d5ba75144200a62c744884dd0b860db4a5f40b375f723347a0fac56c9d58f4bc

Analysis

max time kernel
69s
max time network
135s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aefa7eeb0d489ccd02ded6481263cc04_JaffaCakes118.html
Size

6KB
MD5

aefa7eeb0d489ccd02ded6481263cc04
SHA1

d3e85f69f6f04629de60fb993a1900b278df8095
SHA256

d5ba75144200a62c744884dd0b860db4a5f40b375f723347a0fac56c9d58f4bc
SHA512

6c107b60327f0a89b0f393e70e6e5b9fe139a5ceecc527640ff7dc6e3349d2063f8ba167e3cee8872ef3568312560474e6137204ced16e24b0f53f67f316c12c
SSDEEP

96:uzVs+ux7Z38LLY1k9o84d12ef7CSTUoZcEZ7ru7f:csz7p8AYS/jb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DB34761-5EE4-11EF-83A8-4E15D54E5731} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000c0d9669a409854a9cad0a7e7d31875188ff7c2c1bc074de15c431cfa07924871000000000e800000000200002000000031e13a1bfe0757afe51d153d2315c6be7be16be8a03f26e2364aefb3b273ebc1200000006422ba3e4368c4f7a0c03811587117b45474fd4c12adadba1b63f0d21d222fe6400000007e8c557a141b2347497de9593d7882956f4e3d8187159121e7cc4466b5c31cdffe7256a08cb81611ea00e9d3aa7b1d629fe809b8d94fa15695f66d4e16b5b0d0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430313882"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b709eb6c9e6a3d2025eef2d91c2e9207ee379bfb45efbfcffc2acc08600e83be000000000e8000000002000020000000192729874fa9a958fcdc44015f20d72ff6d30e8a6978e7eed992e61fc0f2ab339000000028d74f71844333c7bdb406c4fb364d8996516ee6d685f26d241efc85de16d2c35ac2c8ed8c267c2e10da19a73e31b55c01f72b9612032df0cfadbac021e0e48396e0c65f0bdcd84d3ffd302b58ec0aacaf7b78049b234c87f528b4451d0c8042ba19104cfaa19bf394d367c90782645b958522c4d0986720949cf0c88499941a8c9f474b6be231cf20dad14a0e9dca4440000000c7c3c8ff66848a481d679ffd07412a8e516520587a6284fbc6691538f1c28165cd539d7a1424a09bf203c748e03b0a4776a7d83506655c279c12df8add4e8c5a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a22523f1f2da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2012	iexplore.exe
2012	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2844	2012	iexplore.exe	30
PID 2012 wrote to memory of 2844	2012	iexplore.exe	30
PID 2012 wrote to memory of 2844	2012	iexplore.exe	30
PID 2012 wrote to memory of 2844	2012	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aefa7eeb0d489ccd02ded6481263cc04_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba71eb39612bbe05a778432220694571

SHA1
b96af7809dde6f90208719ede9f6eebe416db026

SHA256
48b9702ac7bb7b0231317381600c4a6b0d07a55226ae62b4a668fd9044c35254

SHA512
55ab1e94d2561f570e50a1833b896264fb40da36becdb97a306fb9b57b9a2e8f46b2d163e461d1da30ff5ae6089c132c362bc7cbed2bd4cd4271f29454ee4b45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1856f3681174285e4ec838780a85dd8

SHA1
fac3c277ac3d69d72925a4822c101535822e25f1

SHA256
d26980a4a19171c0ed507c36c860a15d12179870b71e0aef43943ab2da9214d4

SHA512
f62f230de32bb68f47c5385a9b4abbcec1f5ea20dcf97dae0012af7db765f0940703851e661e48179b2cceaabb4fc13a16881cb1a1d45bafc66a3c899f91dd85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e11dc2ba958bdc53d40c09e8558911e

SHA1
7640ef8c6a5170226fcee5a6d27f8e8fa01dd787

SHA256
2f86fabf26900275c8b0501550d00178dc2a2010aec1cb5fb27cfebaca056075

SHA512
c18d90fd8b36cf519683c3065208b3bed270c581310aa9cdad6d61078ff32da9632916fafab3d504d81d8f852321eee8eedcdd8ec18ae151bfd39789d606a986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae6f9b2bb9563f308175db85e36700e0

SHA1
6f59cdcb51ba99781d9737d6ad463de59d761637

SHA256
81deabe62d0d634617266208ffd8885854d1c79023928cc75934dff372b8f097

SHA512
ff9f80ad1eb21351c8652ed9965687831e7f16390d97b8d34071e9bed6a601e44303ddea91e1b00ccc53bdf5bc8b40fbc790018f6e410e09ae0c62d49e57c42b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49ebfb5dca7ff38ba593ef4aefa1e826

SHA1
1e2b78274363be4b957082f40f8d3276343c1cb9

SHA256
6b2ed1c8a6069ca21f89317e4f722b249a72b105fc531d142f9c3e8bba878303

SHA512
ab053e830b231d710fd4b612634dcd4326783e20e3446cef49ff320a6931d6484d0793382e38c14fccc0b46ee57bfd2d9f6f2e60c3213974cb91002336a6e76c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4200e1585195c7f68d29cde2702a33ab

SHA1
90981b8c8470f442f953b7f8160191722d3fce8b

SHA256
156024de7c65633a74ecf56d95f2b2ed5b827c9f116ce7a9ecf537e6166fe8b9

SHA512
6f1ee938569d688b2d98cb1bad62aa711f197c5eb7bca970939fe3e3d60f666e366e6c7d9ec597e53c61da3455a669d1c3054051bc1d598ff69df5ca68412f17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42bca5b9389b8dc9e60e3306c1bf4286

SHA1
b48056094e59854b4ed2cd372c3eb1eaf4bd30b9

SHA256
b0a0c7386e29c43e52ba6889302a8a325c8dba52ef92d213253fafec850f881d

SHA512
7dfec9cdede4d67ff71ec8af9fe9f7d785c176e47a7d404513914ffc7aaba0644c54899323cefcea407b865c2652c5a5f7d2d2ccecd17348c2c4f03e0e100e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
958f89fc4d1758e0deab07afed4a5461

SHA1
e4ded64d31fdbc3d70381be34f537a3582f76af6

SHA256
6aed975777395ac83b258af11ec4f9369448bb5ca28344f9793d8698fc12b5c7

SHA512
dd9bb92f05cd6c182fdb3dad529bd8dfe3c2da1a2f0ffcdc8392681fc5f028a38530211282469a32e22186af84455ca34673ea23d8ef888c4f27fe39b420f9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63251811f971cfc78bbc48c52a32fc81

SHA1
ac55bbe435cd4a37f59b30747153bd7105d630bc

SHA256
cd32b33003e8fb7ee55e2ed0c92aa9cd3dff48fefb1c92fb3aebf3ff011c916c

SHA512
0459441e8157c9ab156166786ee363de4dfcfc022b27e519a71c7d43b0f3290122a2684e958e247942bb1da3bd15093785ef069ac6cc1530ea8e904158b0dfbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddbdba452a5b12871c4cd2d30428ba65

SHA1
ca315cb3ce5aa00fe41c96fb8f4a1098980c3802

SHA256
2158d577dad48ee7ba76ec118a9ae775dc262c23a917b13b3cc68b825127f643

SHA512
7f3b01269c560c30f45d7f26e6e2552cbe7acb4737c7dd212d01d1af76a13fee45b39f18f5e9b00efa9ad0d694a908daec9a04f4a76c68e6dc8d746a0d588de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18f3db77628dc9373400e9ecc1d1eb44

SHA1
3d3cbf39048014cf89b7a6dd773240a58c274ba2

SHA256
47f34cb95809955b13cbc331f542426d5014730759453d6667a848b285ded846

SHA512
601496fa776e76e1b7078b5304aedcba82503e450b7992fd3480e4be7de9eefc85bb726295a2ad2f1b7e5c60133370b2ead08b7e5d89c154759a11e7e88cc3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2af29805dce5b849e7b9f4c77ce6c131

SHA1
2a03925471135df443d053518418ba79e9bf1de7

SHA256
21e7121052afdd571d7c9b6d0197261c0a6be1a6426d2fd8679556834e42afba

SHA512
a062f2332590f24b08b7ddb54164d4bb2edde64a43ba53caed66826b83ead420ab609e7fb4daebf710f74c9e77a567ecf99e3dd1d6cfa654f1482a503af23a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac2f783daea4c550fb0a329fe3bcda95

SHA1
d321541aa579d3a215d3e7d54d2eaed9473dcf79

SHA256
88e16a551d86564ba661edf1fd20b37646f87eeb9495240b246bdfbbb27caed8

SHA512
d4c945ae9d37ef7e17640c97f0c8f13a854165ecda3d7141de4e3de1171b4c25629bef88aed84550391ef664d090aab02a9af77f4589ce04ea6e52382e637d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a77e5776bbd5c00227aee9f7362d51c

SHA1
ce68a03e14b663230ef635d240e5163ad4ee226c

SHA256
2c3a1891f3233a34d1681538057821bba13e375bc6ea6f6b24ed7cecbedf308f

SHA512
ce76143e2552411dd283cda0315bef249750b397464d77d241c571e77a552fbc39a1f29777d85c66450cce26307ed4eb1a598376bf620b9e5a76687796811a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b02f193d95b0ec2196aa3a9a343e38a

SHA1
30934ba92f0e02b11cb083f9e241a5fbd0d89a9f

SHA256
185e870daafbaeed8123ecc34f7f17aa3d207f5c65e0b624dd9113318b735930

SHA512
3e7988e993343aa5cabe2ed756854c550e1cb889e1bef776800409aa494622405f5052e5d61aace9c1e14055244113be677b04dd5e347f3b6207242c926aec94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe122d21eec26a3ce8155b338c2527e6

SHA1
5086648ef3819fefe413751d19c822a7a1e12544

SHA256
20d3364b30cb3bb1c490d2f04e1b1cbc9db5e4151620fa22f731caab2e6d2aad

SHA512
5169eada02506a8eb10c1153e77ae8c2b823969e166a5eb10647f281b3da75c0ae149cde6c49de4d4ba2d9f05c09ece02bf9c1665a2d805169d49c63dc4a5273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c81ce41bdbfbd4e5d8e8d6673df0afb6

SHA1
de8f5259eec22677f17ae3522ed4bd97d66875b4

SHA256
466f67c14e08c842ee67d94fb7c016a3d386625a778b8450c7f0164445e4146f

SHA512
06276312a5f3bd90b5abbdf07a442a5330289644da335132c3a5f2fce43ac7ad93e2ef1fecf83a4c89140516c81292e4ae2a0149f561c16c745251565297d99b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF65.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB061.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit