c5856f75088daa9a3c2645328a59694627017cfc82253f94ce05d63b6a9480e9

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d56f2c66ddbcaad294364b8e84f0abff_JaffaCakes118.html
Size

44KB
MD5

d56f2c66ddbcaad294364b8e84f0abff
SHA1

3aa9ecaa4b4779772dbeef82957f5d93b59e0f8b
SHA256

c5856f75088daa9a3c2645328a59694627017cfc82253f94ce05d63b6a9480e9
SHA512

e303441c99e8b1484e30d27adf94d105458099fb86d29342fc5700be62b8bf32fa8a2f74bb7594c88ffe2dc3a4b6a4bc930375a7922a8ddd5bcefccc1c680281
SSDEEP

768:XIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZ0n7:XIRIOITIwIgIiKZgNDfIwIGI5IVJ7Sqx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
2584	msedge.exe
2584	msedge.exe
2524	identity_helper.exe
2524	identity_helper.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 3600	2584	msedge.exe	85
PID 2584 wrote to memory of 3600	2584	msedge.exe	85
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 2588	2584	msedge.exe	86
PID 2584 wrote to memory of 1080	2584	msedge.exe	87
PID 2584 wrote to memory of 1080	2584	msedge.exe	87
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88
PID 2584 wrote to memory of 1472	2584	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d56f2c66ddbcaad294364b8e84f0abff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa389e46f8,0x7ffa389e4708,0x7ffa389e4718
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,11771694450356666902,7575885795251090464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
33KB

MD5
d6f27248d0b338a5e9aa64b7969b301d

SHA1
f222d3d95d3b6df50a66b19392501a90ad60c4dc

SHA256
677bede5209907bc7ebb241580d7e5b723477fab974cf86a96bfce1036816b74

SHA512
787512056bd45957c202d13710ae382f3c55480a1c6fc28b1c4e4bbb62aeb2d072c27a1757bd0cbbb1eb185bea0bfd2173b8820ea64f3364072996ef768ad49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d1594c8986da8e91f7227da86eaebe06

SHA1
af8b08a9893bbd2704d01f6d0abd036dbc750b8c

SHA256
750f92b32c640e7d7b861b5f92f9f2a144cc87a713b3dbf6c637d46d034a1e19

SHA512
e068b56a86bc8143c838ca9f3d2db017b09ab28e9115b9754d26c6a3fb059a73e28f37dcb4820edda4ddf6341f6f396b237e69a997910ca1d2cd4d2830cdd854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
50e547772bd01d60eac4534cc566d1fe

SHA1
f10e632a185a6bee7fee100165a308714cdf45dd

SHA256
374ee304008388c359e947551aff4f42ea3d31b18c6166386e4f965d48660cf1

SHA512
b0231a4f6baecaa4642a281806314cdf874ec5c6693eecfeb5378e4cb6589bf855a2199d3f26cc198cb52320ce252acacbff4ed858271d4a6536ee08c66c1137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a2d34e2a54ae9440a29d21e58e536d6

SHA1
d54ca59bfde52c637f781c26e0bd970cdc11130d

SHA256
3b00e66fcd53c93a9801e998a0b70b015798964a61d5a45b97b3e5e128f80ae1

SHA512
c93ab82a1c84a87ab970545b4e8f9dd1c00b10902c8e54da558dd42e7459b075d038b4dab94de4b9e507e4f39189c39132f1f0341a1a34bb96a2a72a14e9fbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc240601e0f9a6ec5366a5fa1d68e314

SHA1
3e3736e933e76c951b01642ab697eddbd887c3f2

SHA256
0fca7c041a88ba48ce0d976eac0d226db28e7e55cd653ff95f6284bfe8fcf6fb

SHA512
6fea3a61cecfd5df22026081e3630acf0241dee1387098aba56d13791190473208dacb7cc286038f54f1f8feb9f3e4a19076ef5e1fa4499166da17e3935a4d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b9bff49f-c717-4c62-b57a-cb1ea95dadd0.tmp

Filesize
2KB

MD5
5dcf65f323aa1d289173f958abb6c393

SHA1
0be13254681ff059b444347bbbb7b86d46778429

SHA256
307d944f05d05dac2e02fcd93f91590ee1e62f08df1f5547ae4e9b03bc95cdb2

SHA512
7504a2f7b1d0bb6f096a57f51d9de34c5021aab6871f4764af34082aab7fda8b59303e60709ed8c5508f9e942dd16f3bcdb915416a00609c958e65f8a17b92eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7e3f1c3a1f34d34d0c1a2ff46bfa93e

SHA1
10e0eaa4378eba8acf45bdba215cb0efb983a970

SHA256
538fc689550ac8aa2976e7d8f95cc1b889f41de58ab894bc032e11649919149d

SHA512
7b3fabbf9fc7f87f537513e2c9bf4fde06cc168fc3ca0b66da712792318931215685d4e6b91838d1e7b736811f89b2bdc9b7327ed5d1211c8bdb33aec056d5b2

Download Submit