ec5add3cd30b1a22d8fc84d81a4a17dcec1771d98c800eb3d1d72f3cf9ac87f7

Analysis

max time kernel
135s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead1eb7e69fc7fdadced06d70fb39422_JaffaCakes118.html
Size

899B
MD5

ead1eb7e69fc7fdadced06d70fb39422
SHA1

e3a1cf8492c81635514ea784ac4b0f8e93a28503
SHA256

ec5add3cd30b1a22d8fc84d81a4a17dcec1771d98c800eb3d1d72f3cf9ac87f7
SHA512

5c18a6e2699d9502ce03e111b9d78c2793ad3463cd3459095464c5ef1cb11f3dca54ee7e8ab0a3f4e8fc69924b1424e2197ff16e0f68d92dd56d65a60fab8641

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000a8946ea342bc3c5ed62c56d0d45a0335c44e1d1fc3eea403a7297b7cf95c731a000000000e8000000002000020000000956eb00747e27e8ebfefcd81c993e1fd9ecf7e058491b0a01e23af3bd7d56c392000000075517d6aeca389eb7566eadb1e45e3fd398034f6bdf58707f2f8028546d7f30940000000b07491d94bac1100839eedbfe9a6a7d6ffadcc618933f99c7bb3730d5cfe91636a87f8704d953aa81727b983b6dc94cb52fbb615c1c0d168c8da13cc012c5ea1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a516d7620adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01D95CB1-7656-11EF-8595-E61828AB23DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000086c58b293060f429d3ed4666afa60a545fda1900d036592967e7554cb6ef3ab2000000000e8000000002000020000000d73535c11c158f27d6e6000d30abeee4ba61d9ca73d2c04580d141f535aec3e7900000005596d1c0d24593ae976dfc8dbf145f6469b1ddd0de8e834706e03e4db7c192e6ee89202a8fb8a89550e4658b5ea705e301981b0fe2347b8f0ae6a97681a83144aec3d9ea8944be380ef663f49320b2be5e1eb79da58771b83d02f7a469dc6cd3385d2334a3806e1470a0943b410e8db7d1eee4c3e5dbb850ac83611fc0c342b37f9d6b0fd293cbd1f0bae2e2f2bf0b4f40000000532c736b2eafd2e9ce90c7561146bd811eaba76715f0580beb41baaaa44483df1d745678f8c4cc209faf8efb5d21b0c93288470d836c71f7242d49592971e7ab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432891593"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1424	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1424	iexplore.exe
1424	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2740	1424	iexplore.exe	29
PID 1424 wrote to memory of 2740	1424	iexplore.exe	29
PID 1424 wrote to memory of 2740	1424	iexplore.exe	29
PID 1424 wrote to memory of 2740	1424	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ead1eb7e69fc7fdadced06d70fb39422_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e58c1e1b4e704d92b36d8378298a27df

SHA1
34988eb0c058c2083a2271f65ada92e9298ea920

SHA256
1ee0f41c91b989866780a1a97be7a2f24a3037a580b879b38116a821d1c4bec5

SHA512
7b899ad8a4873a12db0365948fbf7a4dabb90a0d4d3fe2209836fb4dd22550896fa0dc68091b16b91b277fe53ed002a345eb4e2b431cb5dac8aad6eecd0d144d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77464cef6ce8710715dd97e2ecac033b

SHA1
39032db406e8cc73a5d2fdde1d8d2086c7674890

SHA256
115c82e2f6cc2462ce0bd430c8c2ead701413309e4e87aa8eb7da4ed408ebd73

SHA512
5b1f471302a5c435d12f8722d78531e3b59dacb255febe94e5a29076966000e210ca5a436b80c6dda9d16b8d320a6c45ab43c6b7a005dd8fb3b787733c64b16e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbccdf41b4c7a2a477f80d3dcf59984f

SHA1
f0bd9dde66695df9f8e1126c47d779223ef33e52

SHA256
5293d608d83d8deaaa2abcfc570e12ddde74584ae5af66ffdfa1cf61ff56a09e

SHA512
ee4390c312919f0c8b08dbb8be9d76405d2092f5ab8d9b8c452a599a55e6443fd5c9750b704f603bb653c8dfd01bbafb00bbed68b05811d4420aed484555eb8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbaa329c51591867c56fd3c9916ca76b

SHA1
1ac4d87f643c7cb075f5b6b2074a15bd826c28d6

SHA256
f44598b2cb83dc33d3055998b51491c0573709238108049e9a2f385fcbf69b48

SHA512
1eaa5de90cce202f93466ca28296f260515a31b4a474152e2ea2763707a35211815d6af2f45d5b85f319ec822fb1b5180c652dac2e1fb95dcb8f4528417b0525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c799539d47f39ba71e7360e2bd09e278

SHA1
8adb544ba1a1b727d86d29d766abbfbd33ae022a

SHA256
7408bfb97506cc2135ffa5a88ff9bd237d3ac8f0d2a47b22a4a836e151a73369

SHA512
6ec6b3a58a8b168b52d08c53836038837f32b590c99a7d2815065216782e1015a2e44a1a728a84e8e7165edc73443a02e32569008122e26d7e68244ce84b4a02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdfe2610abfed513ec7159e0f3d64162

SHA1
8a75135ab64a76c06e12e76c5c191f2947731815

SHA256
6f77b199d3777791c50c7de47a2b5964ac7357aed8ee2048572c14735ce5543a

SHA512
2e54554615142a1bcc74669da554e5eab6da3b4138dca000c1cc7bc55c35f6daae9ae7031e003ac0574a715ccc0cf48e68bf8589bc2e09e3b8b12f4ffd99ab7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb9c425c0be01364eca3e0857094a5f0

SHA1
18ccf64fb6b586ca68a59378254400673f8a579d

SHA256
6307951ff7b5627833ff1b5aa1a8c42fd3962194b149919705f260c8d726e86c

SHA512
affc4a5eceab135948ea32cb65aa9e2974bea1b8501b03feff9e8c2bc65b343c36e942ef2780d8dd40cd1a4baac35c96dea83464b14ea64c99b854eb1d4592f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d5de707eef4289b8148f87b5d554aa4

SHA1
3ec98bca93def7cdfeff3e0aa4002b435d965d88

SHA256
27f6d79ae75cccb5a85d3b73ee84491349bed1ee96172ebfe5075fc07e5b7c97

SHA512
a36450c33c5102976338ddca19acf0c25d4c118795d90e6c2af7764c0bb5b62245b1bbc938538e4cba2005715e0d2cafbbda02213312d430c1291640405381b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac790784b8c298426bf17c6f74c5d1eb

SHA1
0480de0a729f4e2d11d648e152e6db886da8f634

SHA256
62689ceb84b8b85db3d14c6af2456207e64ab4a863f0460bd930d6bdb9331dd5

SHA512
d206bc37b396c704179c4856f1a3db0955800167a0ce13fe9f41509df87434c58b3258a8b41091642c775ba6c0e48faa9468cb8be33d0f2b05182079de9c7e84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c46d56cd619d06efda9f66a78b61e3ad

SHA1
8c84c3efaa39c51674e4f923a48d393dac85387c

SHA256
72d6101545243e1de7d98e8e0638cb765e39bfc4c8b53e0bda35b88c8ca0a892

SHA512
da367dd51a943d4c06b35c3c37279e2608d884491b73372527146994b563cd6e6ffd7265081a533302e2588964ccc6e9b3127c956eb197cd2c97b150f6afacdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39cf727c1ba78038b3e62839e63f2f60

SHA1
1e21528ed11a3d4dc1896c46e1196e32d7d80d3e

SHA256
bd07a17ecd2fba08b7d7a537607746895a2b9b493628d21c3aa8985cdec582cc

SHA512
288d9d45040155cb58bd4f9e194571394b7df9a0fab76e9cae939f4b5d373dd432909a63430f79362a3a61511d9afec6f25adaf7f77044e162c5e6df39ca9aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17753812462acd6a9916dda9680db0d4

SHA1
172031fa58e79370c0878d07284f2120a5187ef8

SHA256
4274e5fe5e426dfb9d38c87574623d1265ea79b9641cb55136a91626327d8494

SHA512
462c45f6f0ae599902fdc236e30e63dbaceee5acfef356acb134dca18859581d9426ccae56e6543c5425fb11ab126f3b797840432d8fada441910288f3febcff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3360a1d91752ced12e51124738878e30

SHA1
008a9fcf4e8e7dfadaf5775722fb513d25622e54

SHA256
d6ea9a67c3c9ca804571ff8c540fb6aa93f77e60d2a79c8ce65b56b4ef93d2aa

SHA512
f4e507d90920febfb02c0cd477cd4f2880afdf7f270aa0161c41a62433336cb2223d4990b7045470a8912af5a8db0cd2b314e15e8e1044968022312d9827721d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc6b0444b137e588fd269f0b6fcf6576

SHA1
1aedeb8894392d50f4435eca45106164182bd494

SHA256
942a60cc8edbeea4bd379e45477b23b7ee4c87ad2b5d6ab1a939bf79465089e9

SHA512
a8f2053f26f272084d94d2f0a341a4f9c839b776a0a0e3b7dc3fa46e37cc2aced0aca0ba9131fb56a0c77e8342b1838bae61adaa79acc6a6a22117aa2c07abb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc1de781716db0b1f8ed54728290118e

SHA1
21873b9454cadfe1166e74eb562df9edb280745a

SHA256
6efe49caade667002ba49cb6ebb5644280334120c5ed648c16f030712adc3757

SHA512
be08ac377c29621e0d3cd683378a9475e0d387dccbb43e20c9254a38fb719ac388f52b60b2865e8f1faec00442e855534f1c9e2c0c52c0a017128acea5584866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02e5f8b2e4422c51f5202f39be4a8c4a

SHA1
fc47ae2a7610fdd58481f62978606f43fcacec00

SHA256
6daaf49284fbe54f1bf3f56c81677c9085171c784432a3820441761003ab378f

SHA512
8c18be45e099bf970b9d8ee7c7ee69449387711d3e2a876dcd460b84b3dbcf47d13b52823c01c3c2e506d2b689b06c68a7aa37a5ea4c8aa7575e129cf832c449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51eef455372dfa56f3f3852f5bf9fea3

SHA1
e971a4719bf9cbd2aa70251dc122f71e97ad42f9

SHA256
7360ada74ee14650f07a04b0a82abdd1590c55cbf4c9e323266323177c5321eb

SHA512
532803951cdbd67433429899d0569f8f21fa53fea018e5a3470b848f505628953fad60cd52ed3591a1c1a04d5aec45a8f27bd51633fa62fa217b130b30db2e93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f980338bdee75476c3a546a904ea0254

SHA1
f72d087aac053b40f53aa8254120df3970a2c598

SHA256
043445553733863824514f5abde6b1d18d2d0c342cb66e27a9384ba2aa8a5758

SHA512
353320ef4be0acefc57464af44b3727de5dbf545afd55a3b15cca15e58a4481b13836c023a33b00cd2837eb1c646b81aefdafaaeda0e2be1a089b57398055924

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab342C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar351B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit