277ae08fce21f6e417c0b3d0f86b97f8dc3b6e9a9dc83f990135f7d59e35d007

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e121c803b03928c3ac455a8fb8230cc4_JaffaCakes118.html
Size

6KB
MD5

e121c803b03928c3ac455a8fb8230cc4
SHA1

057f79d7e2eb1ca15414db2781424737aa81dd76
SHA256

277ae08fce21f6e417c0b3d0f86b97f8dc3b6e9a9dc83f990135f7d59e35d007
SHA512

6540ac59d4a031b06693da596817dfbf044581706983b7e8ced3737a926f3ba8c92a3ce1748fa0ee02c56621618a1a5fd30349b257dfd9a4fc62b96f0567b174
SSDEEP

96:uzVs+ux7XyLLY1k9o84d12ef7CSTUBbca1sLiVcYR16cEZ7ru7f:csz7XyAYS/G3R4b76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000f324eb1282aee74af0ae21032eed60462535e2ed62637f0b8bea9bbca866364f000000000e8000000002000020000000bbaec16e112c177a9d5120437bfe833e3953a2c882dd904301368f35fbea2374900000008efe8fefd869a10aecefe100a0e936922d9c45c2edf5811c5f5adec91b96e3343a53e2aff05feffe6ac45d8dadd24b18517e8ff214ba1cbf48ac480e74c0d97a74e1e59b9a55eb44997075c926c3d18fe400f9c0faec49847af3abf1e132ad0b3ca13b47fcd18672e962ba373f8b9b2c410e07f3a72558f837fd034b337dfb02e26a4b09c63ada99245bae78c3917cd440000000ec2294d13a19cd9d66aea2642624320cb2ad22e20a5273751f66ee507e0e29d1c4575d0e61f9093f3a79c5c640286d9025a1b9efcbb85962be00fc7d484086e2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808cec80f206db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432513488"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000b978ab2945b228266fd59683c17884970fea07ed072c858b32980647a9abe1a9000000000e8000000002000020000000f55e58e59c56c9b38232cc6bb8be81f66101e657e4b8c9703e365fbda0fa45d620000000f3ed52248828c14d6db1e101085231d46c970ab2fb957e6d83787abe8a76423440000000437578af6526ddb3fd2a6352e9f2b60a2ac5435aa21f9272883c115bba8de0eaa4478068cf8f929e06de49ecb1996df156f2f1522618d934de387501b59a95ef	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA59AE41-72E5-11EF-93F3-6E739D7B0BBB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1568	3032	iexplore.exe	31
PID 3032 wrote to memory of 1568	3032	iexplore.exe	31
PID 3032 wrote to memory of 1568	3032	iexplore.exe	31
PID 3032 wrote to memory of 1568	3032	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e121c803b03928c3ac455a8fb8230cc4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bdb6696ba8e5aa4b8c86239df1d477a

SHA1
8da6d323714468489b0f5fb764f5bb9a1a9ea88d

SHA256
27e0bc8ad1e3560994786863d4b6109abbc6c35d2929e2d45fa3bd4a81c0c642

SHA512
8d7dedc9f96ee4bd82909d8ea63bc1840bde61b46dedb5819bf64c62efc95cd1971d843330c4f11b9d75c2e78feea165f1bf777101eb52155de3ad285a8c5a92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfe60c08ea4cc26d9573cc077a671438

SHA1
f10b980283d30c76d7f2e13630dc16b17663981a

SHA256
e78a311a5054b76642f7d08938860dca795ffc44a0c45cfcffcfdf774d9a0553

SHA512
e938552886478c699039203dff2156d7808f85b24c4cd19eb2809583678dded4ed8e70fee7d3543c74b020885c9528c1d1814b2da833273cdaa345effb4f4a44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
273aa2ff3eb26d8b7fe51dc2c69f0985

SHA1
4ce12bf7b229a1c716a5d3894dd1e01441abeda2

SHA256
5f42255c44e0558886eb21e4db76b3157d19c13037b2e95ff0b26c8e88c3e7ed

SHA512
8401bc108ebb726115b43214060f8beefcd9ae451a5f5a0653c84a3bce8cb18457e33dcc0c0ceb9d55f5ce6ab1dce95c58c1779b1e6ae38035546682daa7aebb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a32a9aebec5f08e2f8f582d63a1558f1

SHA1
2c98d7b42758a44f3f490d9306553acdf408116c

SHA256
48fcbfad431481f59561e98151f5131219542d1780147d1e312ff8f03a7fcfef

SHA512
6f9253ac5e45b5a0382e2723d89210a4ed9ec022c9375cce6866d4e26dedd0dd1c3861a4f8fc94a177e86f3e3c8cb553581bf9de03734cac47b8663a90e1c9cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce28aa286499897dde09a3effefe2efd

SHA1
7ba26e4d0fd5da8b937f2725635354043c6d3334

SHA256
26a9d8269eca1e88ab3c3ed6b52a02034b6753e1f1591a51c0a755286d7d4e1d

SHA512
fc1463373459535b8c7e2db79f941d341fad89f02e0fb720e7f3f7de6aa55fb358a46b5e73c8cc97edd96e8bd69f69ab85f0f8f35dac11c28d13cdc7e4421b0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
546515ca853f9a49e9f413a4810f306c

SHA1
9f8367245fb733bea0205808408380943a50d23d

SHA256
540b11677209ed5d080bd455e9ed040b3c45231b163d1bba58a02eeb6d9f325b

SHA512
f9e39736b0739cded675d14f7e53fd431a9f151aef92075372a3f380806ad44c7c6e9cf9c112eb2bffdd78d3edcb244c7c5710e7476aa33f06f5b1d9eef8a320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
747b8051043a67c4885cbe41f1cf095a

SHA1
b7f3391ee63001470796edca39f32c7deeda5e44

SHA256
c1c98e0d3ad60b39d904eb880e6397cd59e80f806ae4f7229dbc91f1a313405a

SHA512
a62a3601539b66a6b833960437df936b87aaf448a69443f8107271f23bf37e6c28cf50235b388044989fa9c9f26597513fa71cba0005ee7bf29722bcacfa3bf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b6ccaf38a2d6ea76a0b481cdb884b4a

SHA1
97cc0201e69ea23cacbe968269acf8b35b6377ab

SHA256
50483e2bec67ecfe534c6591171935db7d7ba09fce5d42b581d5329097197e81

SHA512
eaac824868fdba8c38801cc36b493b705301eef453440b00bb157049097d9d3041c1d792689bce31ca739b23f1b1716d1e9804b1a2eb03e13dd9867f4581091b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96f0913f2fd233ad849a5c509e77d5bd

SHA1
66dd4aa385b6569ed08d53f6347c64cc21437e4c

SHA256
00fe1174468b301bffc2c705e3a6ea4118562fb389887982ac553d79ace0670c

SHA512
ed0266eb51caff13f6591a1fddde8e75f8d947962c54a4d7dbcb9d85ce93ac7b3e100d9cc711abeec712448b2760e72a6a6944cbc808c88b4475e707ca9c48d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7968a5732100724a6d4634e1b0ba74d3

SHA1
1b1099ed1765c85a8564bbae6e9db09ed1de3522

SHA256
bff8b8f861bdf324d93a623088e178336c81667f60ab8a87b55dabece692f49e

SHA512
804fcd5234a87b341e398ee033235c039d07be0e2b0b3c27b8d5c8f4e12fc6e171dc637fa56fa6ca9c239d3d27344ec4bb20e6a6e45f5ff972178d6732dc5bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84c12b88f065274e0278d87febae3eba

SHA1
fb870dbc704c91657631710f0c53257a63fc39d5

SHA256
7820cfa749a9ba6c1cd6b2a6e1bb945c5c395df65ee72411d2760efedc14dfd4

SHA512
e17d66fa6792e890972145ac264d7a47aed75ef389a3ace314e23deae6f50f8ba40f3f77d4235c9056978c861ec6dcf1449a3243e81d35ae201b423f10fa86e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dfb6b08797029b969748881271261c6

SHA1
890a616b3e5efd9f0fd635d4afcc176b4f6acc44

SHA256
7653d4745a3fb7972b72fa9f226e3083d83c2e97157aa3259970013c55ed1b94

SHA512
4c40e6dbc45b87db53c46d6bd100d2833da84df92e624d9a3767a6f4725c64e82f72b5f746e1879a5651160c4cdd06c2ef439f18b2d71cf793bf43910ccaddc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97611549762180037632cb9901481776

SHA1
6a4d6d407c5718807eaaf4878e8029146aa4bbfd

SHA256
6ab899622563a7b39b426f745d665aa418ab7401015424a80f7ee254f3a8805f

SHA512
727d12af2509abe6a1dc0586a89efaffbd280709552dfd602167c6f9c20fc836490d551a980d0f133b3069c8cca902d2e958b11bb322defb72020fb6f111defd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
447064a89801dd323b55e9a4ea35b2e6

SHA1
7d208c25c52efcfd619971104d7c0d03d3645b36

SHA256
c306be26eabe98bf41c306158f325e9d54703123be40ccdaf54453be0531c14f

SHA512
5cf39dcf558934e4ece3bf697fd05253634919a133b33d7cbaf58c6cc125c7bda43fd5fd75565226e0bb1355f69a08e24b03a71d2868a9017ed734b144442ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cec32ea743905b5011693767eee5eabf

SHA1
e1a173532c4df102254d951513ac566baa384a4f

SHA256
866fb1c4a2824ba1a5651129aea32a91c4a7fe18ebd3248836d881687379e9bc

SHA512
cdb32e3249f1efa677981261e801c1ea7ed651a517a530c2d22ce4849a745b239f608a76eed23098c9a6ac7e1c17acf6c9fc0cf2be62b36e8864e51b91b00a48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e28584efcf480079110d3df49b5718dc

SHA1
142bc6b98718548d3bcc336dae30e3097fa24fbe

SHA256
710a17482a9efa01c75fc200d5878bb28693bbe42d8de1b4f78a7995a54f1636

SHA512
16e0c5e702515378aa086f52e5ee28ee7bdb89e76071b7c98807a1f7bc62158abafa37f79f10d4d9e88d5b0f46e400130b843afccb4287eb63f7436dcd972214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24a5cbee70adfff6fd58e64cb4d11c70

SHA1
7902f9ab6e9ab7e1a608dc6d72132eb2710c51cb

SHA256
412f50e716e9d5c78e271a4f95f23c16f93cc9cf07cefedb3d843577bbf93cca

SHA512
fd072470e21b15f3e9932f9988b9c2c6f5ca2fe3bfb52359fac69e2eaff5427ec15f9a674ff207ea319b7aee5e9c0b7891b4b9d19de5ce518a40edacd6924d05

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF451.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF4FF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit