bd185923dab1cf87e5349779cd086c723c8d75b3f383be65827cf8ae5f3bd645

Analysis

max time kernel
135s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 13:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e9f8d5a2588b2127e6bdb8c50636d67_JaffaCakes118.html
Size

62KB
MD5

6e9f8d5a2588b2127e6bdb8c50636d67
SHA1

ba025866e494cae83e5e75bfde62ba9678ee7bd9
SHA256

bd185923dab1cf87e5349779cd086c723c8d75b3f383be65827cf8ae5f3bd645
SHA512

752420036f2a3888c139102b73ad1cb3b85bf1aa437634441152f267a90a7b56c564a240cbc1ffe8c77172165784eabbdf83a1a87d9e43fcdad1fb69dbacc2b6
SSDEEP

768:X013JcHKyHHvPWUoA6gfcBJxcpQZxIs30GTTt0l29rM9ff:9HnHH2U/cOaTnt0gK3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422718175"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002353f7f5097e7660124d4e9fbeba4809eefcb17d4536ad0593d84d8b92e1a3c9000000000e8000000002000020000000135c7530bf2f2871632b0e6e8b8ee1cb9033e17261d83b0c060f3660f3f41716200000005f1ea7278f2aa8c2d4818e87bf435835817232caf14e682c880152ad6061265c4000000095460c002d85cf44dc65b758f630907cf938740f0d70061b71af72b4837b8f10109b9925a599d088411d3d19c22fc928ee26b6b915849e58880438641dc907c1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000632097dea40182e2a3eaaee00e72b3ba9cb09f3fb052d58d57b3d72ac6954ff3000000000e8000000002000020000000c4f8b66584b1b2c2a0869019fff3d137458f451348199645c73f7fb4b17946969000000075db88783dac3c66da1507a7a7cdbdbc09d6ff2837433f54b200ece513214820444e3571d7d563c04f05ffa5d8db20f60b6e1c0416696d4607661edafd36cc54b5bfc3be72b991c3f89b10a8ede3ef58fd809ef20203d4f6eca4e010ff4c1aa3fedcb980d683d1940dc82dccaed001157c4950beb1849f16209ce22a70dc70a1d8ca47c872ad3e2964f07cc2b75892f340000000128f60da82ea659d0240d1d0eb8b446156d254b94c8e06f88086801897f5534b3f5f39811b1e9e1b55b5b2ab7b58dac5e07b6373db2739d649e07ba8c2122503	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2CD8FF31-19CF-11EF-8C92-6A2211F10352} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2044db04dcadda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2344	iexplore.exe
2344	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 3040	2344	iexplore.exe	28
PID 2344 wrote to memory of 3040	2344	iexplore.exe	28
PID 2344 wrote to memory of 3040	2344	iexplore.exe	28
PID 2344 wrote to memory of 3040	2344	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e9f8d5a2588b2127e6bdb8c50636d67_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f41d4771bc617f85fcf0392d727d70d9

SHA1
1cb525a3b4f9b91043ebdb05fbe7e73d7d6ad1ff

SHA256
e73e8ae2206d8dfa07062d6cd024b50b389e5a4078427dec96063c7c136b3f2d

SHA512
39e425ba8ce37ab8c5624247dcb0ee861f9c25969347f2bacaf5143895c915534dc05965a1c325a73f0bf7017521095e1424fc7f996b396056364f9d00ac5d19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4e2bf648467bf9df9b26cf0767db9bb

SHA1
1488666a777e91a8ae1d9b8efdab0c4263761b07

SHA256
af4df7b22ed532ca0c5cd7549b667d152f8df8f773141f0ef46264d4dcff4b56

SHA512
7790d5d4c1dc59d68c4621deb41300a5e58dfe05a5497298d41460868e22e905aa7e67fef6fe5d81b324d77e47e7962e9a474267b7ff11dec114e47cfd723cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bde0ccf29ced5bfa40c9e8abef2cf9bb

SHA1
7d35e06cce8285df690c624e23d355ce8e7f470c

SHA256
6d20058048b682aaec12d5298c035663009261f6f476aeae3af5e03e2e442430

SHA512
b9af77acd23bc0eec98a65fb46ead2a439470abdc3e7ff25ccf0c66d3c4773853b45975b6f5be03bc763a713284cd9bca266b8844b3a39426c4f701bba24c682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a86ade9d76348441e862168f7382144

SHA1
dea4094d2f6cebf0847e0305c86a2ed621d07aeb

SHA256
58d29e4f1856bad16abff7cb3d7cc4a55ea38734d372b1c1f7aca77f39651fc5

SHA512
95ad2dc3603df760e6ed907b482ff77f92dc4d57b3176b7ab2015b78f85806041645f924614e8e1cecbd1abf82ffea4ede1e295dd51ed388c26f64ad8e4d1031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a9a8e7ee402b21f1dbcd8b7a14ddfa5

SHA1
a8a9b290a6f20bb821a990ecdfbe9189bc23bc8b

SHA256
035ce1162aa05b9b8ccc45f4809822066c051be3557900b383d5d3802c9695c3

SHA512
8fa4dc614548832fe24255b5108fd3601b576a4e85044037cff83b0bc5691b1d7656252c4c4aa03ce10362bddb669cba2442d9c79d5d65c06b20a2699f0c4595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bea2dfa60e3783376e7a58369154382

SHA1
db17023a41c98c08387f90f4d0fa1e19b4904224

SHA256
132be9182d240dc659144fc279afbde12d2ee1c59b58845778454234d719ad3b

SHA512
2e4750794afda0c6df38bea8b2bc397e1bc5a7c11deff776aac465b86b9d6d6ec1eae92dba943502f22bf1dc20cd886c8835cf6b4298ffb014658c0ffd071a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a454c29edbece58dcd34c76ed39eeba4

SHA1
f570c045bcdf5ceee5d54cc820aad180b0158c5c

SHA256
03dd2117011531c6468e61745ae5920dc6afffc7a50f3d9d84f2d30c2d52528e

SHA512
29e8f045b778b39c323b5f7f25486e32d0507a7fd360fcbb5a54970d8ce1d45b0e347e2319ad923491d827552f7e208ba3edf436a8f719363bc634c00ed50d8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9475e2931af2f6732564e33ae122f2cd

SHA1
86f29751cc7a4b1ae2b9335c404bd72231c7a455

SHA256
598834492d3bfb01bccdce652dc0ca9d62bf82d744b49bf1f9fee0804f167091

SHA512
10f2ff30270931030395b230918683707ee9dadbe0c435fa896f011341d0577d60046131f6cf8a5a1750e3c43b8ea881fe6fe7a7fe4a8cfb83716cc34dff9b39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcba1977deae9129766b11bc3af00075

SHA1
004c4a43f88b12d033f3d826cf75af85a6607652

SHA256
6ec622039af6c60c9a618dd808b7a521f736138d62dd6267ea9556d24593427c

SHA512
f3b0f487bb559ad2c01a9b0cf535bff363f92cd0fb362055eb7a3a0ee03b0426b0bc31cb3eca9e22cf13b187cbeb324a3c76b9ad9254277723496d9c35aa5b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c034ece2f5635c089d4cb5f5f960d60

SHA1
ea684e1917e44a2eee94cd3f1d80d091f70d9725

SHA256
ab70e45100f2c62d042a6f034a7c588243496ae3841fcb1014bde5bb011eeeb9

SHA512
eaf1258b6fe8f64b80bc2aa6a903158b547fbaa61525c56fb8252e79edeb0a36f237e24815d39970e584a9b01ac71b3935271f965c041a4ea4fd5f88e18692ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20c06427cd6d4d288fd236e5149be076

SHA1
fea847a6720418fbaa1886efc849518c40ace658

SHA256
0519b95c9cb3a82ef395959e0274d5335a020719214d451754e8bab09a5cccae

SHA512
248a3c3c99233f11e352d6f6bde1c5e99eb2de211e27e60ad540ad1b9a5a785b3a327fd3349718213e1fd0a5fd496b23ea07c59255ca4214bbd7803efa45950f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7578cbf1ee0c84e5cf4d4399eceefdb6

SHA1
0f622e298da4dd3730a7a774ca798bf6ab955913

SHA256
3968bf12f12fc2bc159827acfa777fcef7446e09135822435b3e9a43a2662207

SHA512
c79dca26aa54c08acff04d8d6931de8723831c7cfdf3fbcce22e66a10a255b87325f06cb98613484876a17d1d3d7c7287eca24cae75b3717043f4ed5ce367317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71f467b311176e9d9b9f24f897573911

SHA1
2a44d9134c74f95868f75b13dce42a115dd4bca1

SHA256
7d3f4a97b4ca572eadcf6ac4ad53fbb4e6ccf5c1514f5cfc6fc98cddce7d63a0

SHA512
9069de668ffdbcf1e3989215e1a62b68a99fc739bc22648b8ff2fccd05a7fa64c26847d049b268ce200d2721458319f7db236f32a0a4d88a34761e147a4805aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
141a1865acd435a531ec7e27571801fc

SHA1
34f65c6240766f93b8572d579da0746a6bdd1ca3

SHA256
d64985d9d4ee6b9087966c90f11a0253082a8e8df3788b98e4b2a955dd281175

SHA512
1f7a1b9e93587fcd4024be63784231d61ca1e926c2823fe43800c28cbb1ae1e743f65958cc8015809ec1b19c4ca8ddb967cd7ba50cd3139ca3a4b8eee9b2d320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\all[1].js

Filesize
3KB

MD5
0562d0fe7ffd3d614e4e44602a1610fa

SHA1
2bf056a69574cc2e379ece32a744f3a040291923

SHA256
9a0ac9d0333d0811232f5668b9dab233fb5119d1fe9b4bd11966dc1743334dbb

SHA512
56dab4ab96141ae74cf820604632b59b96e21922618e52ef8326f7737a01dc11d7034f9403e58b70636781e6f25b5e96105f4e81a236e51185a210953e6b3373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\widgets[1].js

Filesize
90KB

MD5
824beb891744db98ccbd3a456e59e0f7

SHA1
57082a005d743ec4a7f928a928bd7bd561078c7c

SHA256
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

SHA512
6c19e304af16ae43504a44eb60c542526d0d8f635e4f57ab557e93999ad608be99c25354898ef4826defe63f8ba72e4d09c5eac445efbde4587534ca202958e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\plusone[1].js

Filesize
54KB

MD5
fb86282646c76d835cd2e6c49b8625f7

SHA1
d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

SHA256
638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

SHA512
07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A3E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2ABD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit