c84c091e7272bd915ac5ca7b79013e6631766307cf447fc7d48f5fb9cc1a074b

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 07:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eacfd6509abc1b1fa29c3b3ff87745cf_JaffaCakes118.html
Size

8KB
MD5

eacfd6509abc1b1fa29c3b3ff87745cf
SHA1

0c1b55e1a3c143e6d626e5ed93ad122b8183bff5
SHA256

c84c091e7272bd915ac5ca7b79013e6631766307cf447fc7d48f5fb9cc1a074b
SHA512

120c570e5502fca78f83ceb925c173c9c9d30d30286e075313102c499c5c457774b3c65aac1b29db8d508da9bbf1df23d58050e004dc20df36fe4ce406ac0d2d
SSDEEP

96:uzVs+ux7onLLY1k9o84d12ef7CSTUEyqUhoU9gUdlBdvn99JcEZ7ru7f:csz7onAYS/I5hV9TdlBdvn99Jb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432891245"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000cf56529c8b31fcc5ab8c7f81e91e5088a0f9131abfdc894719efe6d50f2ec230000000000e8000000002000020000000051cfff974ffbce2c56adee63896a3ca406c231eb88934af41492d20e52b125820000000eb47b37a99c609d63704f80138462b18cc5da0b97db46be6428bc164b4b34ea24000000014a8a3428a5810a1e47c1ddaaaaa126ba7937afcdee70e708dd12555b722bbe1b1bb10817b44458c5a332de1b50bd8ab4cc25f45bdbf749efb4cdb5ccfd93a32	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80749b08620adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000a7f440a1933c1295e16b2d7e9fac1c1cff4283637338b239f1d3ee43f3da8a78000000000e80000000020000200000004a75ed0d18871535ada0c05c2f4c27341575e0fb419dde1463bb0e79b5d1c51190000000db8afaf5a3e73878ad782e654d08bd357801daa4dee149876d4160126ce41a4af3926016cc91f2dfe077353bbfe9b6857eb274f733af859f405f134769e241bfd5300b147c7ab7cc37a1c4ef22f4575e777818f0c5e4049e71acac09e915e9d1b9ea0c8d882ac1f440c656248627e7388f340789e20b9374d2ad4ceb5f8773b782f4c8aca19e59ac693208ee05eff55c40000000a3b0eb9d94ba150dd3e2cc20850f14c791df57db40a5485a223a1f1add80ef45cc9dee3449f2b41bdcbebe5277d540957d987c344fdeae11ea34a832d028b948	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33A9F201-7655-11EF-B40C-C6FE053A976A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2748	iexplore.exe
2748	iexplore.exe
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2648	2748	iexplore.exe	31
PID 2748 wrote to memory of 2648	2748	iexplore.exe	31
PID 2748 wrote to memory of 2648	2748	iexplore.exe	31
PID 2748 wrote to memory of 2648	2748	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eacfd6509abc1b1fa29c3b3ff87745cf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf45bba163e216ed956ce15a0ae61499

SHA1
6017cad7d873ef99763be543ff5cc94e576161f3

SHA256
c870a3c8547dbb541d95cf6cc9eb7e1dc7d31c982cf055280d5d543932bfa4e7

SHA512
a4e332d1f6b127843947964f49ad2e1cb89d035419f60ea711e39a6e1bb20e7602ab46d992b10b14750be4e9112f6c8dff1fe2f6314291d23f468a0aaf0d3eaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4e863fc16520abc04af1853600d40ed

SHA1
d53af40548345d1424aa2c9cb568ef9e7eb99b18

SHA256
d23595954cb1218743915386e6e32517fe5096a17678cec55903e5882f6effa6

SHA512
36649a063ac3f4f79304a14e924366f4ccb465cf63b08d4a180554e530abd94f1b072c4ef31ba30a6bec4f8f9ed24e2b12d2ceb1c5a8865d0bac524b8bc0117c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c469ea238e3949ec1895416990f63e0c

SHA1
5fd0565bb81726af34abb8097594b302b0296f26

SHA256
30f016f50baf5bb72adc2e0e72d6a3b38b302078bc41286f02e5266731bb6f31

SHA512
8efddb6721f1e9694fff37c4888f8cbd6213b030e5563333aea33e474bd945dfe52114e831f91c9292c75aede7d5849703bdcf2bb3be31d56bcfc299f1f215c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8580f1169d4cfe13122d1604d5b1a3d

SHA1
cda72cc1be63e669904fcb27f50e0d0e4c9506c6

SHA256
c2742c987768da2b6092d7de0a0976926114a49a53191ccf459fddaa34ee553d

SHA512
2eafdfe5a1d7a51797101f7c10f6ee8da891e78f6ed46d5f86b0853b1f65b5cea83797260dd30680e451974051c03a8c7bcb9d7f4082c19e32fef120a9d857cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf634692f72bd4fcc1745158e5000356

SHA1
ec08022d6594fc92f34c4df90ab4f380759afd9c

SHA256
0d2b2e39a03b3e33b834a40daf812cf0fd6605bf1c11c5050275480668ccafda

SHA512
55d28a7e5ddefb10b01e73da40479cd2a201ebb2eebe63e5a89e4af65042078756283b6dc4669f9f1a368c72afd4a77c7273c4b1ca42b9add717f944e1172b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25b0656cf837a43ceef2f7ee68864556

SHA1
7cdf0a16311f9ef274b1bf64f230909aed1b62b0

SHA256
b424ca9e25b340c583e878245688c5faa3901e54b6a72e16edf087db3da2c5a3

SHA512
bbcdd78d540ea7516259bf069e8b96b6c2bfa1fe70f7f7755d281299bfaca1554bcef5eccf5679fff82c1ab8f9093b48fdd789fe0de94dc6f4879d00ce2ac1b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d690c0cba2ec1abca0d73209f71e5c8

SHA1
aab168ace97a27bab22924491ccd74d918f04853

SHA256
543c27e960d6be94d3d5d878d89dca315cee762dbbf3f680b654d2124cb8836d

SHA512
5e5b17234ec0123a9146f80fac8eb9fbfdf703989baf69ed1df23c4199bc6effcb3147912a172fcfd79c536b462da032d66f89e13a07156490d70ff43fcaca3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4944aa7ffa15170ed3241307bd2e5a08

SHA1
82f65c0b5b738481b83e9789105126f44c6625f1

SHA256
52b44197a6f898cbaddf5c60f3cad173ed7d1dd9af59ffd0cfb96eb0a2629a59

SHA512
0c146d14a2a9147edd848f59cce476ae2d6e23241a350ad454562ea75bd98dd218377006c3a65ac66df1ef4d209255bff0cb37ac9458a624ffa023d930d330ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c608e7e6ef5cb5ac280bb48260ff416f

SHA1
be1e0e93602d2ce9c793f594664a79129945601a

SHA256
984befd58e696dd7c2acba29a7973be426c9c05fcc6916bd948e38b2e3b871f3

SHA512
de11be46200f8863e22476902361eefa5ac7a326acfa38f1d393ccad15be26dccb4726038527456028f0ff63bebb9654654145e3f6b0df3f721eefe806104a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e213744e2a9a323e2ebb66903cb4b13b

SHA1
78e272adb29446584b7d906ec77fb7850559170f

SHA256
1e5c2b98ab99efa633ec265feb0ae0977bea411fdaa595e462a5c8178ff83593

SHA512
2b027f01a493448c1d8118adc36726ebca2d69c42c2fb97bb55d90ea36cbf31659ebde6335d83ace5bf3995e2d92048ee57d54b26e4a85f6c1b419291331819c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c8cf09421e7762c75c5b75122ef0416

SHA1
7fecac2915a9b51039f5b7e351a2270b5244595b

SHA256
edb1830c60f643d384c62be385ccc04e83c4163a715825ec95f27fc4dff316f2

SHA512
f57df6ce3a38e1a851d727a4adbb50b2a37f232ec393248c160840960168699922121a8ce523d2ec73c72003beef09d6c01a0665856f3eba2aa4057fd20da92d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb68cdc9a85cfc5527c2b9945b948e2

SHA1
37f535059f0561098c604ad5c287b833c207485a

SHA256
7acd54e28c2527a80bf4d8c238f6b0e51a87ba61fc4b3b061257518a24584480

SHA512
3a591585215c64e5651f6843dca1ac702c69152a4475d6d59769cbd67089813504156487bd29c042ed89dffbccfaef9549467afb51e4488484ff2ea521763e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a16ea61f7a8044c20f524c490bf5e79

SHA1
9b77b42ba0b324bb7b49f8bf6adb952708a341da

SHA256
1119bfc75aa2b4404440ff752c7cb352e76fb5497afdf6fdf9e41895eac583d6

SHA512
b31062acf999ec5c7ca76a963bf2a5951e5a3340c203d067cbaa1f2d0d8a4d0659fafb4deb62b8c2ec9e3b44b67ebdd5dd802076f5e5975b1de20254ef448ab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
186b51ec20e438890ee0d3d1f021acd2

SHA1
32886830c450ead21e7c928bd18357bbfb40650b

SHA256
95f6c8d4c2b0c920cd672aa00da06b5def2a4783925f2901349f0aba66a4f1ac

SHA512
aa7de5fdc82c76fd116f3e395bad96eeb2f4c05dbf6064eab34904f38dffa1ea9c7c8478463a18d22d0f60468b09bcf80807131892123c618a189f216ddbb3f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b21be7073b8bbb86b084b716feb7d01

SHA1
eb2e9e32c5fe9b7d8cc68e463a29d4009dec5342

SHA256
7b24c9caeca2d645f410e7030cb5dad400c1068764e80ed122cb660d248c575d

SHA512
d2f8328aa6d201eea2f88a185b1ae85c96e8cd220adfe9fc6187e7010a2c0df9d3dfa03783063c2ebd4492958820b022d3134e54619aeaac7ae6317f478adcab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2fea1bbdf67697a0f4335108a983a1b

SHA1
5ccd5737a09a9e9451b13984ae219619f37d9669

SHA256
5074c25166bb639678567e045c3c29ec8926722c08adb68830f32a3562bc15a2

SHA512
5a92123493af2dc4a8ef64dd51fc6e809449881baeaf38525afa87a745a0108ed93915248f4af578fb2697b7f825ebfa35196342b7daa79faad04936419298df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd111bc94ece6502c320c8e6923289e2

SHA1
a65c9cfdc3c903cac838894f1928907fa8e06348

SHA256
4da9429f4dacb207280d12f5cf0bc13873ca3da17f543654330d8c23cb4d62b7

SHA512
7fa0c21ceb0cf18991ffcd368eb829d7299dcf42d59026bcc93ffddcdab352061d341f05764ed52c198fc3c79f5625963ed2caa20fb56c1d19773b58b760be6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE16.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE88.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit