Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://temp.sh/JYdC...

windows10-2004-x64

10

https://temp.sh/JYdC...

windows11-21h2-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    130s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-03-2024 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://temp.sh/JYdCE/data.zip

Score
10/10
darkgatekaitoshiba123stealer

Malware Config

Extracted

Family

darkgate

Botnet

kaitoshiba123

C2

45.63.52.184

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    8094

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    EhuJByqk

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    kaitoshiba123

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://temp.sh/JYdCE/data.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:344
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc9d03cb8,0x7ffbc9d03cc8,0x7ffbc9d03cd8
      2⤵
        PID:2964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:3648
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3768
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
          2⤵
            PID:1336
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:4728
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:3268
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5032
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                2⤵
                  PID:4912
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                  2⤵
                    PID:2216
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                    2⤵
                      PID:72
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                      2⤵
                        PID:460
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                        2⤵
                          PID:4264
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
                          2⤵
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3924
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10754279212861649484,12156278448928501264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6056 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4432
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4432
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2000
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:4676
                            • C:\Users\Admin\Desktop\data\abc.exe
                              "C:\Users\Admin\Desktop\data\abc.exe"
                              1⤵
                                PID:3816
                                • \??\c:\st\Autoit3.exe
                                  "c:\st\Autoit3.exe" c:\st\script.a3x
                                  2⤵
                                  • Executes dropped EXE
                                  • Checks processor information in registry
                                  PID:4196
                              • C:\Users\Admin\Desktop\data\abc.exe
                                "C:\Users\Admin\Desktop\data\abc.exe"
                                1⤵
                                  PID:4396
                                  • \??\c:\st\Autoit3.exe
                                    "c:\st\Autoit3.exe" c:\st\script.a3x
                                    2⤵
                                    • Executes dropped EXE
                                    • Checks processor information in registry
                                    PID:4652

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  d459a8c16562fb3f4b1d7cadaca620aa

                                  SHA1

                                  7810bf83e8c362e0c69298e8c16964ed48a90d3a

                                  SHA256

                                  fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

                                  SHA512

                                  35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  656bb397c72d15efa159441f116440a6

                                  SHA1

                                  5b57747d6fdd99160af6d3e580114dbbd351921f

                                  SHA256

                                  770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

                                  SHA512

                                  5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  3d81db7c38cf02b56e897aa417756d9e

                                  SHA1

                                  9604e485271eb64f3d8de287c443e324c0fc4208

                                  SHA256

                                  b30078dec5131ceae6b69e44e45f49035e28b78cb9778422135783e3ce61f759

                                  SHA512

                                  58f5cf1442e8cce4af3142ebdb59e988f96e87e28f3e4bd430c12c4fa4f81f3c456efe12a5896aa54da6ef868a3a5e86dc1970e6324eb91af1f3ed9f69f44caf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  e6432e3723f1e9ffa2504a69b7639fec

                                  SHA1

                                  09f39e3896f61910ee529484c1a339a054b8db3c

                                  SHA256

                                  5630308825ff971bf52e2635e32eb58ab9b428dc30f6560c495b03fac8c2952c

                                  SHA512

                                  28332bd0e899cde3ab23f155fd478c0c5e9b8c6d2c3b7df01128eb04b615935e8c154aa86f984386bb2bf65850e571e6f430928ef21f147f992a05667b8e2cf7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  775ec2f172f621a2e7c15d96640e1c8b

                                  SHA1

                                  7238be35394bbd1e09cb45702180f64b5bc585e0

                                  SHA256

                                  a549d76810a9892a14a1fffce3dd5db280bb96a4452fe9a5e216a0f58da39096

                                  SHA512

                                  db8e4c98a66e62cf587175ad0a02f330d0ea34c9bffcf74b9df9c9ebeff6ec350372994faae3a04d2fbcede1a8162108beadd915d4283c13798b3b2f8954fdd6

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  c623395eda4583c68385efa3becc934b

                                  SHA1

                                  0cb8a4d907f799a291ca559daff21af4eb91e03d

                                  SHA256

                                  007cf6019d035a9b3540414ea889d48dd2a86f76a90acf1361463da07ac1be06

                                  SHA512

                                  8d2ef3e520b4080800c2bbde24e9fcf807d2e30b5079dd237252e90b4239591c64c29ceedb30394d88fc12feead8a10d1a7a99979f47ff62a4b369afd4926a0e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  6dd90f69a896df2f740462b6bec0c51b

                                  SHA1

                                  36bbc8c6d24489760956cf35a7d0c95832c59f29

                                  SHA256

                                  cf7709c8c1f6efe438b15912c566f712722c9e3ea7b553bffc648c9fa44789f2

                                  SHA512

                                  4754e8fee574f9c1db13ca5a4c633c9429d925510acf54ad9caf3f7ce9a9d75d84d8324a03276bfbe0dc848319194afdce33645afa44726b5d0419659e45696a

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\dfcbfhD
                                  Filesize

                                  32B

                                  MD5

                                  34ee4a976df95f6da4e5f4716d517f2e

                                  SHA1

                                  5eefdd9cbb724e42616d58c714d04ae014eddf0d

                                  SHA256

                                  64473ec7cc59e52cc6460f4b5b85f54ee0782d6767c1a92c0ed95c9df5352675

                                  SHA512

                                  7415e96659b9a557ad104ad81f131bf203de63438123b7d09c534c860a157558adb2b4f2475ae138a84c660cabe50900e10221b250b1fb9e3eda35a9d7540e7b

                                  Download Submit

                                • C:\Users\Admin\Downloads\data.zip
                                  Filesize

                                  1.4MB

                                  MD5

                                  f12f73f6680af8008ead5f36bf0bb603

                                  SHA1

                                  a2baed066b275e827604cc537dc141237c3cd4a1

                                  SHA256

                                  5b3382faf060e55b994fb6fb9adc023b75ead723e0213c64fabd22a65f59e88c

                                  SHA512

                                  e56ac0c33e5e9f25a53b1df948b429a76b76a17a9209aa1e8e4f020f8eeed1214374217964c3e4dd84183362de07059762702f79256422e0e2ec5b139012b6c5

                                  Download Submit

                                • C:\Users\Admin\Downloads\data.zip:Zone.Identifier
                                  Filesize

                                  70B

                                  MD5

                                  55c1f8990d703a87a348cf9ac8a78ca3

                                  SHA1

                                  4ef311e596077f27b576432c212489bba89e9ce0

                                  SHA256

                                  ea62e994785c41051c83b80020c72b7dc2a7bcdd725fac58e0b28f6a712a7c04

                                  SHA512

                                  7771a300ae71432855d468071f796358a883acbdf1a588dc386b0f70d589d77524c10ca4002e804d4cc3c1b11f3dbed6805e98e24d4310c3f53d4046152888f9

                                  Download Submit

                                • \??\c:\st\Autoit3.exe
                                  Filesize

                                  872KB

                                  MD5

                                  c56b5f0201a3b3de53e561fe76912bfd

                                  SHA1

                                  2a4062e10a5de813f5688221dbeb3f3ff33eb417

                                  SHA256

                                  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

                                  SHA512

                                  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

                                  Download Submit

                                • \??\c:\st\script.a3x
                                  Filesize

                                  497KB

                                  MD5

                                  c0c95d1fdb4869d5dcdebf71f1020f70

                                  SHA1

                                  53185cef67cbdfc5f691aeeba5cdf2dba27b359a

                                  SHA256

                                  025bd7399df23c0c8c4335b74a77eac8f0ec79ab0860279f73f78a4e6393cff1

                                  SHA512

                                  90dc03c63e139ed6398bc5676d3cf8b56c72d23497ea841b68cd8e4c953e7085f1754f6414bec603ced4679432ea1a7c412881e5cce45e3df1afc7590235df6f

                                  Download Submit

                                • \??\c:\st\test.txt
                                  Filesize

                                  76B

                                  MD5

                                  0ba726a9e4dc56556d86a1f7b2e7be74

                                  SHA1

                                  60e8031fc78884c5e593f645656544fade59435c

                                  SHA256

                                  79a979299ea480989fe7cfefe64da2f99e527418bdc6db7f109fd132e3183ac2

                                  SHA512

                                  cdb206f9d8fac3d1533760a79129fd562d580e9b300117663e0fb877f31dfdc7121a5c051fd2af6380a04cd5bac370f9b6bb1c55bdfd25dadda7d6ec386f2d3c

                                  Download Submit

                                • memory/3816-84-0x0000000002870000-0x00000000029D7000-memory.dmp

                                  Filesize

                                  1.4MB

                                  Download

                                • memory/3816-119-0x0000000002870000-0x00000000029D7000-memory.dmp

                                  Filesize

                                  1.4MB

                                  Download

                                • memory/4196-94-0x0000000005BA0000-0x0000000005F2A000-memory.dmp

                                  Filesize

                                  3.5MB

                                  Download

                                • memory/4196-95-0x0000000005BA0000-0x0000000005F2A000-memory.dmp

                                  Filesize

                                  3.5MB

                                  Download

                                • memory/4196-93-0x0000000004680000-0x0000000005650000-memory.dmp

                                  Filesize

                                  15.8MB

                                  Download

                                • memory/4396-97-0x0000000002500000-0x0000000002667000-memory.dmp

                                  Filesize

                                  1.4MB

                                  Download

                                • memory/4396-126-0x0000000002500000-0x0000000002667000-memory.dmp

                                  Filesize

                                  1.4MB

                                  Download

                                • memory/4652-106-0x0000000004C10000-0x0000000005BE0000-memory.dmp

                                  Filesize

                                  15.8MB

                                  Download

                                • memory/4652-107-0x0000000006120000-0x00000000064AA000-memory.dmp

                                  Filesize

                                  3.5MB

                                  Download

                                • memory/4652-109-0x0000000006120000-0x00000000064AA000-memory.dmp

                                  Filesize

                                  3.5MB

                                  Download