793b4381dffb3f0fecc60e64a95b5c6533ffcb52c31d962cbc1ebc3e996ce885

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13b8037b5e0249223c0af3d0b891b0b0_JaffaCakes118.html
Size

254B
MD5

13b8037b5e0249223c0af3d0b891b0b0
SHA1

9e1f4afa56345593b9c43c52ddcb84a4ba71608b
SHA256

793b4381dffb3f0fecc60e64a95b5c6533ffcb52c31d962cbc1ebc3e996ce885
SHA512

f6fe0b0aac843face48b8233bbab5fc1a34c3ff3460f53a3b8116b69b155e2de56c99989a4a1b51baccbd7044bbe60a7408bdc393c2cf9d514d770730351d0be

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{572688C1-825C-11EF-9C86-EA7747D117E6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000593e08a887dcc3e881f3d271ff50f388b2fcf69e4b801aea9b8fb0f520240c56000000000e8000000002000020000000e469904a2b237e67926f8b6407db49ea3dae3035a7b8a2bc883c315db784674f20000000f07a603a06dda5a7b37424c2b27c70bfe6e0f20f1addf43c39753073c4fab1ba400000006bb0810855273078058b141ce197614e4d8a0b6039768b1c64f67164471e1ec3b20f613d8d01cec13d84cbe4383d8740521b433070594bd753dcbd901b5825ae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000655f4d15e9ddecc3f37fa3cdc270543b03b8c04a4064f8a28d10d693cbea1744000000000e800000000200002000000013b36c1e79a90aa24f304328e3d21fa08c6f38e921b8abca3f6a47f260adfb4790000000342d851895b70744db86dad7f2aa10e8fa3ed575c1c0736111db5e03de0ed92332984c397b4ec78a71377eb5491d4d9244954e1d13437681034b3d399bb649de0dc7ce0ed9d40b290b54c3916ef684aac900d4e227218296aeb30b896ab437f1bf8f30ee7ab679200a118ca45413f47228ae9081bc17da22125cbd75e4893ee7354cec8013178a5408263212ba6cdc03400000000926ffc462d660d4505beb0c3b322584917ca6d9ecc2a687996c2bb68026bc9e5af736d5aa5ecea7920099b566e659f80e4c07cc70ca4f876d07b3c226353bcc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e9a12b6916db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434213725"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2436	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2436	iexplore.exe
2436	iexplore.exe
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2564	2436	iexplore.exe	30
PID 2436 wrote to memory of 2564	2436	iexplore.exe	30
PID 2436 wrote to memory of 2564	2436	iexplore.exe	30
PID 2436 wrote to memory of 2564	2436	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13b8037b5e0249223c0af3d0b891b0b0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6560cd8935e635e0d107f2df92df2eb2

SHA1
ca264e39b1ef8b308874b5cafa732ba07938fb76

SHA256
ea9e8291986c79daad06caac838c92cc3a537ca5d2987f9e961bbce5fa5d227b

SHA512
fe7d72a3dfcbdc3ee99ffa2597a616f05c08ae64da27e92197238e7b4c8fe73cb3b138cc109f53772dbb19e3fc79b465c64ef7c05c93f221f1d70a099e22fa86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52ec5814cd5432b696abfc9ccaf94971

SHA1
bbcf8ba7f6bc1617b3267247a95ad149e1c0904d

SHA256
d16daa0be6d6db6a90b892beb2341ee1c898b0db0c57f03929abf80f040ff193

SHA512
8d3444ebee37832112a2e494ea2f925cfb01fe9d7554eae773d621d553f7349fd892f072b125e18e56a85f358d2d737ea71c88328061c0cdf4634d5b1f6b101f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8cc2ab225c41026d49d3507b20241b3

SHA1
438c7aa3f7eff80b92f8de4cf3c2e88fc39878e6

SHA256
738c5e90cf16ba0aea0cabe7fa630686345d365dba2eed50848f700a8dce24b0

SHA512
e68aa216d64c358cfffd7e4e2ea9a5b6e2f01e4c417ba4091ed9d732543722293fbeb9f584578189c7d44b29ea6b59e47e81d0ea810edbd621e619fcaaa3364a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83ce4ea73b085fde7118dbec019e0be6

SHA1
f81a84d270f16dab447e8100198ff61f0302145c

SHA256
bf03566afbec67b970c982ac9f533ab0e4c043aa2d80c6196b8a71970adaf35f

SHA512
40d1e048e5f893f57c9d1e4f2818dd3c5bed05915feda07b286c4a24275b66cf84975c9eb514ada83a66e45ec09cb72fb6a64997fbc2f1fa5c0080c31b637246

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c762277ddbb7f0775b8e3dd70293aacc

SHA1
83f7e9fb88e8676727884d7afa398f5b3a0d19fb

SHA256
065ee5021e87b477a9a28f42cc8ae34798283cadd0b9826f6f475357ea16867f

SHA512
03c57bcb16c3838e26a5d883853c9c557ade17c26b14eed8d6d6a54a1d5e5230121b4008eb3a7ce8e6c4d2f6c99cca0106e4f06f5f1e6f8d796902b225d8d01a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18b9aa4170dbf9542fc72a40242de9e8

SHA1
df3e01fe821da0e710860e9c8989aa622444caed

SHA256
c60e4e7d1506a7d722095832ffa5a53cdd16ef2d3836134df932a200a224464f

SHA512
607f111ca7036ffd28b307169400d5f690cb1757e649158fb919af87c6440474d9790b148747ea4a3c5cbda1ad843812879a0321c126ce2013a300b943bea48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1eff747ec11ce7ef398a1ea108b979b

SHA1
e90ea4fafc51970c1bfb56f6d18ed10f7d092243

SHA256
d5e4362e6253f4167287fcccf21ab7341f89b5ec68854a8652a02c3dd232dbdb

SHA512
5a0b2b8b10ca6a9ceed1420e9444bb340f6de2090ac679339cf521bc101ad78a3b6c149dd67214f9f40c8a1b35b386ee9d2c9544bba1eeb84ce2f9996cfe5f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54c81494f118b15331abbab4f8564a28

SHA1
0844d4ddc464e5630dae8789f67519267323e4b8

SHA256
335114495605d6cc87ab80dd2833153acf2d42ff63f4598eb8ed543c2811d601

SHA512
e38182dbb0d652879caac94db7d9d9e4e9ae365098b5ebb10ba70ce87ff6b859b06dc49b437226783baca1680206e738f11acd0ca403a4e583e244972170bd8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42e00f8274e3250a9aea70afdf13b271

SHA1
4364ff3c929a85695201341588a1648eda185d08

SHA256
a120de35e04452e09a597d37da0fbe11bc74e5798a55a43fcd56cfff7af020a7

SHA512
f16bb70c186e4512cd5a028fa74e2cb4744e4acbe9832e80a408e5f231038319c3a5ef57440b442de5ed765b348a9a4d58405ca4423f1a248d2b7366302631a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1aa4543f017d77981fc3077d7a6a60aa

SHA1
37a49679993c15ef352dac61fa9b7da4dfc30d89

SHA256
47e07004fff7275943f96cd10615adf2498ed7d8aeb75edd840a06a23844a134

SHA512
2bc719764075fb9de1c0d6176ba1f7adc1dc8e626d34954081a30a824f8ea02aa435aa3488984c64dcd423de60d4801216a7dc0bd401b4806d648e8328f73028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de44ea960db28881922c7b7353740e3a

SHA1
c9d8484f4aff071e44f393826199bd7df770e507

SHA256
1610b23afc100d1140f1e986d013e19c158e46742f6bf264bcb1e3ebe6730f33

SHA512
f9b59fb6df1b52d4aa991cabc42c56ccbe89ead5d6997699ba7290077ce584459604d5698dbaef655ae486666f713186199d8ee03cc75ac9e4efa5481f1c64a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
669bd385e0c01a4d13463b3c38347045

SHA1
2617bdf7ccc04e4059729f585bf4db97a3057849

SHA256
b1db12fcd938a9a555349283bccd18362ade4b06516223713e1b3e53be5ec636

SHA512
936bb4192c88115b88bd230e8ef0e5d418131e22939652ebfe269baea82945aedd3d1105453a3eb4b79c4c21ffaa9854bfdfe94f69b649f56ca4462d25ad70ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92546e820b68bba1c12b1de49a6b1a0c

SHA1
b8f29c1b88e101e37cda13092b3f28c5b97d2908

SHA256
e25742458e03f311d84401a21f9229e04fdc2465cc79f6bbf3f393d90621f148

SHA512
ca98fd4ba0a513e24637bba921462d9810682b4372b66ec64ac5f03343e7bfe21802f9e0af26c0ead2bd8077fdf3f90a87f10335f2aaea8840e80ccde6e861fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09eebf3b3004b3b8bfb60483b6ddf8f7

SHA1
bd49ebce92ada8f21930d50b1b8ba1da3ec2a530

SHA256
0993a07891e79a655302692a6b7abc4f2d3a587863045d1954f5f25cf1680187

SHA512
badc80d4c356892b9b1ed64c8d7d40a3d73037aa0802ce608e5e835578daa238e542bc59c7a4aa80d9a78be9d85cdbf4dce2036bb1a4bc2d9577479629d765e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
577253fc418be82ff0cc991a25c80936

SHA1
b82e0a64acdb577225969d1401e9efb356572385

SHA256
7f3fc1e8ec08fb55d415420dd504a8d7828a20173b030ee8a803f46075267a04

SHA512
a082296d91b76fdd04d2e4a19cacf84c772907c4eb1498d2a96ed7574503d3c74585919453992862b559350d4037d0fa07c0ccc89f33c0f0cc3bc0014df9e5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88721bf0eda0e0f6068a078f4f44feb4

SHA1
f37e7882f9aaa2e0457a001e3c457a1b287b77f3

SHA256
beee1bf714f8c6fc2ba37a9156f0995ef58ebaf476fec59446479c7ca646d495

SHA512
9cd320e8115802098437719425de62fb9ec239d6d7edbaa6d81f214e70b2f119c1923e141ebb702e82471bd35438bd286012c18acd441a3197d060e3eef79dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b58e541dd30825f08eea574807d4c3ce

SHA1
4ae0eb5ceb4b1b324f5d37f472f3ebaa363a7f39

SHA256
7bdb21949893ca060159f2a0c428e3f61f1bf8c3979cdd20f51947038d3a1afc

SHA512
8e4ad579abe0599323d7060ed3caa4cf082e78afc27dba53ab92bef8f1d7c73fa18367851f91528e1e0ee2d154d057840e49e36945daec99f942d2095a9e430e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e67c47d0892f7a92caa487dfb8816ae6

SHA1
7b5c4b9ea8515d2063abb2618076df0e6d0b55f0

SHA256
f22d8f375ce639a85ae80f32f29769b3e5dd87d16df6f6d9312707a4f96faa20

SHA512
fdace99f39f6aa7a1ae21cb42a80d95151d4f4f34534441d98e45421765f5162beba8e02e7112553aff1322ba4c9f5736a67ddcdfc8902be1d70f756b200ea40

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBB18.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBBA7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit