YSsMYod+X3oI+YtXsMYod+X3oI+YLsMYod+X3oI+YQ:+5d+X3q5d+X3f5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432075758"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000075bd7571623de32391f72edc14ceb78ed3f2700502027bf2009d0d983412de11000000000e8000000002000020000000e5796fca2b2ad812031641de6a02dad77fc59f7030ac8000f8084b269a212fc59000000017f6bb912dc6c1310ea58c8dcaff61d6a8a569b9201227a6b473ea0ea6b42b63592e3f1f8aa0ed059d758c8c79e5f62cfc95f7d48aa90fcbc930ab47c20df78efb9402c2203ab4dea925fdd727773251aba0dcda13f482ba14d3881f2a09bcf1c27d84910b12be7ccdffa6e847a53db9e54fe64ee34007e498d9a528b1440a44f73ee59e9d9ba9abe53e37fa1f30c195400000009efba3449e4159d692faa5642abb2e4c87081b28986d81ad3eefa4fb856277e15b28931ed64d018d260eeb0a605759529eed3d444ccc9742f16419b710e37869	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000a24321273fc54c7bf5f2b19efc7b45779250ad851593d222499e3b78196f9ebb000000000e80000000020000200000009303da3e6f656e4cd27a4e292a7c2e9272ee27105dc2ec4a5369a6067b4897f020000000b0bdab16b46eda57d7f3755339a96a5f0503857f64a16a1f75bb49d8f84f7cb1400000003aa823fd29a9e4bdf8761777c15429792262e3b085e3f90b54dba54eb8401bb071ebd44b0b58cb7f9835a224747d7ae193c302af4c0408bd35548612082bd4ec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DE69201-6EEA-11EF-86DF-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e092d256f702db01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2164	2352	iexplore.exe	29
PID 2352 wrote to memory of 2164	2352	iexplore.exe	29
PID 2352 wrote to memory of 2164	2352	iexplore.exe	29
PID 2352 wrote to memory of 2164	2352	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d70ba76f74d069f7eb6f0755db4d350a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df996759063975cff980559d0b4190e0

SHA1
7eabb33be95a31a693bdce6ee00bbca4a3b96af6

SHA256
d1bdbd1dbbb7b3ca1fb0d4c0a56d32eec64b88d20b8757ac336c3815e8d500d2

SHA512
ffb3d9590379da4e6e55b961595fe42bb3ee9f89679c788f9ec696cbfbdc3fbaa4fe0c77191deefe076b2efb3377ef51a8bed570ba7ac52931d044ebc9744118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb0ce3a7b7ffc371a9a62ae84422c70c

SHA1
7f447e8b8ff9e6b528d1ca2553c62ebac9b275c8

SHA256
b46010b1989b3a55d07dd61ab4a8037d17d80340620204a613ee7bf603d0c8f5

SHA512
dfc1da88f3c8c95da3d005577f20890a1e23c2f361e414f07c3e484dc8c3e6a3307decdd99fb3d712b40975d8a6e3ac8a67c651f413fb3cf4f51959629ae26c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98723aa5584280c8ce3cdd0d0fb1b04d

SHA1
57e40c3d8117f0cd4b577901c88191d1868f4ae1

SHA256
28ab10ff035151fc349b651b03d1e0490f2529cb6bd2656c519e63de53578fa8

SHA512
cffa43928510c7dad20e70f70c5ff4b018ceac0e518fc07b5a378a7579fd1e37ef692ed49a8408711874821ba7e829302c0d7555912ddc71d8f58c0413c9d71d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3027bac7c63255ded0190fd41cac56f

SHA1
75e5e75c46a866f60213b198d516ccfc8586caf1

SHA256
502c9c91703a7c8fa1188277c3ca4963712c5e80b7108380077580dcc9bc2273

SHA512
766d3511564c661afea6cd7ff32fb326eea0f4a4677cc9abc0ad301392bade655e8b38a29c7e25692e5b11d7659cbdb1c42239366ae328923e7eb4230b30431e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02bdd97b63a86e0576b9bfece12e4b61

SHA1
266488a0447c6397a5e43d367307417b747e9ad1

SHA256
62eabccf2a490394c56f1e723dfc6f1c756a22968fa5cb1825fdbcaecadbcde3

SHA512
d515922390fafb960f61a38b52a7f0764131ed81f36f9d821010dd58c8593d9cc188cebf1c397a26198d03cc36ec80cdd09e6b7ca6ce24750fe9d9361175c28d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa505eb0a6cb94e329020d04b16dffdd

SHA1
bb88ab4d46a3bf881f196eaae1200a712b54ba0c

SHA256
fa5c3e03d36b16268a4656a2e806b26198b63eb6aabd74a7ac4d97132b092477

SHA512
ee797400d3a59d0a3299d6fffc97fe26b5ba051c553abe5f05e25cce426005699c408533c5b74abeb9ea797ec40ddebb35fdf2a651ccf66a7d483f4249cd3ad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3148024bfd600873c14e6bb52ab9efd8

SHA1
5b66739778c524d57a717b893b1785fb7ca952bc

SHA256
f1ee7655ab89a6138a181e0db6f02627b1a3b6192425b4caf071de30dbab82e9

SHA512
359f8da12a32c66231dfff2602a4076b5a5c2aa77ec201668d902b96630a591d2ff81ed5bec02d2c8783807736900d0912f1b0158614ef843e0a6a04bfb92b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d663473ea27f04ca6cd1691b0ccf7491

SHA1
a54fe02f1dc0e07729b89b13263ec58610dcd111

SHA256
0d0e35400353022f60dfdcfd2c112c194e3ddc8f12314bef438b7f7322c7bdb3

SHA512
972e1d7a1a8d8d26062b35d673cd9a8eab78bb6d34cac2e79f94f91750c2c6004edef55e4860900589f60a74829687d15ec568525489e7af3e95bd0c4f11cea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1160d2fced98281b9e20a637dce5ffa6

SHA1
37055e97d1b7f50930e052f530eb80bc71bda4d4

SHA256
86680c25605996f17ce8ccdbc50adf9f5c239d1c94994e149ba3cc4f6ad94c13

SHA512
28fa1e1acdf581f2f22625a444380c2decd20098440996dfb68dd7f7695c0a2287bef7132b3f9c87019c3385f463a56ae2282aceec571340f0b028da1f1c556f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26ce14b5ede20ae43027a674b5757253

SHA1
a3f678d9081fbf354c7a12eb10ca6b5578d4bdeb

SHA256
d057047a0f48870efd25482e7e2eace5eccbdd619abfe54e925e00d52d49142e

SHA512
8220508dda09cf0b25f888ae1fc1ee96cfe4ec0b228feaeb7f92e65be3c4c3f78303229e7bb759d2a1129fad7371178dce6d21a049ea2f17f21a28702f7df4f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d60c995e27a122f94963b1e6a2a405f3

SHA1
b844a595a994f48fcb472e83f5c1cb9e178dd11d

SHA256
7b54e28f1bf5a94e6ff36e3c1e2af8f1234960e097d912ce0fd0339ebda518d4

SHA512
4710d5d94abd91488980deb75fcab80fe0536e7de46cf48e9fc805879fb87efa75b96de94b90159763cde05b457af04eaadc5271e124cd22ca9a883bb51b84ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3737ddc235ce95b24d8dd3e41b06c4b

SHA1
72528dc35c953aef04186ae2502ab89e8a617e33

SHA256
f266e5bc03e434b1099caa109c8c4115248d032ddde7a42f9f64250b81d0feb3

SHA512
a234b55aa86191d8014cf9b7cf624c8596320933d2c3b724cf9ad1cf425230cf0c05da8c6359aa905d4bae7c6066a215ced19a36825ff10fb665b5057eae422f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
391a159eea64e3e371f9d9cf11bae372

SHA1
42ab20189824baf290183f2572dd2987d0c88a56

SHA256
16b7564dc25fd527aeb7fa19e15875e111c8eaebf076ba1db2a4f2654b9f477b

SHA512
6fbdb388a0c5e52998915c5d3aaaba932fc4bad970190a321ffa70e7e1af68d9847681358d25060c98bf4bc75cb04462fbac1fb7b8920159738f8bf061a5156b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae9c3c4063d103a44493debd4f4ab7fe

SHA1
0ca46129e1d99a0cd248d7738ce3a2a4ab4829c0

SHA256
98523a7a62c1104e761cd6e149cf6ca9754aa147ee498adf39e28cba25ec2d51

SHA512
62e509e8d04ba2a38453e5741ff21f448b8fb98d6f2becd069e51b1de400678357880edc563efdf6cb5bb523f2ea0da76bf333b24426ba0513649f443939957f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e9c80b375fbdf3cf34019e645f71fc0

SHA1
ff38c2e0dae0a4a578946b6b715ae8f7d09cee17

SHA256
c03c6342e9e13bcd6fb2b7392cd9c487118f643deab45e90958fc2c1ec2bcb42

SHA512
a31550feb0e9ca95de0a26d15335fd8f964cd24dc63e0008a0e500ca44ff58c67f6fc9c8f7c609b004f4bed2d869c12e0987a8a207c6623e975112bf0e8ee3c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e58859c7ba26ce8291dc4c182f631d5

SHA1
51b4d261ca55d57ac77119ba53f88af9c6003911

SHA256
68649e273979648168ab6ff976200c049b5ff69ba6189330b6590f8e1152bc30

SHA512
d4d1fffd659730e395dafc42f6b32697ef721099cfe24f546ea8589ae40d46fc0be72043dd7bd7270aefbc3f7697c6777a8f1051dd175b47564c55fb2a11d95c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e48424e23f47c782968d53026f079b1

SHA1
6d8f847637e6e47a8a26699fd9d17cb485e1fc8d

SHA256
9acaaf60f383c1a0586be1d88e27138e6a51d305c8d7c2c351ccfa1385d8b61d

SHA512
e6c23dc9d6ecd50c7d987c68ea9b90dab842b0521af47f27f9ac2c6d1bcf9f82c39e5ac28fd07f70e517626374fb60611b31b9db4baeb22f9583f07f366e5207

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCAA2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD44.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit