4b2de68b0790324e2dfeae4b991933e76602de1a35e4ff6a79a5be9b550edbe5

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e276b6eee390b1fcf401f2e196b2d95e_JaffaCakes118.html
Size

6KB
MD5

e276b6eee390b1fcf401f2e196b2d95e
SHA1

c7aed540080bcecfbfbb3599c0b0497ac7f0b506
SHA256

4b2de68b0790324e2dfeae4b991933e76602de1a35e4ff6a79a5be9b550edbe5
SHA512

b02546d9daa42403e6b20792a74387f0069c78ba504b339ff131591c3607383cf5fe0b5e24aac97c1561758bfacbc6d233d360e0bb405716f6dc7f24d2aaa689
SSDEEP

96:uzVs+ux7sF9XLLY1k9o84d12ef7CSTUO5CY/6/NcEZ7ru7f:csz7ItAYS/xF4Nb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c6e65c6907db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432564498"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F49ED21-735C-11EF-B686-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000002451ad00359c8e824c79ec1646efd9fb7638c0804e50bdb271860e2da14cf738000000000e8000000002000020000000007a15432da9341f6cbdf30cd6f274750adacf72a8666075aa06a36fcc1a157120000000308c458412a89a274275ac957471d5d576f70392c610cfbae3b0784cb03ef8ac400000002812fb39e49e042630014019499f35089a78f369fba0730763b0946b3ebd67bb4a05954015e9cf55d3f5187068fbaa772560aeb1645bc24f39a4fab34298de4d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000003d98c1df00d3c02296c4a5378a9df692dbcabd4c12d50b2720c732fbd96f5f01000000000e8000000002000020000000aaf618167b03153fd6c436ad8e6e2cd74bac13076ead2f72fc7185d570ee6861900000002becea3597b9fc14bae63c5175dbe1429bb791c655cafdbfbb21f04f1c238173b47c29d019b5303e4fd07038d3244ea8eb36acfa7fd812f72a6efb434ce3df7fe38b1277c96d3d133a41e751682184acad9b69258cb39b39711f06875e3f37bfe02c5ea36ca535101b53129c73c9852b29b5855bc99397bcfbd80857f9b0a81f17b855e35004951e18302604b7dad2a44000000098fbd2056a545c85f1505e2492225f407b0a7c84937ebb9db54c7b0c458d3991d943c7b116d7ba143429a8c24d8c41ff490a198abf7f2fd1091c5c4c8dba6174	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2808	2228	iexplore.exe	30
PID 2228 wrote to memory of 2808	2228	iexplore.exe	30
PID 2228 wrote to memory of 2808	2228	iexplore.exe	30
PID 2228 wrote to memory of 2808	2228	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e276b6eee390b1fcf401f2e196b2d95e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
405935d6e05e448efa49823ec8370d36

SHA1
06081f9043da510703ff10e0605a5892b0224ca5

SHA256
bed32a151bf3c08818f0fe14a04bdd2646eaffaf1c0385be8b03ba49b8bb5241

SHA512
eafec87bebc84dbe36b773633b925fc4f4197779e0ca24e51758a53b818d2c3c008af2161b6e7007fa390cd818676f6725d42bd83a6a30bb42efa083de27e7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49cdc96f65856ff2c926a9d86d8627db

SHA1
c5ac7dd5b35f22c61fb4df6a3018a05d949f0719

SHA256
e088117fd8d68e94d86ed87a2700748507c5c1f2bf1023bffaafdbeb2d397e34

SHA512
81e4dcf58e9802dcc462496104db8e820863602a638ff4f4232cfb23abcecf060a87175d642861ac496782223f446cbbadbd886aae066a1d616265669646aeef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e791a781ed96a02bdfb2f0f85807faa6

SHA1
43ef21a4c5dabc29671d9eae2d3b945e77502d53

SHA256
3f46acfef5d67d662bf745fc2fb689e09ea5a949a123a4a3a0ae2ebf671340f2

SHA512
bca8ff3decbbc4c51922fbe873f8dd65aa251e24d3c950a4cf108d9634c95dd9324919e3639f8bc792fccfe5713041a9bec76e0eb160d4b5fd04db41c22a4bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a93259b316cc8a86fac63061540b325

SHA1
fba4ea8b08b677fe9547b05e630598cd1000211e

SHA256
afc8c6bc5c1d8593de7f15d276af2e6eb5087fa41d1d06fa110dcad8c83168a6

SHA512
7a24358909ce525b65c23bee9b74f902af0387a831f7cdac59f033831585ef1f515a54cbfe1e73b42ae60b319c91e4dccb328412a96201d3cbaa299616c8cce0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72346486bc78df9c2aaceea854920599

SHA1
8b9821b2be9f6c4f6b8a4a9de6c956b8914e4b32

SHA256
27e70b7e571a029e1c3aba35f614b448de84a7b5d1c4851082e02544aa2cc084

SHA512
ad7ea1802f6d0e88704f54c8ec777e097b07ba53168bcd9cfa40da89fcf98192fc1b14d4be2ac95b623206df947b00301f1699096dc4b1a0dd886df276eeb2b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b215780ff4b1767fa2a7e122049e9c9

SHA1
aee08cd310acc395a948cf0d57ba961df908b01c

SHA256
251edb0cc542ef132b47ca4377b74d0555dc4f47c4bf34baf7e83e663aca5799

SHA512
40e0eabffb09acc9666b5f1c37fb04f2f8d0a2f205270e82a9aabc851d67aa442fe6792d20aeea1ebafe294d95d9d184602c8e4989128058580d59a02fba1be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a88ced233243f770a45409c54b1d5986

SHA1
3133046821797171c73ede7c25748f23c8aae24e

SHA256
c9d63edd178cc9bc73692034ca10cd818d99078937a4532a6a840125655ed203

SHA512
308343f70b4787bf7f4318e317b5a83b5f7a4503cefb7d200206e136b36db3b02852e158c868f196da2537aef9db24bef53ab4eb30ba831c2456ed742b666962

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6de52c3d0675e5e50b81ec6f6c51ca6

SHA1
a7875cb3f82bbdcfbe2ba9b6e7720843dee30f4f

SHA256
74be9b7da453a0662592e7d7220b6b49dbb788195a18fa8066f6e9c1c4abc979

SHA512
8fbb3c06fd8b0eccfe675e556e530744a7591658a03e115e19de82d1742bfbf72759dbfd8a79c01a8545c0bae14b19cda1d0d5e98c6a0314a8a1ff512327bd59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee57f44c9bf3407a4ea97e5dcbfa3499

SHA1
5f2dffc09e349dbc90a42e85d430448ab3d3b21c

SHA256
700223437f81e46ba1c3e64fb27d2acf1c8793e0450b28578975a0a5e8360264

SHA512
5fb19a114b62bda66367f5e9d39a1bf3a7f93a0679e1130301829770f4714e15e68b5204654c5843dd06234191bfe7b0401b0600c95339acadb09f7dbaef308d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01016e4ad139dd677359557187f72a06

SHA1
9f6bb34d2f511b97a846b03d46c07d58c62c7be1

SHA256
7f9b84811b7818b26f58f30451ffbbc90ffed64ca2457cd87d869e3341ce3a45

SHA512
54f32394f0e38607af52ebfd610631ad712b39947965019e9ff9d4e5e8f478c6aebe22cd932fcf79c97dbd0000d64bb2c9389779fafad8699ea3b84143ee42cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd990e257588bfdaf9fcaec20fa18886

SHA1
4a1d75931f2424888cf69418a22362524d8aede4

SHA256
eed1eb09d74ea5c6a0f4c1e5f6c959e92d34b7a91d3c46369b74179212d9b4b9

SHA512
a81260ef39a4cfa8a08409f95390df066f00ae1f13f0ea3ad81ee7524fa2357d6e24ce4620c4d7fb31b87d5dcfc2fc2e07feff8dc46775cd83519e19cc4a218a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ef65014b701d75d753caf6f402d4c62

SHA1
40ef72683034ed1b90aeb4798b010c970735a57d

SHA256
eecb655c92eacd7f4eb71c87bae609842c2f8d05f50de70e9791e3d9265b3a5b

SHA512
44b71aa312b89fcc7caf60dbc5fd92f438e2495d5e25b6963ccb0f8e26ade7f557193e1d20378777523129a826729d8e5e7eff9ff0e207d08d8db4ff2df004d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6acbdcf16f78b7c507f301b67e9fdbd3

SHA1
0fc13b8c3ba030d1eaac4132c8efd2d82687f0b2

SHA256
88ef266118a28c0a9fad50a980d40a1989972cf45b2eaaa075fe0a14cbd91982

SHA512
9e815a5085d10746629cfc9bd28d04774370e82f4b46faff30b9e69d4777a8e6e45fba5f9541cb0dda4006acb868f588e901262b6435e8e147af4bf765834318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35fc63cdc44e1b19f913917990fec77d

SHA1
769095fa633700b7977edf40368398ffaaa332f4

SHA256
b53e12cf0d586b62bc428451ed1bf7917e4dae97129f8f90b1febbf0142286e9

SHA512
7301eba8dee7742d2abd72b004e88073421eeebae5ab61ab97b7df934c78813b2d968a8901b95b87a39bfaa43db0fc3d705f8f215ae5c13ca53cf601b7782eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c55591ee1780d96c1eb42e7af876f29

SHA1
7bf80df7cd132d9db4bddb6441e774f75a014b4d

SHA256
72edfe7415eb23058c2c2691b3009a0ce620e2dbff007af02081e187208278ca

SHA512
57e8fa5eb9107e037910965814124e006d431effc9d97fed1f45aa4b1d79587dab5e19af9da09e7f9f19b5060e38215a6ad0448f58b92aea5c02ad0c53e54113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a808d19face0fb74826e30c388e966f

SHA1
26efa8dd7380ab1a5b0f9fe949057c0b4d07b13c

SHA256
61e04abda14f12bb09e7a3ec14983917272a0ad4c91f31da8fca90ae4c1ee2dd

SHA512
62f7fa5e0719c110f8f09d2f38aeec8f45d085c765d2ba63485a723480abf84af2439de732aabb75430e673caae8f8f4568d466c1a009c0a50c7b54c4e8b4e88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7d1755324d2d81a9de52f2d5efce36b

SHA1
f7a0ff0ecce26d129d1aa3389793e8b480e349cc

SHA256
d1471dfed59f0bcd93e8658e60049b5aa382ccd4268ba84b49759a2a97ef6c15

SHA512
6812c4e1008a7768532837ecf502b86e939cdc29d3bd27f90c1de0fc6c6c83c378534e875e7b04657e353a3c6a41cb7569afabe64502bbf79819d68ebca02c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB4A2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4F3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit