2f7037a3badfbab0a98ff5007e3b0183dce92c294cee025988cffd87cb46f0b4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6583ce83af320524285367bf2450c4d7_JaffaCakes118.html
Size

131KB
MD5

6583ce83af320524285367bf2450c4d7
SHA1

6cfbccae7d40cde979b43b5f0310e60439ea8fc0
SHA256

2f7037a3badfbab0a98ff5007e3b0183dce92c294cee025988cffd87cb46f0b4
SHA512

76da89fee2d5e023c1627ca8f216929077c9b1256b755a73ba51c061c573e6a8fb1c18b7597a930a2384fbb8bcf7cbd96f0e7f1aee27cb25cc3fc204693dc065
SSDEEP

3072:ZeAcLAcxAcxAc9AcJglPr6w3tEHP8I0LSkyEk3J0V1AsUe4:IAcLAcxAcxAc9Acb0+kXkWVg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

4312 msedge.exe
4312 msedge.exe
3972 msedge.exe
3972 msedge.exe
1264 msedge.exe
1264 msedge.exe
1264 msedge.exe
1264 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

3972 msedge.exe
3972 msedge.exe
3972 msedge.exe
3972 msedge.exe
3972 msedge.exe
3972 msedge.exe

pid	process
4312	msedge.exe
4312	msedge.exe
3972	msedge.exe
3972	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3972 wrote to memory of 388	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 388	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 5100	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 4312	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 4312	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe
PID 3972 wrote to memory of 3880	3972	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6583ce83af320524285367bf2450c4d7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
2⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
2⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
2⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
2⤵
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14314729507767257888,1011871994240435502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
44c6eac4f0fbe844703f10f94bdd4864

SHA1
bf378ad29f65c7bce9d25d91133341ea1e454b9c

SHA256
e8e9c51da056b058c5377d6e852c3b9dd940e2a754fdab2504829b52acd13640

SHA512
4bc91b7a644ce5739239679770dd37d0c33b602cc17af823c64bc2920e5d630ea13c2b7612df0dbcfda282d378c5cb28e52684d88bc43c27b415089114a0deea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2d9ba8970b12d4fc79f5890e0ffe4c12

SHA1
9118bf2d8b8ce525dcde40032ec8383e3a35ea53

SHA256
e6e4a73c943c755510f7795b187060464b347b4aa00e395fca8fe32e5a826a82

SHA512
0461f54b314bd4a324bf5dfbfeafa43d7e608f1ae895c2e90ed5bd87f3eb1de2e428af7c6fabc38979976cd9aa7b72650856e4f94ca1b343ca7a330b7b02d87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ea527b14d1ac1733bc24f69aaf09648

SHA1
9de6a86419982ecafc0e1920d2caa006e0005b9e

SHA256
987cea9a3e9f47e6f95819100c0700565026ce37e761fd1bc62a3447e0807cf7

SHA512
166a785b350d220b09a8ff786b98371d59175cb6b73c24019b080197dfefb87f635ca143e916a6bec8b9f8177d697860845e29d40282817b8c7fd9194a396de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2bf8855f4f27e26c3519561cb711d03b

SHA1
8f5e6ce6847984ce7edd064b6be6ef38a9e7d835

SHA256
8c3174d1ade4ea17b1228f1c80f7c5e4a203f4ff1c6906a557332a7941efb8df

SHA512
139fcf6bad6d84d80e18427ca9c7a4b6c9d833b113bde82ab6fc080a542ef5f5ce359b0eccdb8431e04f84093fb505754e7d5b70bfaeb5f2542e4651ccddaf31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
caaac5580fe3d2100bddcde7b92d8d79

SHA1
e7bb9755b34860ca644ad04c14aa44b61820fb77

SHA256
48bd9bd9ca73c331e16831ac75d26c5e58bf8e2b094b5799018b92c6bdb418a7

SHA512
c74c3fe09e6fe8a0f18ab02e29c859684889ce39568755d8e2ba6c8049f9e1e1c555596d5604fd21673e1cf8be75243ff5d1c8c8e6768edc8d00b784e7e2a11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1596341241c292e6a87aeebf792d5aa0

SHA1
8021c2a3e49e6ea914787217f74b7641972b29ec

SHA256
44834f6302cba28f78b31ff1197775cb53250ccb66c2ac468e6fd0929101d182

SHA512
969538c8d7832ce754947de80725cd5aac780af05e47fa8c40b55d0ee208712864ce31260dc08fe37072700f4985ac564d513d9d282f713dac7ca8680ebc0631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2459c0cd2767a3bbb580fb4ab072f082

SHA1
4071150b2b605372cccbbc97d3f10a437eff886b

SHA256
4490a093cc4bb2fffcfcc6d962ee7a893aa7faf2bf4d1252cc0213deaec3e390

SHA512
01fe3f55e1bd64c8e2716c07aa5913342ba12028a9d864cfe11230fd215779d903cf02a743faff54b632894334fdef8bba866b22d2e7075e85e86795ad7d1934

Download Submit
\??\pipe\LOCAL\crashpad_3972_RSLISOOQTWSETRCD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit