75446e5f273c38a4d7171477e9c4b251e04419b866e5162770146150ffd62208

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42732da01c9511d242cac44bd50f5e5d_JaffaCakes118.html
Size

11KB
MD5

42732da01c9511d242cac44bd50f5e5d
SHA1

51a38e2b95fa5b7810c448b185ce32a0d3f920fe
SHA256

75446e5f273c38a4d7171477e9c4b251e04419b866e5162770146150ffd62208
SHA512

64d817c4ab1c89376de04e3e9c37c9cfb6b9a440186e4c3a01748092c7afc9084a0ed3080ea1c7bc71f6f24ab3df0fdbaa13e85625868126506b6adf31da0038
SSDEEP

192:2VolIsr03st8k/w1wvqy1BLmnK/xKWN018LOXuBuLbdU8d:solIcusP/gc1BLmnK/xKWN08LOXguLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b084b4b5381edb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435072460"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000d2b05b133d44601a24b4e995f410422aed0eb9922c90f70230fe448e3b89f3b5000000000e8000000002000020000000a9090c96f2324b966affb88d96d72cc3b22afb8431f91769362d09a061051198200000001dbda58a91880f6a73468eaf9d1d0bb33ced2022997ea9bd82c608b2d3e091f44000000027bece01169d71b0ace939a54dc201e7eb606ed00418f1e087cd1885642a6485ed597d2c4f6580fbc67904a26a4704cdf4acd4bcab51dc5fdb31a4ebcba3a890	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000000a00b9a5f31d3fb7503bfa4a21f70ebead22695c64cd967410371815ebab1aac000000000e8000000002000020000000e4d7ff2710388d9099b949c8e93904b24380bbe1527f850a32678b34eef123cd90000000d597cbeeab90cb355957c3cef1dab02485fa2f9755d0280631d3eec3bb22f2a212ad81f333c77dad94ce2ab82f42c0d3ce04417c7510afc0f972f5ec1ca09354c09d54f07e44a34d79338336fe87930213ab1f48eff491ee9e48f0d5378944b46b7650ee9b5f631e36f5db34cef973a7fa9092029d3bba5ff5c9a130c0e3d268bb8029814a8f3f982c849dcc695c3699400000004c9854fa4f0db788bd4d13bbdbda5cb23d02caf304465df579ddec89a3a56a68d59230ff3412bb880ee0e76fe08e6f622403367af66c59566c1e7367974f02d4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD235191-8A2B-11EF-A27C-4A174794FC88} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1800	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1800	iexplore.exe
1800	iexplore.exe
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 2544	1800	iexplore.exe	30
PID 1800 wrote to memory of 2544	1800	iexplore.exe	30
PID 1800 wrote to memory of 2544	1800	iexplore.exe	30
PID 1800 wrote to memory of 2544	1800	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\42732da01c9511d242cac44bd50f5e5d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1800 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68f1a5a7f0e882fd038f14f3a5e551c0

SHA1
838720b8d82431883610cda47e44e5ff6254d260

SHA256
8c27f1d8671d61d35bc47a9f1b48008b525671742a695dc14d8a6a2cd43a1984

SHA512
4cfbc53a21ce4bdf34079cfcf1e1f44e25f74cc2ad8a5ea9f8ae691f44746dcec25a1025c9873be32064f557f510b1f7361062d2fd8422ec1cfe63455e24eb19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0380da8c8d82874fe74b97cb85b28ee7

SHA1
8a96fc39f965ff2b97fcbf87f253d956bbd5c618

SHA256
db65ac710a9b1a612028076a819885355cf6bdad9ec35fdd0994ba2e2ac7ddd5

SHA512
6f5ac4ca6f90aab13d859ceed173672fc6635d4f4ec7c312d5e5f7f3e9cdedf34a286377640797cef2297923124c3bff24418d6678408b1feb9f94fa4f4119d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eabbe473c4c396fed66438c5ffa6931b

SHA1
4e775fd5a832f7e725c8bd5b9898a28845a6d270

SHA256
b76d747b25b6660b3228a9dd00502e749df26a3948c63c1810ddd28d53024c01

SHA512
6a295bef6ad07851a2708a8c99e8377b066bd800e9b475b194bd13b0a42753c7bdcfe6860dc9b23de39859221d4c6b7ece0c4c9a604322b3bc9906b06a132615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75a99c0fb7fa127d04e8bfb7c5f13918

SHA1
bbcb95a4eb1610730017cbdd5784eb2f7de623ff

SHA256
e0e2abd82724c7f1085cae519462663bbff5ba813fd530278c0ee5e066dc564f

SHA512
6208df543b6f6a36708c9b5cf23a29f7251cc6c7513adff57044e7f39fc7cfac3ba9d11dc1f833b28f0767707762640ceb09128c78ca6b918a9966e983a4089c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f328fb45998e46958a6c08fefdd25405

SHA1
d050732c2e6fda054b064448a3a09dd6868e8f7a

SHA256
f6d6993a7a0cb1544fff2708db889d892758518e539eb7bbfcf8ee39fa26ebed

SHA512
47ca662d6ba880a417651fc254eaa5f8b88978ecab04b6c3fd5fdbfa43e10bcbfa4333810f270bbba2ac4de7ffbac1ef04683a16bc17533981d94c3d8583aeb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e380c97270a8cce5c8e3f59f5a619b1

SHA1
b71a167d260fe8909a41f6c844781c2df67eabea

SHA256
920dabada344ce0e17c6b86907ea11d1d45d72fc62ef060ecb4c61f1ebf0bdc6

SHA512
452952e8c605e8f2198be321b58f99311280de03a63562e6ea2653aa5543879b3173615a3a59c4de3236fa41fda4016cdc8f0b9afa0cdcfba89a00bccaf59233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa9bbea26a8e929abaad9ed27f3a99b1

SHA1
b3806afd562f015b7c5c09e09b8cbc5cbf929d58

SHA256
7a4caca332ad1e3988c89248c1cb41414e470496d92233cc86ef95d5db2482b7

SHA512
5f6c378bf6a8802929ef308edf93be6bfc445caa3bd2fd40719571f84e197d74ca102d2240339b6613a2214dada036c0baea3df5c7cffd884e179c7fce13449e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28aa0b99a3a0b6b9846944329d941bca

SHA1
2ede8e8cde226deb7edf552b11bcae276cf0ac62

SHA256
4e89094a8212f1ef79297ab001d3655f3805856a9234659e00e9fdbbb78482e1

SHA512
1d41638e30ade2d97738cb368c75093e59adb8a433d83e792e19a053380bb2fc63adf57976c312dfe4801d23be26721d562567be5353939949f5df7c8e4a88dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
690736e5afccbd1189c2d9dae3768ed6

SHA1
d4829b4672c5e55fa2d482bd8584e8489ea15b38

SHA256
0a128c07ba61f3dc9af88d5005a8fc461bf80a99ae275e228e29d7a9bd5e8c8a

SHA512
306339ceb9eb0407da0b11d88e0cdd2b54e2c7b959573bfdd476dcd6182bea64df599251607c086a0a47d67ef50794933aa43a3263b796955dcaf4a22229ff9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0408394755baab0e247d51e011178ee4

SHA1
7b758a2b1d7d5f7dbcb73e74b9dae14e25703819

SHA256
f40b0a9f094e54adbbf71df158eb4b0db4271583c483803749911e24dee5074b

SHA512
807652d1d1ba0fa1eb2966bfda5ed4cf9f5ede585a9884e53527eebcfa7662ba52f8bd3d570ae5ac4b4ae74b5b35a3357e5d1ebf17ff713889af564888085ce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d878db0924f5bcf39be907915d64646b

SHA1
5ed9086f51c20bcab2639091de88fea0344f0ce0

SHA256
220d96a81ab6ef831bd1be3d207c51e59bd78e4fd5e73fb28957b0761b9ad532

SHA512
74076a763e0638fc7c4a66ad2c7d25778fdad7d8efe03bb36941ccc435e522e8cd735635e4bd64aaa2f7106c242c49b28c12808ef71cc4b6aac9309de3b66580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70cfb61227ea878c1fd0b2e80eab2807

SHA1
719b58e9f761b6aada0aeb6ef3d21adead74904a

SHA256
5f8e9c1abbeda61deec8ded6a81499abd6762bf92b626d018fddb52a401c6044

SHA512
7d17336f0d5c13a5e9b4fc3a1113178cab0449dc919ede72094e4af11a3accc813a9daa431fdee72359dba49c9ef5c72588675680220718951c24b517eadc463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dfc802b27e55b6131841d60dba23824

SHA1
bd6ad849c3a2aff2af763ec13e1d4f41d145677c

SHA256
58979bb4829212f5eaffaab00f3b7e24518f3eefa629b3c9830c0b0b405b784c

SHA512
d8bc66de8a7171b112cff8b0a114ed510aef0eade9bcf08f80a32f51c7fcab7f57f678ea0f0570f3f6fabd0fcfb0ae0a959585151cf34ff679b8275d46f359eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8028dc0c2f6740db93592f9037394f59

SHA1
1dad6a396f02aab001161f6a1fb0175ff4475225

SHA256
42de0fc587984abb06e499c907db11ae052a8bc924f028f56ae9acac6dafd596

SHA512
54a2e88bbb1d31f1fe2990254678745915640eca5c6b519ca1698891cbad20a3a486de10bb69c01f4941a6e22300c6d798135a904a387eba8bb2e5c0128d6b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef6187df541ef2dba99b3ab93fcd0e56

SHA1
a0e1a75fcb5c5e5b7b5ff90805517b6c4714956e

SHA256
03f50077a315fc3e2e5803a86ec080aebfc578d39e1a66eab9e313206fd5b847

SHA512
4693d0f3a17e7ada5bf2008181f685a98ce76be7803f029bf7356fe3c59f78863a313c8275c06a8741447695ee694f0f4a58338ac3403861f6442eac39acfd07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f34e09e1e4428add88885e2f65fdd80

SHA1
377eec5e44f902b476aef1f128ac77ae8f61af50

SHA256
7e0c3e45a93bb957e14e38fd07f969a406566659481fa5bf653f7e90e70e7b53

SHA512
d4fc0e1cd0f094d3b7f4c54677d4976f5b3fbd6f040de7970ab31ec126310f8388daf012c9f7e801de7b2abfe89c43669c4fbb55cd50832341a54595267676f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0578c338741096ed0868d412bbd312f

SHA1
620c4be5c7773d59ad3f297a62e4fdb83af7df06

SHA256
80df88710aec8fdf81e6d1c5467d974600834196ff44a4ddf0645862efcd4898

SHA512
fda886befc2f671ab1b6e3ea6bc2094359ead1283381aeefa92b7e67805154e46b0dc441fe1ea0bdd4d29888df51a912ff1397705f17aa611f567208257e69ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAED5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAF38.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit