673407933dc68cb6e3cbed39cc9a300eecf68f5c47c51d18eb5a94e3bd2cfba8

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418accaa04c9f843850ef3d714467170_JaffaCakes118.html
Size

6KB
MD5

418accaa04c9f843850ef3d714467170
SHA1

aa2018bff1291ca402e5b3e3288c1f9cf8b6f59f
SHA256

673407933dc68cb6e3cbed39cc9a300eecf68f5c47c51d18eb5a94e3bd2cfba8
SHA512

1a4002b62656ec080114e2e628558078911a1af65e4accc24c77819d2dceca80d469519573bfe4c5525615e5563a847eb0306e76e7ec1a65e0af8c44c6563a7a
SSDEEP

96:uzVs+ux7POLLY1k9o84d12ef7CSTUSZcEZ7ru7f:csz7POAYS/Rb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74B99AE1-8995-11EF-85F9-DEBA79BDEBEA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000d2632c0ef16a2d47a859a9de050f6e81f7e22949f06747c55b1a4f8931e1e800000000000e800000000200002000000086deaee217207931d9b6183ecc06281454c0bcc2d5ea39b1ce68e30bcdaf9a9e20000000ff474370655a29f521f9da00933f8189f794d2b7174668a839886e9948eaed8d40000000bba2b50937aa0517ae0e20804639eebf94a06dea8740bdcc3ec9ae673c3067d91a94a79c9055a58695620ed520698e77eaf7841b68c68ae4d967add55e727154	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e9a749a21ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000a0dfe31eae1bbbe60cbff58612340a9e32650ecc048dd980ab03a8790a85085a000000000e8000000002000020000000f55edbb48cafc5f69bdf2cb630eff7ba1c9c2e462111fadf2e6f4f875ee473cc9000000038baef4382ff277584f7f5daa5cf546451f37d6fa67f20b71ac54355f4ba31caeae914b1931429ae01d972c116b65a995bffa51804f34fd0d76e1daa571510b3fcb8fa3cbe825daae3ce66297496cc133a1ab8290c8608fdfb9a848b4aac76269c1f1db209f618c9a30034707e2a3333c0fa4cd7f5a89619945d5aa642ef6151f0d3e961694996f7ad5a531f0c62329b400000008172f71e8c5208eef90008f8f19597169ee224c766702680fb10ad413d192bdca0bc1a417f54cd936d40ed93ea269875dfd6d6415d029b611a3f2560eb9ede2c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435007914"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2688	2188	iexplore.exe	30
PID 2188 wrote to memory of 2688	2188	iexplore.exe	30
PID 2188 wrote to memory of 2688	2188	iexplore.exe	30
PID 2188 wrote to memory of 2688	2188	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\418accaa04c9f843850ef3d714467170_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78cf2373e807eefd023ea327f8995b8a

SHA1
56efba69efed547698ee79571921e3bf284bf5a4

SHA256
c4d6cd25d5b1de36998d44fb5933a68ade311e303b3b52914c258bbd09ebcfe6

SHA512
61bfa217845cec48ecc2b7d9a35819623e78c7385dda5a087e101f262196a97d5899ae0b582e13a1c108de26fd0f36e6144fdb618c2046b085a2a95960c3dcde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4221a947963af297e64c8cd5c2df476

SHA1
66f0257f4005c23af030e38fcc6b69fbeca561ba

SHA256
b640b348d3b50908b4525fc00724edf833bacda02b4f57ff60fde0ed674e1415

SHA512
f00b21f1d7f7ae5a28a08b19ff42753525eaf77eff723acd806edbd6056b15ceda48ca5d962d8ac144b56df623f2cde41d1a751ecd6b29341b7211b96ab95876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b168dcbeb187c732243551242cb6dd4f

SHA1
189e1b7677fdd624d49a3f889dae1597b8f192eb

SHA256
0bf1f73c7aa0fdb942b6ea48dc6038732d4cc6076248436d1cfa7cc95622cb3e

SHA512
42ee98e4cf48bb7822f32308d70213208f7f87c6a1166802a736cfedc15a218eea98b75566511f39734ca180d54990697bbd99801094e1bc2c070da9a89ac266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10603a2f0580a556af20ec092e3bbeeb

SHA1
e0476ee950994da7872c0e4e4734ae4250448f74

SHA256
f3f239e41f937df5ef85f77c2edc14babb9883c50c797139aeb7e809dbc9668c

SHA512
a330e5521018cb26d8f2697ecbee25c8e022ee5b67d2b83fc6139a317290605c8139a53dd22320b816879a82bcc6f5ae35e2e92602af4705c4abe862dbf69889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a41ac3d8d9702e29231bca79a91bdfd0

SHA1
382abf17fe5794f9a61f83b11a9df9f8dae2b215

SHA256
b50ffc48fd4b9b0a593679764ac05ad75fdf6863fde182f26797bfb2211155d4

SHA512
9ec4216c034b172e91f466a2973136bbe899a87e637b36504c039f9d6cf9fddaa557d3abca790f642b6d01d34c7423ef27e7c8517bda424ffb296f418d8ee6a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3ff0f0dea8462665c7a890481ff8767

SHA1
5f10191898404a22077b69feb81bcff88eddb7d2

SHA256
45debe84ad56afa8da49c248731c75deb4fe196c7eaa2299b4f6d0968b4229c1

SHA512
ad17ae7ab6b235ea2244b19e06db4caf298f419ec240b9bbb214c3305fdbc863b4c2e7b1888b29c477a93252390a1d6dfd2461da12c4643abe0a5a5b3b1b61ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99d21d6742ebaff06422778a07573d70

SHA1
61d176227d045a9bc4b59c91b170ce9893fc25c9

SHA256
40da2009b905f7e2e154d9360cfe5b4826916deb5ec9e55c652fa5274265cbe3

SHA512
198fee35bc530ee7d06cdf94797cd7b48e7d5a88de13899fd0f7381c52c110234a9916ccc17f16f9b2f48ba8b95d7b26f8ba5a5383cea0ea7036f0d0f98d23d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da249325d3ad83af1ef28de9fead9504

SHA1
8711c8f144cfdaf0de43adf041be261e4bf286ee

SHA256
eb1b992f9c6ca70a1586bbc9d2e5d904dea289126164745a35cb4f31942f6c83

SHA512
07cf0b8031231e4feaa4d4043db95965f8045e220a2fa97910016eed472d7314cbbb9f3531024fadc39f55ada379de8bc1bf76f21b7b6449fdbf4837dfd1847c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4ae4b0fce5b5874b237d850b2cc7fcd

SHA1
192231fdc3130fb42b0040f80aca38962a1817da

SHA256
42f18379fc4fc542433940c681796b2ae2479979a889c47beea10b26a3d8de6d

SHA512
165fa31ba83f813739f11848099339818b74a9a716b879d6953c159675ebf66d2fc9a03a60aaf871526170472e86e0f7bd27074f18c3290874bb1310dea4ff6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1500dabc82616301596b308f43d3ef8c

SHA1
5314c6ed3a7cc13ccbc6e61c2b2173a490765112

SHA256
7bba5db4b136ac8a1728793161f6e76275f5424567bf8dabe9977ccd729ae7ab

SHA512
35bf6da9265ceef2e4f0b6c35caa972baa6c0b268ce378cf1df64fe461eac259f49ec23a453eaca681c7d46b6175bbb851f3f02478013d6e471394e720259172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
908229245d756a3d42a4d218c00b437a

SHA1
0fdbaff45a4c0e5766f05f30cf3133570e429aaf

SHA256
29312337f6a2630f1f29e7c26001dc7932a847d9ecc2c44cb04a5c9fcbae90f8

SHA512
7104a24db309f177e7164ca68565aa6ac7b8a39255477e00893ab54160c2f2dad4aac145ed6b0065dc54a42c2ef65349b50fd59b4ea4cb0e1c9ccdbf8a1e3e24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24915d428dc4f18b4e1f57ef648c149f

SHA1
ce10474ca28909b26972c104e708c21909ceed37

SHA256
cf2f0b35265623635b7b8639d5d5260ff87782179fc6ee5e873c45076a692596

SHA512
37a304f494029124a5e0e0818e0dfb322f2edda46efd5b13ded0be3c8fda4fe8b886578dbe60a2eee8d85ec24eaaf86b6a83d330a6c96e354e3d5da0ddc51e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d210cd40b562ddcada82abd64ffd4361

SHA1
ebc20a653fbf6a304b8c64603e7bf01d1a7730cf

SHA256
94f9b7cf9d504576d6ddb7fb29b412f5f69c1e672575ab0b193b1888b584bbb4

SHA512
bd21d0ae43b7cc1ed338f43924395a103a03749f12e6335dfa17b147f77967bc21df8b7d733e88b03c4f930aa87872e4b367f11379e3d2454078f915d6b577c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84c3b72700f1c80090ae642be624d9e

SHA1
a2ebdc2762369371b1b743c7af05565aa915c6b9

SHA256
dcf16c07f99d09a6bb95c8f56a13fca84c263b940c8f48d171071c41c77d08fc

SHA512
f0efd40d9bb8c8f5a29a7120e8037ad15ef5c74160798ce056247c771a40f2a76078edd9bb96e2e1fd5eb949c4149614fc8293344deeba8db8ba67fbbc832956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bb6a5e38342f59b4edb3aca190558ee

SHA1
51140f8eaa2a7cf031124576e106b1027b214fba

SHA256
28f6e8a057ed8c9063a3c931339065875c791346b4895c7fd61338bd45d296bd

SHA512
7bf7d2f43d52c3a25f44e29f067ba6adbc246866b2050c892a486838adc802479c48339eda5e6f2cf89336ad19e190fc6f27a0cd51a75a2f9c9fc3daab2a8e1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a89c6932abaa22da1f19c30982a20c07

SHA1
860fe09ad55153701658a15847474bb00144a88c

SHA256
f53b160be7b7003eff371420f4c84334670b484ffb1ba21d09ae9273f9846f58

SHA512
fc42dcce8dd7f536dc98d7ba1cacbe177c6faa3082194068f8edd4949648049018bc70100d003ec796434bac1fd1d5cd3e1e1bda562a7761a9bc1fcb475693fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e16aa08cc42de0f7a3417139481cc90

SHA1
95ad15323d9aeaba672ff617af927564ba1d0675

SHA256
2516a25d15db60280b6981240147d902d7b45c00f9ae5767a7a456450bcf7026

SHA512
5549d3ce2bc6ef962639e6d78dc26d5902e33f8ff7f3bf2bf778ee066fbb48ee7bf73dfa7e550277ecf4698e80e2d48a800261bf45fed62d2adb0f6d6ce151ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab344D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34AD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit