e93f1d42451cabcf1fa6ba2b2354ca21dac0ade4068aa1e124551cdb8ef2630a

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d8c85d6f9ae3b1eb481243029245a9_JaffaCakes118.html
Size

94KB
MD5

65d8c85d6f9ae3b1eb481243029245a9
SHA1

26e4dcbb69dae0b43d0d4cbff33f3194609e9788
SHA256

e93f1d42451cabcf1fa6ba2b2354ca21dac0ade4068aa1e124551cdb8ef2630a
SHA512

45338e908585ea1c1f2dbf6860e2d9dc8aa91bdfc830dc8b66bc971a051aa85b0c84b08ddd017ed94083f2f007766c4dc2e5ab648f4246dc1a58109d7305bb0d
SSDEEP

1536:JJo63hAGXAG6o0Bat6Jw/WlNOVjA3mEPlqKbFS:v3RAIQo0W6JwC4VjA3DbFS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422510217"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB9E04F1-17EA-11EF-A6AA-4E798A8644E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1756 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1756 iexplore.exe
1756 iexplore.exe
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE

pid	process
1756	iexplore.exe

pid	process
1756	iexplore.exe
1756	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1756 wrote to memory of 2856	1756	iexplore.exe	IEXPLORE.EXE
PID 1756 wrote to memory of 2856	1756	iexplore.exe	IEXPLORE.EXE
PID 1756 wrote to memory of 2856	1756	iexplore.exe	IEXPLORE.EXE
PID 1756 wrote to memory of 2856	1756	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d8c85d6f9ae3b1eb481243029245a9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb35bd9d6c5a4fd50a9263018bbd9784

SHA1
efec24f93d2af7bd01969c36870ebc928fa6c790

SHA256
be648ee93df285417e494e28c01e3ab8f3d043845f4d3b397dfd137d187ed612

SHA512
ac26182fb167458da4b465b118720470859e8028db8d3d71ddbe0c5be0e46b9178c5f7ccb8b1252c38754e27da1af546f8d2f6e32e1bfcbeac0d510aa831bf11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

Filesize
472B

MD5
572ce74ba9e3f6ebb167fa9963207f6e

SHA1
278aa8ba3ec53d91fec84d2529ca4248007d5b30

SHA256
17520108d1756f8ae26f0f66aa0b175d9f29e93339c4fdb67d2687906e3e917d

SHA512
fb8420b98a725c41301795fcab199e6bd8fe66bccae39b3d1c296058d4be49b6eb2dc5a48aa4f0ce62424c13cb16e0672af381f3834f35b25de6a88010e7a9d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
16c0b7beefa6196b44def2297747e0af

SHA1
3fe8dd79ed6b197f4665626fde1bbf0c10212aa0

SHA256
e3f537ee840b91097c440340287d4a9916b2bb867a8328de7ae4d3048d373278

SHA512
a6fceef6de566ac7736063fea773539d82a91e5bc33b52eef23d17a937a9968cedc552583eace6ab565d5a637be4200ed189f4215bbf1ed7b69162f9ee1a8e6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b1d0fd2c3096edc178370406d3c700e5

SHA1
d45fd87b6c5ba2c3c46ab077559dd11a67292952

SHA256
27bc3769f4df5dc42f675e395769cbcb3c1a726f34f84ccd6e0c568ab6bb5079

SHA512
59f13cbc460605d3ccb647214dfd678a56b36c6fe37a20ac6ea90e06aeb1663cb0a973797aae1af733c5e01d109de785ceadd6e68554a475ccd8008973d78dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
51caf760d108ad3aa488ee6b5713261a

SHA1
855f93888c280e22f83d362ddd2f80e055170ef1

SHA256
2e4b04b8511262cb99fae8718629107f068ae06cb31e51bb7f0cb4e745a3467b

SHA512
5b10162d5fb7351f6357bdccf326f0a6b639e97c6aa9585dd2d5102966fb8e913f59a39d2c3796e1e7c281c15aade91453f5c17ea05fd9509939af7d65afc0b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f389a1b5ff03c5ec52d26e85a41e6bd

SHA1
e04894ed686a434aceedcd54c65a20e666827259

SHA256
72c3c0797a5a1d785b05c289a8271191dcc6a9c89af43e8ee651a21dd67edb0f

SHA512
508956881d76e2c2c5f06a2ca6b655104fb9d7ccd1b976d66ab20416a0f13a26b96ecbdad7657bdab2f4676dfa3234ed3cdc7d1edc098ab1d1f7ac5de404fca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f84f89407af79017636dd12e6d0fb37

SHA1
01cafb7a625589622006463a4df7c80413100ca0

SHA256
d65b698d3ffe8a85fb4e68c5b967a8baddd2f1444d643a29750265190c82cb67

SHA512
67d8ae34a24ec6055d9a6f69649a5a4fcdcd00bd6f02a1cc72b1ed5246e818e59d0c845007e608a6ea49481818d434ef23cc0962ea92d7b99201db8f04b6e032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d143a6cf6786afde71f63eec7c3a5b43

SHA1
46a312864ac60a9a5cf616cc864ab12e257014a9

SHA256
e3e237f4f1a61cfafed8e48803117607b194c1dc74a421a28ac0ac386a09af5f

SHA512
fc067a9f933fa289fdbd3a1234d12172ff2480ebebbae4c59c18a613475d1533837dd4697fb6de745bbd24a67e4e300d5ab2969228c9dbb3ec4aa5e969c3a5a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aad7734b5943835d5650fb7968f418ec

SHA1
1944515abc732b26280625e889f9ac492f3034cd

SHA256
4811bbbb84bce0e0e654963c3a62327c66532c631753d7f0033b5573e916612c

SHA512
03ef661c49b342902022266795e902f34299ef3aab13df558ee3f7d6c644e50b7dda4996e76857b327c67d183b1846aec9e8677a5840a6cdd1190dad56b83419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56fc3eea318ef0ff2d274141956c6253

SHA1
786373bfc602694b30eab26064b81265259c4000

SHA256
6605832d1711e4ef7cda0554609afad14ee9e3e0a71a17043e87b2dcccd03942

SHA512
bfccdf82a50b9dc8a933faa0e0d90461d292cb12208a6bc42488588a69e3116cbdb6eab4786e1fba05a73eb879b6358561c487a5b9d3dfcde0b4bf995903b531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a953ea0de83588cbbd743636f54f111

SHA1
252143043c40c51b889d70dfd581158d9e70d1ed

SHA256
e4b05ab3e6253aab2177ada6648627a06189064a00542d241d5e8a33446d7dcf

SHA512
ddc8056cf8f14865a65342994b16efacc6fe6ccead94faf074fa1d5ff1f7f9f566e3ad316e23bdf1d77c1480a2e0df5417e5b1fb2d3e5a3f12460345287788b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4e50407ccdb341d3a328751a7bed94e

SHA1
544ba0e465bf1131f651c6468cf53cf7bd22182e

SHA256
90dca78f61a3c9d7879b765b9cf3ca627e89096a92cef7d469a1e547982d4abb

SHA512
702c8e08df779450598da276ed2d65059a6a9a3da35c11e1c5ff6be6294c6e4c1815cbcb968b1cbcd26825218956bbec453f656ae8451d9f77a681eef3a69852

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0941df7723ceec4c3e288c794bea02ed

SHA1
1915ee01b499ec183a504fc85c089a0f3014d612

SHA256
fc5fdf53fce8a7b2f1041ed04c2c0988a2c64d45a4e5e1a1de2c00823941a218

SHA512
704f090b0f7a9a704bd9747472fa1ae4d8cd450925971073f010fe2aecf4ac910fc3de80cf037717eb5d77daa29efc340456ce89f5613fa03bdb165de7b1cff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a20b6a2edeb1c157e8a6e9e5953815b5

SHA1
4aaa92fc3202d2da703958251ebd9db778470954

SHA256
0a439fcef199323b53121415b05d6a5398fc046f266d64e29e70eaeb0b518238

SHA512
ac0739395eeebdddb1bb1d257dcbb6cf813b69f9002e95eae630780e8e7ab947522d6a192a5754eefd924a6ffc9c7d742bd9173eb3eb85243d6262e2c8f2caf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30fadf13b6d1d029a724d6c4c7217647

SHA1
5bd120883efaad7ccf157d488f15ce70dcadd4ab

SHA256
23a3960db2d1c790caefc6a37fd666d4cac550f9cb4e6f9e661f12c257421329

SHA512
bd40b2cb1dd73f32770f1b54b2f620bfbca75952c45d44316352d14480971f037a598a9faaaed1f5a59b4ce1a66fb7a914359d788a720dca83e1a5a2ad32e46d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
02fbf53b6bdbbdf1ed94e1c16ef30e15

SHA1
18b242a9d5196a7a1bbf2bddd96cee3feed208a4

SHA256
e6c41394a26b8b98c7ad3ea137327b9444c5db4d184b5868abef61ecabcec182

SHA512
ae1bd0ccd6412b991df25ce545f3f32a96b14a2ff7ef55e513e008447300308055af2e3133c844c6b03fed4a2b14670874380e0f1790d66045c2598b7c516b91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8c40c5484ba561140e634237ed2a52b0

SHA1
526978c777d33fe78164aae67660a37ed4b3af6b

SHA256
7ea7fc81e4d65e42eba527218c5159513e45a6456e5a30fa3ec5d9cb21029967

SHA512
b3eab9037415d71f2cadcdae1b47ff9bbb3fd87c74e1429ad61e17688b2c926a8deda9c387da8d29dae36c07e82ac96345309b2469a0fd4e6ff7094dc9377012

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA01.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA02.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBDC.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit