6dec36d1e62c095fc8ef944b6430b4d10b3dee60258c68c60e46f7b13ca8207d

Analysis

max time kernel
135s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe2d299650b376e946ced28bb60d5f9b_JaffaCakes118.html
Size

461KB
MD5

fe2d299650b376e946ced28bb60d5f9b
SHA1

3aae2d570a72842924bf060254f1ed15d9af842b
SHA256

6dec36d1e62c095fc8ef944b6430b4d10b3dee60258c68c60e46f7b13ca8207d
SHA512

68b9a0505408f06461b3466f34d15e8c983a8a3b5afaa22f78ad7e0a68c42bdaa7541cb71f71b6392111008551dd9f2b296f64d473e91b842b5254d486766751
SSDEEP

6144:SDsMYod+X3oI+Y7sMYod+X3oI+YWsMYod+X3oI+YLsMYod+X3oI+YQ:A5d+X3d5d+X3G5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000005fe0d9c2ef6478450aa261c7a075dd44b678fe584c6418c8e75dda3ebdb603d000000000e800000000200002000000021ef7a5905b039f3d0be19acc0ecf75a4567ce2f6c4221edce204dfd64380fcc90000000cc27bc6f675e682b4f95f075356c43c8d6e320daafc2f806e5fdb390ce638f4d0c9c0dc7750d039eae64127966732c1518abbe000ad356bf614a253a4fbbe8643602c883e28fc4f829a187695eac39819c33b69034d7024d590fb5e67869ce5ecdcbb8b3da418dc09ed7777a31c8f2e3b426114bf3fdf5c260ac97b91f36b8c3da2c2098ae352e8db8228ac62d4cb3f540000000c2aad99dd1726ad04b245981c954fb1cbea3030000cceccd5a926022beff68e7c0bb7edacde7aeaab8dbef4bd6bffef6abf9270eccd7fab995350603413017c6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6F05E11-7E3F-11EF-949F-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000941ed996c5a337900797de1e081bca8b5a1b1ebe09482a31809ca7989a8888b5000000000e800000000200002000000045c000b9dd38609c9d025515fe3665950b2beb37eef90628014eb369546e4c94200000008f5c77eef2719b765729b54996f5ae426d5394963e72f80d955da2419bab4d2c40000000319ed3312de4f8f6847c94d7c7b383ee897a4baaf8a61cf220ea01d3f3471915c88cb24033262fe4b343709bb037a2bbf48e502f839a28d25143e1479d918fbb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803309d04c12db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433761735"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1940	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1940	iexplore.exe
1940	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2840	1940	iexplore.exe	31
PID 1940 wrote to memory of 2840	1940	iexplore.exe	31
PID 1940 wrote to memory of 2840	1940	iexplore.exe	31
PID 1940 wrote to memory of 2840	1940	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe2d299650b376e946ced28bb60d5f9b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0949a2a2f337c16d0ae7316cd6a51111

SHA1
e5466812bcf4c31f1c88de80d3f0a65a032d0812

SHA256
abd97b63e06c4f8fd098f8ca8729ab7569af543be3614181cbdbcfbada2cfa48

SHA512
fc463ef42b14fddade6da12408ff754c6dd9d73852135514490eada6955137f7c6d01d227e09293cb8dc14f705e0f44b9c77b8f756783baa0803a66d028eec89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bce89571f89250e4999a8d7dc1198de2

SHA1
f47f3622a3bb0dcc88c0e8d84e369c10acedb416

SHA256
7f0c7aa025bf78646b46ffa237d348544087ff516472bcfb42dbd97c86220d66

SHA512
6731c796679a26125d14906b74faf17bce01845534d70acf17b6498511812a5df1fe830b8f59e5d818fd63fa98a85a618232e2b170268bb2758c2bfcbf9cd958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da2710c398ffc933bea0e6dd3d90870d

SHA1
38d663de34bc2172729b2cc5484115dfd13157d1

SHA256
9d19d8137108b7653b630426eb3ce9db1c0ce649a335dcf8c834579c7f861aac

SHA512
ee817b3ad35f62d89de27ef245cf03a571e1b008f4024cb6fdcb621b4bfa080e96c03f25738a237aa3462196d1ce586b4b0d0ab57f53a5b8c82519ddc0106d15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42a1e91bf1b81e3d1f9e1132deea8d09

SHA1
f2b52a7accfcfa65c957d3d13a3b4e6da5a3d979

SHA256
b7ab69df01f1f1780a18920dee7b7adcd1d95da36c946acb4b554edb44bb84b3

SHA512
cf65590902f5f3fe43fdcf0ae9edc220d9c24ce1003cb22c7b649de43cfbb332260adc020f47c1f9d36c193451b979c987408bdecf9dcd8f9a115fb3ff8d9a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ac8880b7213a7aeab91cf7c42e3a03f

SHA1
cf29a0308fdf9dd7b0d57eccd1f6922dc61be08a

SHA256
7afce076a11fbc795d9a18ffeb1768289f8a66e70776d8c1281317fa7ca0d22c

SHA512
f969719a5722d86cf784a6a5475a12b7f91443fc2c69910d29beefa289c9d37018a6a6a10b030d2d215af3cbf1103c41925b81a55725ca92f9e4c099efbacfc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e93b69777743a26cbfda38aea30a38c

SHA1
e788db7e2ea787803b269d84b0d7c48046405030

SHA256
0b944d73f6d68e37fb8ab1e6db857f2fb6c5a0df412b1f29e5314cc4086655ec

SHA512
d982692796ab03f7abfb304879f250beb392d2fb6bdd0bf27bc5c3ae7ac006e191f8a82abdb931df1d5b5c8da3525195368aef35b5282e9cf8622794dd8386e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc61f50e40ac63609a62294c57225ce1

SHA1
730a7593a74255dfdd7173162e7bdf96267d6683

SHA256
46b2a85c5cf833eabcdf5bbf31b9284777e6a40e5b30ec012318454862f04075

SHA512
49dddf22fe72d6cfeacf5618755adf45e1b6d46cbea81873c45a758fa168985e6b6a1dc6027a57eacf64dcd21d6c622c2650ee01d884d0da960224a9f51bed41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa86dc5e7c70c537efc4463ddd6dce3d

SHA1
71b1a06327f38a15960200bb1b3447115261bcc9

SHA256
7a4746c8ea943f1af360289c246f47ed13ef8e2068682f159d45bc4efa0e19c3

SHA512
b2e523d8446e77250568133711969cfb6de3348d1f7d0b9d22e937f45ccd4bf01f6cbf3c36f1801858c832b6e78489460c5c482ced7f859f717212623b15ff69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4768c44b5b7b14b3a17a26d359dde1a

SHA1
b897f658cc0d54037a06b7b7c16eb0cd442e1784

SHA256
dc81813b071ac4e8fcd72696dd9510714219faf72817c185d4c4efa4e56a4f22

SHA512
da9ff1cec9b5c8eb5a7f529b9e158fb61a881fa84a397751711bcfc125705806a3fc59db1a8620374dac49da202740a57ddb46974bf01ef565c317e604408c30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2073b16b980dbe2dcb0f05dd09a446b

SHA1
1981492e214cc6c4514d32660b57e1ba9d2f263d

SHA256
e06ee1d2c59d2eeac4ceba77991ec8661e9098992c591cc15a1f29fc33462b8c

SHA512
31ba652db79e7b279460968f7059f2345f53bc152966f2032775eca854caa3339c6081d9cedd18dd5dc810e993660b341b95b65133e7f18c6ec150c33098cd05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3b123bf9e610ede367c251f98a797c6

SHA1
5941e079bdfcceee5f60ddc8793143437040d2ae

SHA256
a3dc8e9f49024efeb7ff51185aeee15084edb8606b4744e7e528d1899e8636ce

SHA512
c6a1bf685a56db89e9c421e1060d32f5f1c822eb539e9d8b8b301462f255bc3e6aaf9d46b631453e5da692adf41f4418c69502cf4d1240e6a58a77a6bf90ce13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec52dfe7d92c27dc023034d61ca56d79

SHA1
19d4660cda1ec8a04fa4a47779143cfa31c3d70b

SHA256
cda51e08f314afba37a0390ba5bd1200175eccd778bd06e3473fdf4bcf3e196e

SHA512
08ef9ff9e545d7b4b091f6e0a6a86f962a80ba6d6faae6412bff1dd4bdaed610dc9347668cc8099bb82f9dee7539309e2723164a350e8344afbc6938f24a2e92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a68e8fc94bfd9c42665c037f84458d9f

SHA1
44f162b7c22dda04e3515b967dd8d0034d77ebbe

SHA256
fc60e1b971967897ab04e6ea921afab10f1ad721be5844edc6aa6f1868f01317

SHA512
49ab08614444e0f0c6bddb4714812a9855f8bf090cade728b6b0a6448a6975ee926cef137cb302305de71b961c28c0e0f81d2d37714212b7e6e7e162903890f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ee2f4bd94fb7c0e0d13f7c1957b3eca

SHA1
da9802c3acc9c70ff7e08faed8e970f3b86755f8

SHA256
ad3b48ce2da0026de4e91603848c6c918881544ffe2e3386166fd26d7d0a2961

SHA512
9e03af2cc4e9d37c087c9bfc9b3aebd1fc235c13d817e6079fdf224eded39e4876b5992f8d8d919e23aec45673b0f542f77e4f0ae500d5e556f33ba85cebb3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
738543556958660e5aff23610ec6c856

SHA1
b3a464b2e033991e9c6bc89fd7141be20b0ca018

SHA256
131ca8f070f685c1d572643902ad853195b3450d3e1f72fe57a1d578830b6bee

SHA512
7b7f3863bf4dd348fccc3d011cf40ed2c676d61e28282b21713d3b982bb13e3000eb23eac824c39c05cd15736116b1cd29d5f4a77830b20fca114fdd3398e0fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d038e23d737d5c28c3d948a47d9e6a2

SHA1
b3a24d703cfdd24643b6c11c73a05f1608882f7c

SHA256
5e0fd9bcf3148ac202e8190a097881a7f44dc2b82949c750aa9e5b41bae88c2b

SHA512
019d4968e089676b412b8648b2b8a866e863b714cde108b6ae23ff3869695a3d0501c8fb1e009337be51b6036bb85c059f40d232e91bcfce12cf4bbc1a2e2fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4ea3d742019763f96260acfa2e32f80

SHA1
2cb04dfd14144a8205fd58959642d519eb9154e0

SHA256
11cc5bed69ca7510529661af816d136e78e1924024c83a207afe12cface4c261

SHA512
de8034fb38c6e30c7a1a28b44e2d080a1ac5f5751cdfa578666c305d056906cb92ef10bb8b8266e20bb8e4ec3958a90e3c4e031d6c1ad089efddfb083933791b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17B7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1876.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit