9c360f13ca1f24a6e8dff13f719cd3d4645ea7a2c2f5a5d5bdc777700664136c

Analysis

max time kernel
134s
max time network
132s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1e61536907d80696906fa406f26c921_JaffaCakes118.html
Size

12KB
MD5

e1e61536907d80696906fa406f26c921
SHA1

2c7955b561178396958f6f93464189a8643daffe
SHA256

9c360f13ca1f24a6e8dff13f719cd3d4645ea7a2c2f5a5d5bdc777700664136c
SHA512

5815c1aa441aade5c9610dab42b2f22d3818b59dba386d4ecd9ca4b0645755ab212bfae812d726576660e34c54108ca1520cf573697e616b1535ee8b662aab72
SSDEEP

384:Cyi+7kIJupIf5Bd5dQFAiSb/0hMR2Dz453dBC0f:Cyiwf5f5dQFAiSbshMc4537CU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000cee3951a2868fe466b4637b95789dca0331c311c6fa772237c7f27edae385ce7000000000e8000000002000020000000315fce3ddf55b8af03af9a4b08433d3a4ccaa5cb387945030c1d89b5023675a8900000005f5c8fe5782a11774ec5e4a0e2ff5895f48936c6fbf6e2e67c625dedfd4823aebabbb0f097f46920f9090fc5c056fec1327460ff78145b8cdcd5e89132746805ea17889631ee716b72d907d3e11b3d27e76e475d754b43def004e94c4cb50b83c3ad40ee0de7741b3fb5119b63602e4d830bf6b1e72b1862f266de10b549d1e4dab01f979f774e450b712cac599ef944400000005d27de624b39557d507b017e0305527e9afc9700fa17a7aa19fbc872d868c7985dd616f2f3628367c2224262a5d88d8b4a93d6d76f9031a6302ed8b7932c3ead	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e913793907db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432543972"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A44C8C11-732C-11EF-A742-6E295C7D81A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd30000000002000000000010660000000100002000000072ce4a1e8886601a48b51763faa7ae9840a0f2bcfe3aec2a1127331f05dbf3e6000000000e80000000020000200000001c78955a5afc7f8c64e38bc0bf9afa4375a0f781c246c102b749d0bab99749fa200000008289200921e373e798e73235f51922fe68d304b6822e632fb101a06043a37fd940000000a041df23f552150a95dd295f8fc9eeb89c22fa0843cc8a2db800a0094d0f9776491b8f7cb6dcc0be7577d1e81d255633c446eeeee052b310f699b92dbbc21e28	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2112	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2804	2112	iexplore.exe	30
PID 2112 wrote to memory of 2804	2112	iexplore.exe	30
PID 2112 wrote to memory of 2804	2112	iexplore.exe	30
PID 2112 wrote to memory of 2804	2112	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e1e61536907d80696906fa406f26c921_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b85a0c076968f9477d0443a52dd1584

SHA1
5abebe25e39fbfbefc89936c3021c42659f651b3

SHA256
8a7e8bf87d954206efe77843bdeaaf889b8d71168b3b5287d59ee529bc0a9ad4

SHA512
fb1442a52f9354bee67439e85b3c9729ec358f5fa54267f1623b75a4971dcd03955bdee255fd9e0d42ee99de48c90a1e4a0e1a35025c470649e11ec94b94446c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1a87589d9207e2dfab8e2a8bac7eafa

SHA1
073b53915ca59c1a95b7775f6da63f2986753987

SHA256
52ff51498d2ef0206dcf67753e4647b59b63f247b02fac87e69ba01bfd17e066

SHA512
6121138979b5ed286cd05e008d8618bdf888d2481d81777d1c61a4fd1ab45e26a18cbed5b6fd21707d3f1af33332e9c9e0d431e930ee35aea0f29333dcef9cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf1bd56092f0c1e49711c9c653e90794

SHA1
a62ded88cbc2ed278fe0771418d640b2f6c96494

SHA256
113b252f62f9b1dd435ad4b5855e1ce7002824d5d494197c50424b5bb9697c9e

SHA512
f9ff63291188e8850d0958931ca1f1a5aa50319cc0b0d35a54e67b97e4ee6fcbe6d0aadb0856eb0351bb71d8734e74e0012c46d382e3405c6eb795ec664498d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76349a9f0a77a36e92727bc2c62cf9a5

SHA1
2a58d0166629876d0cc055c0a23519cb2e74b196

SHA256
96ee2268c8f3752b5443ceeddbe3912d8a9f98217096f08f229adf735220f399

SHA512
c89ac0fea66fc4068ee77fdaff895902b04a5b8ccd25380ccd2c9f31babee6dd4185b747e8e55e0e0bf01f077f05a458dad00748f4539d26089aa84907385ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9070d5be045f32a7f4e5992b893043f9

SHA1
26d3a399951ad4eaf548c3101a805b19d4d67c87

SHA256
cc08a8d340d4cf1b673ca9f9fe89a13ee53a262f6bf846ba51b62e4b954cb2c2

SHA512
db1f84b5d5e4310dbbdaf89380441b7fad1dc47e47de8db7d336ad65351d45206e8aa4f1815c611d14afebe81f8673c56fc5f4cfce285d92c842e270acdef9c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9b3c4b67c869eb9dd96bba3120ca265

SHA1
809de549d507f4fa6d1375893a266ee5ea788d55

SHA256
c13c236e8b1f375181432e598e432ce64742af8f566fe2f2cfb4a877d674d245

SHA512
f035fd49cfba18bff8a31117ad181dc211383573193b8f2c79fe5b8ef23fa0d4fab0a263c5af609b4f434e6640553d9f590b9bc676bfd0fe1930eaa27afca286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3fa006e1d4a462f73650d432778e9bb

SHA1
c23f4336bf433de6ef21334fbc57199eb62ab2e2

SHA256
7431e58f042793d633735da9e68ca705395e2e4f9ca517b34d9de8c9318fa8be

SHA512
7d0033e2a548104829b152407f06df656c9880b54a43f240969415e6bc1d313d5d9d332762fe3c9814924b32b6950df8d069c6783042012d01c39aa15b1f43e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d63966cb404ee9828691a6d56e871f58

SHA1
3442efabf9ff5ab2afc333169f3254e1f6007614

SHA256
36f4e3567d60ab64ca48ff541f5f74c931a7bac2c71c6880a0eaf3f46c6ebfbf

SHA512
f773236973a4d6cbb3943db07765815dd61ba0a9d42650cf79ae9f0dc271c36842792e5fc1823b3f60bffa4dace55c610a320c6abc73df5c34db134fc89ee4c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b8d3e55f2abd83d4fe72b9af03dbfea

SHA1
c32d1d5ed9b865c7411855aa9aa08fe960bbe01d

SHA256
5c01976950164468c82cc70eae74730135b677a140634180804b3262f16cc604

SHA512
e2487b7be7ff69a4acbbb754cd57a01019cc65573760c4a530c9fcb94d1593e319d26e03213a23e427842553117e3ec73db732fab6187004ca7d5b05a33ac12c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa758543a2b5de1501a22054664bf8bf

SHA1
3917d9a7fe290be55c44e66cf49922b69d66530e

SHA256
03c4bfd159446899ff38bd7ec96d2c45610cc40ec09f514f5b5dc8b5be2b31fa

SHA512
4c70c408d7b477ed38f1361c564f1744ace2bf8438b05cce5c0ea6fd21058e80acfe5f47c8fb4ab06e385b6a48910a8fa2004e580857432fda0ff967f0d61378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
886a41a5c39a2aa7cbd8b5cccbf113d1

SHA1
d739aecf51d883291c678c8085a8457389b211f1

SHA256
834f434a496c4274d45bae3b4c1a0e00773846fe46d1bb74b40f42a0017211b0

SHA512
db7aa343b002ed4ead5d0cd73cf37e8f7a6e81f72eca6de331526eef95a6cd5ebea9535fc5b071230dd742fd9ababf8caa36fa34fb501217f42ba85931835554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ea1575917d27a184ef8164683cddf5e

SHA1
0f01f01b4dcd07bc38cbec983f162386088ee251

SHA256
f99ea3dfc1d04f6bdbf5e3f7d1bf6036b6569c43c3b1acf1f41e8fee27745784

SHA512
8e293195d914820e1624e3156ab6cd83197259540bd1722363446009f96a8a0855baf619ff103d2c4b0e4600f30e7dca14c5b34432d5ee5da3586491c44da314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6da7700dd023929b6981dce8754963bd

SHA1
3e3c37326efded69a2eec96191c6a3e8006b8014

SHA256
5d96c17ad32e41ae08306721857c69e90fce4cd359dfca4548e5232eff3fdbf9

SHA512
06d542467b29773b31074918104993947e8e71a1d1581dcfc230ac1177b000467a4c50a2e6e79a0ae04dec0c48f3682998aa278b16d811149fc3e331e788bfd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44106a9faa509d1f982d7a15412efa0e

SHA1
54e49e5d92a8f9a775ab8bbcf3f54178b95a1bb1

SHA256
9d190e4143a599b3b5ec2ce58df4f2086ba8c13e0055b39f494c135f366819c5

SHA512
83086f4d56275200c38c82d454ab316c9a2a461f9d7b9c868563c82215d219d3ec6c349d93b1dda05863e430b89ed6192bad4873215fdc96b3c07a1939a5e74c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cfe389cae86f860d1cacf370ae11ac3

SHA1
cbd951c618a2eece0b99fafbc5a31a7a5e3fe006

SHA256
8a900d11b3c4f5b246bac9f63e50844fa6d2b790296eb9840d8cbf58221bebd3

SHA512
01447c573b80019123809a24ab8ee8e14f8b960df64ff86e9d0981d9340d63d35b56f215bb0b8c77d119ed6fc2897410fd7f4a96654f859da3ca17a3a2416677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a30a5d818730d2162f3945a9efa19c2b

SHA1
93c71043d19370781c3b7a1dc4287201877ae4c8

SHA256
2bcf856d850d6a1f2bf24dbe0798dad6574c7525e0a442e2246de23240f3bc6d

SHA512
eebe9e1e48f23893e4d951ce66b2a92896a355f9a5399228cacab636b4d08df6323ef29a696b4ce33fa2ed3751e2b36885575de92b86c885431701c49f4c6eab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56a0e632c10765408ba51ba9afa2daaf

SHA1
957a5b634727e21fbadee59f73b66e6e1391577b

SHA256
c2758808c6182f9a2f2ef2ec49e71509e44a9753f6817f04a4764fbd57064cfb

SHA512
8a9a00793fcebdab4de97e69d86670f5242e6cd63ffcdd71be09d7ec9ffec00e4c1acf13219e987ed0448395526cc16e047c35a2523b21b3ad3031a1b967c476

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab122D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar129D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit