a885e8f3e77d514377fa95dbad2ef57e8ba0ba1a5670ca83cbc39d9ff721f30b

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dce2edd1a4e82f3436b447bf96241e23_JaffaCakes118.html
Size

14KB
MD5

dce2edd1a4e82f3436b447bf96241e23
SHA1

cbd1c8f605d6605c6bff09e6367c7921115f22fd
SHA256

a885e8f3e77d514377fa95dbad2ef57e8ba0ba1a5670ca83cbc39d9ff721f30b
SHA512

ceca29e4c0c6f6a05d1fd14adfc501efc0600b530427318261278287e78c32cf75361a735db6fe92f120ef5f64859caf6f9ff4080309321416be97d193cd8ffb
SSDEEP

192:SICaepCrvvcs3LL9AOT0mghtef0NS0+8737SaL1Z:SICx8N3LZqhYa73771Z

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000089709bf827f7e500a16a647b929c0f9cb6c23dbcd868f02ce36f0de60d298c06000000000e8000000002000020000000b3b33b6d19fdada97da2e2370464731f740900c697693fb038767319480adb9090000000ff95e7eb8f3f7235532bc219a2665abd84da41cd78d72bdf2444097dc023e179231fab6e5e753f7f79cdacb030b8ef337f392543e99fc2c3bc24fea625d306672ff100e4e11bc65d4f49631595006a1b0360c727aa03c7c5c14971aa8435923d0dae5507e0bc7ffaf12a5b25a7511ba39d17248b36e59d167a8d2bb05fe22ab106875bb0d5fb5c218f35e269f563298e40000000974a3953f5f355ca4cb775cf6d24809b385bdd679f6d60672d2d3761225835a1226e83516117bc14c08ea6b7f1a262575db78d8874c5679bcb43a4fff6362fd2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000007db3a581d7487e513abf1e45d51b8c2f8d764f05f1c8c5d22cf91bebfca8875a000000000e80000000020000200000003bd7def2cd0979ddf90ad22d72f64bc2f6325c1fb14d5fda1336b723289c57ce2000000093c951b0c8a6659472bec3cd81b701cd9338c90de14e23db524850b9c43f0cfc400000003f9ba4215db2170b75cec60ad4dd1fd00fa12ac7ab5191815747c8e9921936cf322f0604866006d0b2d7b635c0fa1ccf7a4fb938aae73dade4bac58b251cd5d2	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f0d9394805db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432330403"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61E576E1-713B-11EF-A7B5-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
588	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
588	iexplore.exe
588	iexplore.exe
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 2092	588	iexplore.exe	30
PID 588 wrote to memory of 2092	588	iexplore.exe	30
PID 588 wrote to memory of 2092	588	iexplore.exe	30
PID 588 wrote to memory of 2092	588	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dce2edd1a4e82f3436b447bf96241e23_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:588
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:588 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5c9978f3bea9e84ba15a62ffdb88c40

SHA1
e1ba57fd4c35df1d06c2088af81884127f4a120b

SHA256
70c204cc559c1987dec3529e0506a55d5891dc85e088c2ea0258648d75d69383

SHA512
b3027b3948bb472dd9b21257a07eb28b50d034895448de9964eab99f86296ba2caf37e91ed0245c2b131893bffe5cfd347c6b29a3a666711475385f0e5d2cc25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8763cd6d202c8f346601b1bb149a9a7

SHA1
e8eee539cfd1753fea1799e0d447946e700cfebb

SHA256
3817f8d0edd318a55e615b1baa7070d4b59f814bd46d118eda22ebea2e078665

SHA512
34eb55378d55b4898ce1e82387604084d54cf64e792b6f0dcfa0c36f7f672a46730c4d4a32eaa4e679e722e4dcf9ad712b16207f22e73e12d4969e32fc0ae44c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae2ec69d7f4eb530278a7313c5cfc4c5

SHA1
1cb9105d7cf5f2c010ede6a6561bcf77c767c8bd

SHA256
33fca2819c067f51bf86e6e42aaf9fcb1046da7d4fc905345ae624df3439a0ae

SHA512
819038e4a5dfb74bf808ef7ef936c93cde121da7b77f74e24b59ca0f0ff99f5938c129b389e6533df6bc57e3d7f3f911bbab885dd8ba846c3535de9ce2a798c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95160132c27843d6e5d19f698523537b

SHA1
a916adc6643e08229df552004a386df48564ddf6

SHA256
f4c3ba88bb6f97776353f71eb14024a69625ff2b32e6d9a013de708645ca719a

SHA512
ec985f813cda8d73d7f4a5d0bd71298f867a8baff9e7f5b0a8f8649e4e720019674d88c7b97318f9177b2e129736d922028ced0fc3d2aae68758666f39a2d3bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b823daf52a224cac3a581b6af1ee859

SHA1
d062bd03138a471257980da1baf6a3a9bd33132f

SHA256
b77e177b882ce15f8cf2fca9c5f43e302e476fc8d13e96449e3d5fe3792dd73d

SHA512
eed0de60f07c338ce42ca0500e5a99baf9280e3e30c711ac45a64b8044a0b02d1ed7cb8137d76b1b569f5ef2b7c8fca38b2696621625715cbe8320c51f760011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6db014be6fe6cf2333b831406a34e254

SHA1
5941f8d3a91865aeb1b18bd372c23ea53300b77c

SHA256
0b5f106b86784f6d1b7810d06c98d2d7421d37c3118980fd566290aab3446e38

SHA512
170fa5497a8f9acbd8f46d6b27f245f41c3b5d64c15281d5ee1e38dea0ddd3f6e097bcf062781d78dfbdef7ecf7d449e11f313a15e9c9db8373cd6b04588ea8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8beb01ec327a7f3e0a4dbd08f0e7316d

SHA1
a217f998484b1f1254ea635bc639a1c70b5a2e82

SHA256
0a1b57b6a54729ee2d3bb27f97b2ee4a16ce8f89ae31a9ec35593f2e9e44c061

SHA512
a9ab679594e1d806ef8bd3c77510617f97f035ff4621095e22a86bb7722db9f3d494054d64ffb39faf0eb1fff6959c6f40c20bbd1563032831c230baeb7e035f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d1d3c860c807bd7cd63305075b49982

SHA1
362db7a031c022e4927e89f5356252dc61e6b286

SHA256
8921e2b74553f8bf5fad0c757e193170e90419937b18eabc08c254115f0796c9

SHA512
0ac2798d24ff67351763b3104ea26fe82fbcd461296862020107e990ad8df2ffd17ec1128b63e27886be2bd3160e964389c879d3330f63ec4a3951b65ea5c967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3108cec67d14a810293b6aa3ec30e388

SHA1
9abd4155f9b163fcf8915b4634dd331f0886ec89

SHA256
bd284c460dcbd064944dc1f33dee1245d76b3745b5c72fa13c3342b3e2a45c7b

SHA512
39b9e0d9160611efd2b98e3c0c4b0c09c2c021867aea1096786c7995e67b25696ca400ad3bc00a02e8eaf6c3d31e873e0cd3b5b9da91d952ee2dc20f71b216a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
661eaefd3eaa1f21443f47da5b633f88

SHA1
0b1b981ee7953c7070bc56f520f0d7264d4cd698

SHA256
b5d284f26fa941a6e5684e65b92527c148b033606fd9c0e661b4cf521212eead

SHA512
388df48f8f17c718db1c5d410b21103bfc316c0f08905bacfaa0a65afc1c7d1a64011c0fddcd7f2900279c2243cdee6a721514df2e478163072877ab2ff7997b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
298160a6f8fbfcda5db6c8ae1c6748bf

SHA1
57a121c3ffd4e7e03104cb29c8423008dfe5b57d

SHA256
bbae673c8243099731ef81d8b24dafd7d998f22b28fdab95b1dec6281194bbba

SHA512
5152eb4914c570300141ce5c67c49022dcfded449ecf34a4dc4a6e2bb4b8f52df0b1a57f10f8b31797156f9d64bcf9928269435bd1aeb3a13a88885f57d7ef01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
120801f5b7275bb4b49cb63414b88035

SHA1
5739d94e1feede012c5e7d72b8db12e0167231f2

SHA256
e025c0dbdac094995d910dae9771e2bad3588d29da51a00f6151054168c7da14

SHA512
113fe175e4057863e3b9f104fd5d6bf89afa7c74c660e250a4e07788b2fd895b424e985e9bdf28d62e88b6337c813cae4c2fc7d9d72598e46c724bfc0559592d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7061681550d6ca93c59c1ca55591b2e1

SHA1
c67af84a2759877c11531af27017d0706a5df2ea

SHA256
1134aef7fdf6befbfc0b45a111b75f0136ec0a0613993d7bd9d576556360f38b

SHA512
19c0fb91aa6a9b572991e91553f0f13cbc56a2d50e33815414d7806a5e00aa1833db39512bcf87a4af4b99aa0d4dfb43292e10721f11dd95fa2742ac191b04db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
960d78b924441675c1b1c37512d30e4d

SHA1
381502f1372d89869216069dc61ded57b38cdaf9

SHA256
c53c8e380d7e910ca200263f45bfdea2905bc76cadf24245bbe2a47f522ef24f

SHA512
4d2c6f7ad5e8ea52799c0386a4849d18edaf7b93b837bddaedaf5ec0de24e4e489203ea97bb17921b65b5940b619a9fc0da11663e4f0aeb0fee65289350d0f2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b94d7140b2bb1fcf652423de2b7a7a0a

SHA1
4fe5601e4d3187c872965768c4a3aef7152f78d7

SHA256
6bad3864e01a6e97569b78d106388b37ce256de52bd467a118f5f177a7728413

SHA512
e379581ca3ac14d932f9c4b402b7a5b03f731bc8516de69754c03e50f526c17ab7bd714062f8add98ed84ac3d18a4918d77ab40808fffe8ce48df57fbc545e41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
052f34b7fc950713936ead55d764b837

SHA1
986aad3b31bb7e6bd37e976c4649b227f1a415eb

SHA256
06b79a1038f240d65746a31bcef30775d52a0d2536104b9a05adbd832ec3570a

SHA512
1a331ffed13b0daef098f2b53ff03a02e7278282b4cb780b111a5454c7848f47ae2eb67f022b29b120fb27ad9b11a287426aa25bcbb8073613888311f57345db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa293e987f2d68e15487616ebda68f66

SHA1
d30db06416fcad84f0e247f833499cda939ef478

SHA256
a11cf21923ebdaf3020e1a82763519e00e6a4e3fcdcdc9913f0e2cfbb95637c8

SHA512
6a050d35592bbce06dc22b84ab65e29619d16c0c86e034dba63e362f7a23d20c275eb59dd79b659e959d1ecd50c07e74123ae1417a7636973eb59dee41f8194b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB898.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB966.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit