b0408769108e5e8fe3fbf5303ddcbe71eab20df46f7bf3a67ca0e9108e82c815

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feef3eb127a32f73bf829e2b5fb448aa_JaffaCakes118.html
Size

725B
MD5

feef3eb127a32f73bf829e2b5fb448aa
SHA1

d9710b19f55ab820fca3f9e575318e27368624e5
SHA256

b0408769108e5e8fe3fbf5303ddcbe71eab20df46f7bf3a67ca0e9108e82c815
SHA512

aeaf7bd17de50b75b95621d4ba2248b24936d2d595ca768cef02e77fa918a9a02808837806efbcf0d95cdd104b60b730e3305deb9bfad4d864b00b1841badbaf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02fb0298e12db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000dae5c201734cdbbcfa534815b0fc8c76e721a84bb6912b9a67301cc1a3f36bd5000000000e8000000002000020000000094026eae48a06d5b26984bb672732393230d51621baf891e2ddcaf7046a310320000000a7542747d8290c17c1e64adc574f8b972bc99ee2a9dacd7a79644df662cc6aaa40000000f5b06c6de17c6feb0859e063847eb22246028dbf6a33fdfa04502093caf1836f45e972fb2aefc27f80767d202936d216684514ba9d9c76f03880863c2a729da6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{663E5A11-7E81-11EF-B8EC-E699F793024F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000701b5ce24aa770e5800458ffb8496c9bb93698135aa4e92987722ea7fbf0e2e5000000000e8000000002000020000000ba590539f7f01d59da642f7256fe45bdc188740edf74b844dbadfa01006af98290000000f9eb1d57d96e318d1b0cff0826ee8e732be3abb21c8b4a4e1e35924cc3d70b7de33e19570f53645e5a7cada18eb7f2b81b7367c50276f6e5c2e5e5868fdabbb4ee46bbaa96d8d3327110246540db3313952dcacbc4621783e8788fc7c50e6a6ae0ba25c6a9404bc523b14bef67d9311c7bc681d7a7965a62591e532fde05e788db75075b5003ba41ce0cf78fd200e00540000000bdf89b9f68d66e313ed98ed9e9c50d1247459af88b7f44b0f3a5ac7f74c5482e2fd4d8e39e671c7587b1dbe13ff3c8bf06ba98597e6a35819c1aadf076549d3a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433789838"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2628	iexplore.exe
2628	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2700	2628	iexplore.exe	30
PID 2628 wrote to memory of 2700	2628	iexplore.exe	30
PID 2628 wrote to memory of 2700	2628	iexplore.exe	30
PID 2628 wrote to memory of 2700	2628	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feef3eb127a32f73bf829e2b5fb448aa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
161c3f6bcaea8d9f44a72279c595572c

SHA1
881d25a7f9e47cc863921626ea2d4c264cf76461

SHA256
c60135080e8a68028cb1f35994f8ab8fad0b1f8e1dd274d2d46b3ceaadf02dac

SHA512
f0e2db926fabd73da3f2d0dd444bb6ffdcd03c6ef26093e59e542f18618b0164ecc4f13e6bfba7abbed607853120b03d70438a0cba5bc70c9f6aaeab326b8758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5ec6dacfb6e3166ddb9a5bf3748fa56

SHA1
6ca228458be75d12497c27eaf5c9ac63643779e1

SHA256
5c6d6a3754b624ee7344033524ef28951541b2b9ac19c2ff1c7746472d619680

SHA512
dde0988dc388d8979d654452272d6a482f45d31503a59900e7a6aca19ec7616d309e48c3bfd1b1f1b977e2556259da79dc97155e4cc1bab938fe93892331322d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08522ec9a7a8a59e35037084eb15fa16

SHA1
50d8f7f834f65d13d9cf16f69b0c7c9c090e4591

SHA256
b665eab92c532f937583501d4045f5bd0ecda5d60e920b5de2099ec5d27a51d2

SHA512
265187a2f033738a4667ad5b81f56261a207cd68a49bdfabcd5481dfd0f10d90a8ac564bb757b2d2637e83d2c3d0f0b8ef4657613099c46d5ae9390e36cbba41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d45c274410a3f881e911483ee77d45e

SHA1
1c6713b9ed06eca8892df62b4f9f3653ed27a628

SHA256
8ab1021b280bde113fac357412a2cae319fca3b5e7bab6f1708e1a7cf13137e8

SHA512
6045c2d31ff790ac9341627a8ffa64789c40fda1e0c957c659a724f33b0152a57ef3170ae0b334e1bace08155b794e646c69f574d842bf15c13d0bbb72c93d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c2d9908f1e62ae9d25398ed113bd3fa

SHA1
fdebfd0df24f871b824b26c46224d9bbe83eacff

SHA256
ff07c8bf0fb20b0b88e3499c1a759a3f9fefe68e49e467f12ae831a34524ba1d

SHA512
feaee80ec2244d7453fd7170c65042b258017792c780b172b4d8e9e258dcfca3ab9674b496d5d0317d6f9469809460b92c742ba905d79a841a91354d035fd2c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e36324b93cf10dee9dac1d4b8b1a9e35

SHA1
95340581d1d5a4e2c9f19aadfdc0594c65dabf3e

SHA256
ee1d0371bb04d5a74bf33326e3d55dd6689140cc8b2734b83698ce1d64ba4a48

SHA512
f3e34006dd866221618b6021649906e783756ee9d8f3e33cb5b3e33f97b745b955fc240e349902538a6dd841862533340ad9e0ad483cddde18e8a3440f43d4c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1191447ab1bab55d14237c2521aef8e3

SHA1
514a9f091112a1db5e989146e595e8be32c56ce8

SHA256
a6eda906c89c0241016680ac1975b52cf2f2df08c3f6160abb09b8e50ec689b5

SHA512
017f1f8e2128aabaf460e803def03ee20fb330019495c4775c91afa941b83a39248cb6904d6e437695dcaa97fbde15ff2479d145cd98853bf4cc3a85a52f2e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d204a84e1ea0820ffe4f280398c4026

SHA1
93a92ec1ea0f2b8364ecbde218c36c6ae2314259

SHA256
7792820c40d3b5596d6bbe69cfbe03e3c683ee2063772832e8c257d4bcf2231c

SHA512
6899de4607a03ab68d7f3d08e35a7d7300bd57b01e64fc139d807bb9faec44c3955463f1f81d329d7a9485c381dfff563aaf0f83a2120e1a846cdc32624607f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34c3579e7970bdcc447c6af994c8c1ed

SHA1
fc605ce9ad2fb6c3030e00383d7db681ae7475f9

SHA256
36a20255386466af722df7e4bcb8b5724044867dcf5a9ba1fe507b44c1f2fcb0

SHA512
391238153a4313f45718b040d7d76ebcd331b91c94755a1bffc8f293543276e472982706c4a6ac007607c15cb44f9cc8a5fec70a6d1c4b85be5231c24d75ede6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1db87606528f9a855d6a6fe6cb33747e

SHA1
78118c8d159fd9759dc6c791b3ea618020f7fbc7

SHA256
8f66b3abdbaa6080c42ee48258d24306468a03a3baf95d72ee1ec2be6a28e200

SHA512
3ab7d276d583a09947cfb071dc5cdfb8cb052193118e56bfe60dd928ebd6885a231765276a52ac7612987345be5eca127798d13bf01668680c3348fc298b7a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d25b17ba1497c5ea3544e2ee43bb3463

SHA1
54f879ef4f6d6da4b4e6d9814d86b0c778b19dac

SHA256
5e69767e61b55c55e5dc71ef292df4f07c351447d5d96e87618f1772f5c7fa99

SHA512
081b48dc41578cad1f91a551cc64b200e9b7bbed1a29f4737dc1416ebabe774ea77fb314a3c463d333f5fa8cc8f56fc9f16eff861dd85c87500f1579fb35b5cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
566eb2cd7914fc5e247a9d40bf7f0da3

SHA1
bbeef40e537d05ffe2b7572a2e6c955b0f6724c3

SHA256
ef4d09d724ed39a166802138b50888d89d041f24576472b2ad0919d37dfad110

SHA512
5f0cb576a700119de4a09538b8d5a0792928ee7d9233401e548df015f4770574915076e5b926b49bca066ef0a474ead509a9ddcc1456018565f332e7888bd978

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00d31750f0d8058ad998e1f8674abc75

SHA1
c410e5e2f7ff31f1a48e5344714549effdabb201

SHA256
963d6e72711ed4e3ed1db1c31518d2c83d0f47d503a2e9680e9f686119b9deec

SHA512
f80768f1395b976a65e05438586ac7cca7df0aba35796cdb6a7b9b684e1a848e8d7aa33ab73b74532d44dbc87846cf50d1f2ada6e1112db17d803fb6fd7c67e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40bd1677cb846209a2e49841377e1cd5

SHA1
849cec8db85dd2e1881b839af14883c3339cc98d

SHA256
67c811d209a35f15d738ee1a9925810e67fd9e9603730216e71064162caa0b34

SHA512
67384f85b76ac22747587f13c36ea09e328fe215d7e93dcf987caca44abf305e49d6262941aae5c4ab4749ebc9788f2b7a19c21ba6a5a23d7c3a64ec12a7201b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fa5a615399844bfabab9dabcb13c783

SHA1
c497c51baa29ee2d371c4eb5d580d242e93306f3

SHA256
6597bbe5a9cc27f1d8e4d672a40fe4805e9bd623703e6be2c67df4a402f5f0c9

SHA512
a58efdbcce1e82c1c5fab8346ae4ea31cd192019e654a5abf87897928a9552f6367a667bfa58408f1f79f85f471cf1ea2b1b54e1c482ac691fc0de7d20d0c8bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98e12b288ebf7287079df583faa86a05

SHA1
e455f4ce713eeefe771d9bfc5b9ba348f5110ded

SHA256
9380e950830f0b4a2dc08ca19cff992a640ec6edca9193302742f5737ae14fd2

SHA512
acd5bda09246cc807571d796b5f35927dfada9d54c09f7c46e33ce9a08881637a6fed61f2c32c7c4e38d4c30f91c4678c508693edbcf62e717cf6de2a1c2d526

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6694902c0e5d06c9162f35a9a47f2959

SHA1
5fe70338aa48a94a8e4756047f7d54daaff37489

SHA256
2e24f9719a632b7e79b3335fd89c2e1689999f06e4686ec5b1f18f64fb8a9917

SHA512
803bb8390cfc0ccc9adfbf4f86e21b54bc7a8548baba28fe49c026ec68678dedc4e8914cdd558c1311d3067bb7af9ca7f0ef0e83ad1f33f74d757ae9b11a3755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E3D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E8E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit