eef626b6410640c3aea04f091973e23879e5fe6d65f6e6872273acbaa480fe9a

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7676a64d8da4e87f5b3f44ab42940aab_JaffaCakes118.html
Size

65KB
MD5

7676a64d8da4e87f5b3f44ab42940aab
SHA1

f3996ff057d4ecfd8083906698c8c8d10c0b99fa
SHA256

eef626b6410640c3aea04f091973e23879e5fe6d65f6e6872273acbaa480fe9a
SHA512

1728978cda4c27fbd23e89ef1db3645fcdb6cf02c7cfbbca729a5d674ce31dfbb6c0b542cc8348a5c5e9675605c4a478babc208572193560d36e64233b3ce797
SSDEEP

768:5izS5y5/OVvLaKL6B5O/5W+FxHbkm9iC8wh53yaojwnVAZAf0PFEDx0GC6732SCF:Ie8hOVvLaD5EL58MCaoE6ZeaGC67+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
864	msedge.exe
864	msedge.exe
2672	identity_helper.exe
2672	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1008	864	msedge.exe	84
PID 864 wrote to memory of 1008	864	msedge.exe	84
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4912	864	msedge.exe	85
PID 864 wrote to memory of 4628	864	msedge.exe	86
PID 864 wrote to memory of 4628	864	msedge.exe	86
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87
PID 864 wrote to memory of 3840	864	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7676a64d8da4e87f5b3f44ab42940aab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa445a46f8,0x7ffa445a4708,0x7ffa445a4718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16427186533572819345,14461563963955787264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d8aa33022b8bec0bf48b65ac81838c00

SHA1
46772024ae1176fb18437159f4cc4ee7f28a806c

SHA256
d96b3b6335c16dd889a8c0c080c41cc41b58a63f363d5046f5700a50367caeb5

SHA512
7893844b96fdf672e5d234603568108dc65caed0e95b5b4e8c099c0b2ce103ff08671f15e80b32b07d6871b8930dc17568e857d1ca4566f92e5dd2221270666e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c56d62149d4a2d8e5be351c6c08aa5cb

SHA1
cb4327381dcf8ea84a932fbe6388d81ee7ab0684

SHA256
5c3ca48be25e88885a8d7c21bc1e026b9d737bd74cd4dd7cbc3ffe9770ab9695

SHA512
23c25e366fd4ed7f1ca0cba47c3d49bc18523339757d68ba7f49789aa191fd988e684d385457d11487bffc1b8f35752279fe4b20056e5b51447e02c13bff2839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f7d22a2cc1dd5d96a25cb091a6da4590

SHA1
b546c1e47f741b6a9ef4a143b9d2b65ad4f98eb7

SHA256
b882a1db96e1c4553b11335d8042c563f8c4cb1ad6765e31fbc28bf6d1ad7be7

SHA512
3caf0303be0b2c839b477d10efca005679aefc1114b202e66aff374c9bfc35d26a7c0d63e8993ebd2354139ab8a6636c44f4c2c4cdb8e726c7291b0a5a0819e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
521f3c5568c65b8a2c65a1321653d9fc

SHA1
faad910f8a12e1e6ae96eac807eef7e7955c053b

SHA256
d59b97e501e557d1fe620dd2172ade96daf298b59fd18789c6bd057b37fc4ed8

SHA512
c4dd3a8e22cfafe4f4bce491438faaea8d438daf21a86acf954639897716cf4b201c580ede167874e8cd29e2aadcc8b3b043bb7765f5ab28498b835c5e3b6b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fdfff6106d181c2aed143485c5e3a3d5

SHA1
4fe24cbf2f2c5bd6561c7c973d0f941292b9c87d

SHA256
0a0f76a3e19135e260eab6c543b5d58b99122472b2f7c2ede49099a15d7c708f

SHA512
6b7b7230cb210cf423de5359c697c169f598c241af0c636f3d0d67f86acdb253c57e90805871f4d26a9006dff4922286e1a271c62231cb77ce4e2506d147b31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da32c3b1-82b3-4da0-a8db-a28dfe40facd.tmp

Filesize
5KB

MD5
7ffeb187b5f464932eb9910b99c6260a

SHA1
3ed0b61d5e1932e1b5e6eff4d7a95c77769f88bc

SHA256
633d3f68370ff993ef7b3c358e50204a8ce85e872bc81cd35885bf2f343d0215

SHA512
d94ca52c3e8370a93bb1725494d33174975bc69d702d4bf6f972df65f3a0eaa7483ea5b0ccafeded360e50eaafc0bdb57fcbad6e3abbfe64ee92546eed68e8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f76b8e27eae5a1a08993713e3ad3a091

SHA1
d5820ad653b4cd1736d49ae9cd2a434224e2e134

SHA256
c55a7a41608864ac68b8981bc5db269091e2fc7859074ccf9cf862b73bc630e3

SHA512
8b28264e359b2abcb5fe928eeb0ebb94e3b4d61523ff611dc40c31e53226b66bd120ce5412f668689db73a61527a0b0cd2d1e129d67854984f6c83ed59728f4a

Download Submit