f1bbceb51724d1db903f4b352d5b3020a8816360d93296e3708b97c04725a80c

Analysis

max time kernel
138s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 17:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c6508475034ece38ab7a879fb105529_JaffaCakes118.html
Size

175KB
MD5

0c6508475034ece38ab7a879fb105529
SHA1

8a8b1c312d778ac9ba8574abc95e3feb69c3fec5
SHA256

f1bbceb51724d1db903f4b352d5b3020a8816360d93296e3708b97c04725a80c
SHA512

3c2e626ba56aa746573f3f44690e184c1cff04b019004bf6a928f7e3663193579f92c373a20d2bb4b892dc4eec0867d092d1919a4606ad5b352a9f8174818a0a
SSDEEP

3072:RcRDSkzYk9LLYvriTD08JQw38fU7ienQpfQLPya+KIstw+/kBQmFDt46cOxfp7XP:eRGkz82Dbt38fU7ienQpfQLPya+9stwt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
384	msedge.exe
384	msedge.exe
1836	identity_helper.exe
1836	identity_helper.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 4100	384	msedge.exe	82
PID 384 wrote to memory of 4100	384	msedge.exe	82
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3588	384	msedge.exe	83
PID 384 wrote to memory of 3388	384	msedge.exe	84
PID 384 wrote to memory of 3388	384	msedge.exe	84
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85
PID 384 wrote to memory of 2624	384	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0c6508475034ece38ab7a879fb105529_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99ca746f8,0x7ff99ca74708,0x7ff99ca74718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9216898585124070724,17300481617139533815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ddd037aa4489ffffe826eadcef05fbb8

SHA1
445d3af0c76d452c78fe466742e60c4fb51c36cf

SHA256
0a4766d3129341a3c685100ed32510f2e49d9f073e974e8926ad7ea3d8f42a9f

SHA512
a12ccc3c0ed4dabd5aeac3a1f17c8e5fc3ef1370bcf4a6f7335fb4da251026535b362c75f747d4432a343254b15957d7c62f589e247af8abaca7ae164e7e808c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2f15789e6ce7313411c877fdf7c2e7c4

SHA1
e382ca4a8158e60598bbfdec738623d1a7d2d71b

SHA256
bb94e098e5bc830af56d662decf1aa425bb58c0bae4ae408ad0384b4b974a7b3

SHA512
57758977ca89c416085fa3d5a4719dde83a8488ffe296b5ae23cbde175204e0c13f9f91700c72272086d06e8133e4efff6b3266d92cf9fba28af94003460b5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
303946234c84ed23bc6d4333b3a82729

SHA1
7a959ec00d47f0edd931224dcdb772b56a1b5612

SHA256
8cfd2d773cfd56eb12562b22694c3454577ff9980ad88341003bd654635d0752

SHA512
109e30af927268f7fc05e75e8c107457d881edb8aa173f80d783587d4bc12a8a1e5117630a8064b68451ecffa20e88ece0fad98b00c3e2ba5e5ecf0c92626723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9f550b71c3ee20afca1fd050a76087d

SHA1
89fa4aa2c5f20a1e2aaf530c6a2858d65da82d0e

SHA256
ea4ab6910dd99a0f713184cdfd3cfcd316b13a6f7f62f8f29bfd20031bff4676

SHA512
dfcd87957233b1f6b3228f49573581e1002ea9139bb8ffcd512765573d4b6181f682b57ca10a771603e813402b2988c393970923c5b68a2ff0f1fe4d3d94117a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27598c0dec02764eb5478ef9ac0bb5d4

SHA1
e3b24642a7f119cb7cad20bf78fd3b17de95749d

SHA256
ca69270b76e169cbffe628b98b0b7b4aae649f28ef52143c2c156081ae55f223

SHA512
969111de6266c67a5d26fba22fc60a3ef6cdb5abd7802e7e9bbb92815f5fa895290ad1a6227da8e1828fb0abf76cc76d7331ff44512370d7c643071533e3b185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76217ba0adfc6e72205acffdf4597300

SHA1
5b8680871e7bb08b53ed7de3470850b2b729ce84

SHA256
5e53d75d598d7b14379d6097d86b6f96e71d076e6768f2ab0f80398aa38116ea

SHA512
039fdea44f63cc8ed29b13a4643a15a4e46b85ead16df61afdfce31f0eeb6f5d1d0d9ee3cb15897aa2c5b1769c1695b3b595135d29789f41042a432cc1a4a188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b42a45aedb8c64ca49167e3ca36b375

SHA1
6d06818472b250c1692e0ab9769730096acef3d3

SHA256
4e42b933bf09c6dc78058baa184a0d17da2eb5d19a32ad63057f251495ee94b3

SHA512
9b22bb2d965c8727c7098f9f088237f6632b8fe3241d18b3085967d180690b8a638de0e1444c17a017d23b3b3b5599a892196eadb1709b123d862fa85b29bfde

Download Submit