fa0950b5430eab197a8b8289515c85281e9e0c6a0be9904e238aa0f60d8713a6

Analysis

max time kernel
134s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f0a56478ec49be62a30c4f351ab2749_JaffaCakes118.html
Size

214KB
MD5

9f0a56478ec49be62a30c4f351ab2749
SHA1

8445cff587aeaab39e607943af735293b52ced63
SHA256

fa0950b5430eab197a8b8289515c85281e9e0c6a0be9904e238aa0f60d8713a6
SHA512

2ff9ceb21cd3379419ef57404b589ed46d0f1f4d86dd948442abe073bce97d3c1728d0f7398bc398667b926b6212bfc089a8793a31e3ad1b8e0acf831a2f4af9
SSDEEP

3072:S0rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJa:SMz9VxLY7iAVLTBQJla

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438746279"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{834A6B81-AB95-11EF-8632-EAF933E40231} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2728 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2728 iexplore.exe
2728 iexplore.exe
2400 IEXPLORE.EXE
2400 IEXPLORE.EXE
2400 IEXPLORE.EXE
2400 IEXPLORE.EXE

pid	process
2728	iexplore.exe

pid	process
2728	iexplore.exe
2728	iexplore.exe
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2728 wrote to memory of 2400	2728	iexplore.exe	IEXPLORE.EXE
PID 2728 wrote to memory of 2400	2728	iexplore.exe	IEXPLORE.EXE
PID 2728 wrote to memory of 2400	2728	iexplore.exe	IEXPLORE.EXE
PID 2728 wrote to memory of 2400	2728	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9f0a56478ec49be62a30c4f351ab2749_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec121e805016823caa76b25e10f044c3

SHA1
ffa79f4979784274ec56e92ebc2c389caa878d83

SHA256
5f5b9bc4dce42ea9b5b6ca90ff9d66ac8741a9f90aa4c9cd294c7bd57bd701ec

SHA512
66114dadcb637ef8017216a7b16fd42dcc52af7c7ae9ad6622bb02ab01caf379c87d6506f39d2d108004fb563b949384ea13db8beb0d4756f08fbd6a907f1382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a113c30dfc717ee5bd64504cdc5fbb1f

SHA1
fd940782b1b416b4f881ff808c057938cf9626f2

SHA256
4ac5eabd01acb264bc6baf7f38b4ec373b6463671375376e90f88e0cf676daab

SHA512
d3172660d0815ee2b9c11f87d52db424a7d3e72acedc0d9b133ae302b2cb1651700f35d952e042eecc1239bab86b32836e2d7bdb8f0400b61567eda7efd9fa85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
519affcbb54b98cb8bf56eb7b479bc21

SHA1
ca9c6e28814da8947736e5d177f9129d27c9c287

SHA256
a8442aabbace4a0797591f8b960f341a89dadae388e6287e29ba05ed72d78245

SHA512
291b2354dc6eb7d1f823ac678b435d5726b525673451a780f9f66bdaa3f6a1447a43a9203519f01afb335a61981c16717a78857d802b87fd9fbbd6ce168214a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf6b330d36fcbac98a1d3877fda43450

SHA1
11bafbbb8d47a06adc183c64f59b9b819dcccfc4

SHA256
6ca924cffe2fb1b5c6ed7bc142adaf0379e8b3bf2d4cd966fe368c87d34f5a7a

SHA512
ce2db4ce1c65e46b3898c1f0b2b5d3b7aa472e028aabc7e9f3e9c213731348bcebbda47473faf23dcb54410af55730397bf7b5e2886fa7b7397bcd65ed30e774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64e62a668c165ecf634beb2e3fb62b58

SHA1
28e5d45becf11946d819dcf86ec6eb245835d6b0

SHA256
4f241566f5a862e1862a9d08bed29ac6f60859912195c951f61e7a53b9c6bccc

SHA512
c1748ae404975067a9d7df443aada520f2a438c19c1ed1480de7d019140ab3a905fa2ce5f0668fd3897c5e6fb2e72b8748abf2f859c5320eac61ca44cd319fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fe9aa1d5e4eaeb774412ebf9cb332db

SHA1
7a48f9ec14ea2f84dcfa809a6275fcd2aea2bcea

SHA256
ba9ecda5ef5acfe24ca3e1663c11a34eb18488b17e5dc8289b450cf25bc28443

SHA512
240bdbf9be16a09b214dc5e66e54d40a8e0f8acf55b4f0e5250c88860ad7aa3c2a99f0fde03e11f8f2d0b2fbbc4a7845e28bbcb9b3a01cfc08a1efbd528fd617

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae6aeedd34a6ab8ff3120c314e662d96

SHA1
708354f588f3d2dc9b6b0ea4d596a281f299d4cb

SHA256
5ddd8438cbd4c74e9fc2198b37ead1d0f37115f4e8c207be8050799fd6a2ed49

SHA512
33704f137ff3f8c1838b2ae3c24f4f78986888d248d0af392babed45cac1eb111d1048f8cd404b03ad77974ed1c71ecee269c454c113ad10d2ad0d5464a81c28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
040f68ce18bdd52089e6bd1b999f615d

SHA1
a76b27f512f98bcd7a6ce6a0a394a5235265119a

SHA256
b83fe6316641a091d518ed4d981069d07e47ebe6f4da731a6441d23c61c28a8c

SHA512
cdb322008b0f73ec81fc2b637d44aa0ba69602f5b5f4ba04f2426b9c32359b9c2291f0e239e216a87433d1638f0137f6816294ace2ad4ffe316a8b741c95991d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e1355d6582aeb9ead58554ed3dd8d0c

SHA1
0957e542362af948b8c87fe131030bc79e63e5e8

SHA256
962da134daf8b09d40e85750cbcd0009870b280029da268fe7a0a2b055eb9e09

SHA512
7875678ed60a42da260badaebfeb7005bfc8b78028537b2959a12825ed134a4ff2b250fc16a5a880a98123e5a551d26c798efbdf4f7440e6aef62df2827ffb49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6e9d5e4aaedabd6cea64bdc9cc6c4fd

SHA1
7ae33d73be01e193aaf089952fdab1ff5389c8ae

SHA256
fe2cc51a5109dab7217a74adfb4ed5e138451195942be1bfc98762fa2e04024e

SHA512
8086bf728d9bd2d46cc07d11f51042077dc9a1ada798cb60a98e9ce933be625a1ba28a9b89e37f04ddd96031684283e51fda0ffaccec3046a380ff2f4dd23484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2c4d6874feddb255b66e7dba2e2003d

SHA1
27e43b5d6a4057922fd06fba5ca9f897aa0833c1

SHA256
216556cb2cb860c18721cfc55b4a42c32a4a4402df22830455c10e1d6088ffe9

SHA512
93b33d2408b35e187d6e6fdcd3273a6536abd6ea877bddb4fe41758b6a9bdf4a5fb4440ae052b3530762b3572730b4fa93b3d923106d81718b84a8fc65263a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67006b5070a8dbb4de9969403d5213a0

SHA1
348ed9588b23828eb0409c549f617e9e1104c740

SHA256
3da7e5f51a1ee1fb1eaa062bbb3bd8dd7d49e23eb00da7b41546edc3c2947115

SHA512
69fadd7572b6c4fb179ad4dfd54df58e2db8dca4d78af5590ed99595752011a927d681e543a22ab64c9b6edd6fce9de555e9d5d7511b5f5a842b53fc3be13a9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95743a1889fdc85f69c70a4506708edb

SHA1
2abfa700ab89b984ca08c0d79ffd5f2b32ba29db

SHA256
3ba6fdaed7d4b17fe7d857bab22ab625b6a1c7edb6b42ce0fdfc79c17838f374

SHA512
c9591e7f5e0ad1401d14c45525578a95034ee40febdb2f43bb2520c77a64800d76fbabb3414eba572b6b41bea31fe599440d30df903c8d9b280bb2aed07d147a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57ae8a1cc2f5b9756bb23e9557668ef4

SHA1
5e3c33ea6815daa5e0e70097069bc1c3dbd38b00

SHA256
9fd4fe3c061a147a673088678d25ec5df16f86b9dff6841eefc339700cc8f9db

SHA512
df497f8e9f49b5dc120d257578ffaa532ffc191dee68b606c6597086ddfb7b5323b03c1f0eb7c022b6fce3323415f284ddcbf9a44bb0a5c57c138fa8407a9652

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fed06adf48b8afeddc43852c0bb36da1

SHA1
15cd417e1b9bf4d04781ed9075fbeeddb963de2a

SHA256
1b58a6d75dab9176070eea08edff9831517297df56d3ca6d13a11f84244d63f6

SHA512
038aa4c14c7574dd57fa00c82b618985c05d951b0a773cd289c303d7ebd4b172eef5499190f67503708928e33272a0aec98afbbf163d90a19be7de7b85d4b850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04a8cd1b6c593a77d47c27e06e620579

SHA1
98fd81ab7f9472c4375ce5279607796adaa845e5

SHA256
ca41c396379577b59215a444afe26ba182960d88d70e3a50ca3add8cf5663f4e

SHA512
db756ea4d5895785da419784628ce9221bcc3c2b6425b4ecc1119f1c8bc272199fdc9e11737330de3ae6d0ef415fa92353054d7c38cef36f5c1a37ab425414c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95a6ae230a8d7e875f2824ab797be2a3

SHA1
a6296d47f6dd9a29a42c3d57317f98e01c02967e

SHA256
ba6a4c3ec6981ea1c09f9439fe683aa18cd15fb99b45834396381bd8970ce5a2

SHA512
054300fada64c705ac723067a80877114192ce2347203fbeca45f5156468a24a9a330726b09cdb69b3f43d6260f685d328ed952be5b0814bb2ee74acd672f4e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67bf8b720c3309013a0909356d52cb72

SHA1
85c209d5e37b4c3ffd834633f8278826f3e9fca1

SHA256
e31437af278504286d824fcdab94f2d5ed560d2ef94be27e6536052299092b84

SHA512
31caacd15369d69aa954fca864f07d19184d106cf0bad01b038c758f36df282a0c27bc8e60d286133edf1eb3168ad29f16a53d3c9d608235089ef94d202bce0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5657648a6d08d65122d9528ccaa38352

SHA1
c627ea8a49e30e350fc8a19bca1d2bc5b5f3478f

SHA256
73222b12572a83407e4848fbc71d0be42d61e530098bd54592089e089e039424

SHA512
d804bb08abcf7af8318543292e2511f01e2d79a72d950470350a2b99fdf9c55fda6bc0dfb77139f2231fcab1251c6817ddfc714bd7a535e4747b1988ccd387c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab61FF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar62CE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit