hxxp://jafisport[.]com

Analysis

max time kernel
156s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jafisport.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4548	msedge.exe
4548	msedge.exe
3932	identity_helper.exe
3932	identity_helper.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4672	4580	msedge.exe	89
PID 4580 wrote to memory of 4672	4580	msedge.exe	89
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4928	4580	msedge.exe	91
PID 4580 wrote to memory of 4548	4580	msedge.exe	90
PID 4580 wrote to memory of 4548	4580	msedge.exe	90
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92
PID 4580 wrote to memory of 1392	4580	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://jafisport.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986e146f8,0x7ff986e14708,0x7ff986e14718
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
10d8d903e2e96f4d93c771bc8b7b5224

SHA1
8a7385e93c9c84de1497af10240d8c7d2b72231b

SHA256
9d26349c021d00f6b69d3ba7e8e319b6571f2ccb936b6f334a170cbb8fc743e7

SHA512
614f36d4114ae09caa556addfa4b2c46bcb62863b0ee3d9b51b55e4a29c624a7f949e30cea55b80412fb1e957eb39f1a654f71fa29dc20d8a85332675622c850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
649B

MD5
f146c0219461185317c56a7a12bb13d0

SHA1
76ba1722dce7dbf3912f8be393001e191acb3e2e

SHA256
3a7a1b37a30ac049be0bee403597652628a78208c3d4af190d9940579059fc4a

SHA512
edb46f1c2eda2f252caa5443765c7dd33d8399835470726ff83980dc996c748733095207a20566548f49f9ec114eb349befbc38780be7d750c011dad3b829113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9076094c745917b368552c67f4f43b0e

SHA1
246ee10da5b5f96c2e6fd66a698a02baa49f82ef

SHA256
120e559f9307e44383f271d35edb4649bbe21a8e6b4a4c2bc633850ea8810226

SHA512
d844ae781f841c25837d347b9bb3699421d5c06fa7f67b19a4605bf3ffea0f7445721f2760fbfda9fc769a4bd82f4aaa33643c315a544327efb06d90b863cb67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
462349bffc83e78603cf64ee8c3b288c

SHA1
a155e4a15b90900343a4b2477c558d17c373b73f

SHA256
40ebefdbb9060853a8be2cf6808e3e495ca99b8b2038ad4fe1bad8944ce6df87

SHA512
03538a272eb92295c93da55f5e88f26c63951746b74eb375799b816d62fd5f336ea7c68732a3346d65fda9553dfcb46fe3f042a271dbccd88568416503666341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c72b7a92aa92f448411bc63c0f7f9b43

SHA1
aad51770c75cab75fec46c72ebae301e6ef964c4

SHA256
feb93ca4075d35237248b723bda917f0f9126ab100f4ae9f5a1073c20fbd43ae

SHA512
1f18e84d2707019f8b28c50980d3021145600cebc03e99f072f27361b8436ee0939416fc45b1a2ae34cbe26f1b8657689544808bd4e09ef31c249ff9a3ac94d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c23334933872f03afecca9207a8cf0c4

SHA1
6982006e9193ae63801e231f467c321319cac483

SHA256
80ebbeb72d77e394ef37e6b7c686b863c5c48d5a12084d7e55ca7e0e296e41a3

SHA512
5a5359f90971c2c94a4f0c09f04137b7968534732824fa11402a8e9925a3f697d2c54c05e3e48c99bfa7da78863e280d19e94c2c00d0f3b3709b009bcd06aa06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
f1ef69446e1e33ea7aa2a6ae51001c80

SHA1
42de0287825d76fd19a60a06906c1004e88f20d2

SHA256
66366e82af425192e9b8b5c8a7cd1f0d465d52be897bf1f42049f377f6305561

SHA512
acb18ebf5e6c087cadd259ec8a5573122407e4253be57790a9dac326cccffe6677d6e0069e795b5a59c31d66cedada5f06a4eea0eb0e489933d0caa9dca56eea

Download Submit