2dd7a860de7b2741704499f3c3802a241c29cb7a4a71e0181cc07d30c47b4d89

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d2e67aa1376fd0005b49b933d50926f_JaffaCakes118.html
Size

8KB
MD5

0d2e67aa1376fd0005b49b933d50926f
SHA1

255b4c512a194899762dfad143f80fad768bcd08
SHA256

2dd7a860de7b2741704499f3c3802a241c29cb7a4a71e0181cc07d30c47b4d89
SHA512

35da6ab28f6972efbeb48cf7068b3c353816e98321865b64a2e70cbe54ce23176e4c32f7b8a40f0dac2c27f187a48f5b971c8311461ce64bd9f18d4ba8200207
SSDEEP

192:ws0HBVWnY1aUWnqmxt/CIwe2WeQkRA7gAGJ/I+Tsx:ws0bnIweMg7gAoc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
3164	msedge.exe
3164	msedge.exe
4876	identity_helper.exe
4876	identity_helper.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 5036	3164	msedge.exe	81
PID 3164 wrote to memory of 5036	3164	msedge.exe	81
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 2860	3164	msedge.exe	82
PID 3164 wrote to memory of 5080	3164	msedge.exe	83
PID 3164 wrote to memory of 5080	3164	msedge.exe	83
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84
PID 3164 wrote to memory of 920	3164	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d2e67aa1376fd0005b49b933d50926f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16451600942518236583,18287360125012363514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a539177-74a5-4de0-92ca-099986b90a49.tmp

Filesize
5KB

MD5
21332208f07ebf91b692080a5e9ae00e

SHA1
b26f112f8eb5faebfd764e1e9facd4b1223b015a

SHA256
d547bdb00db72855a72d373354cc8513c8f4eabf9aa45f3453ee14140404e665

SHA512
c3ce75d0280523201c2265144ce91cdb52090c0724301299c0e8985a4c21cb32bb9aa83db7c467182fd33ef403b5fc1d6d260c8acda9215becc08dafafd162ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ad83519e5b58c1cd2d3a00e38dff1254

SHA1
9bcab736485d3acc65db21f6e1460496b1f059ca

SHA256
8ea66d85a5e754b643cc698f78dbfb5f6ba042b9b678a125b084d7ed6b16698b

SHA512
f6f6e55415f73622053f6ffa798b55ab2277ef4b58c52772763cd2f874ac77bcd67e5db28347620a909e0ece5d551171e3a4f2834847d749bc8fdbce68b3d7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
adec95255638b8ed4b1b7ae7b9ad83ca

SHA1
54f0481366411a245c4725470baf9c451aaebb1e

SHA256
f89b0829aef556192073f8addd2ae69230d5382b16f8432fbe256e5c1c40a306

SHA512
b31ce6f49db87d228108d14727b83cf251ed885d8d237a8ad2f698493851623e583d9babdbc2f8098b9f417d77779aa35b49d5a15a94b6ac725e475de7505a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80fd7a9e07c03dd5287bc894967dc3c7

SHA1
f0b9b534e1ac290859869bd8c95bd1e9d04624df

SHA256
d2a7764684a844b1037d884881886174137792501b94bd4cc753b50cd4a1a370

SHA512
e1085dc1f3dcde5bd7674bc02b9ac60ae62c426f74affcac8aa4efa83f2a8a90f23028dbe1ba171688f6425b4b65eb38cb39fbbb4cba1e5d1e10379daeec40eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
264dd1d65289ed066c4c0401b3e829f3

SHA1
af2b4a35415873494699fc1afd59791d04f20699

SHA256
645a643d9d2f84d84fed78829d126d622c9feb6ece295694c0a843c1af1d2949

SHA512
efcb5439cf485d380d2d867a7c346f42f6a8877291a45ab50b282d79bed575d9fc02c00823005a7f2c26779b61b78dd5ca5ec9d9edfaf57f16f36c618f08483a

Download Submit