af6b293de8d8db7c2a0ad5add171ec947d2c981b48e117715c0c1cbe48c4c23b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 06:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

783ffadf2b5ad43d318538e56ab7307c_JaffaCakes118.html
Size

440KB
MD5

783ffadf2b5ad43d318538e56ab7307c
SHA1

3bb23137c4d41ff6ef4b0ca61ac5f604b22fada4
SHA256

af6b293de8d8db7c2a0ad5add171ec947d2c981b48e117715c0c1cbe48c4c23b
SHA512

638d6707169944d73388e59b73025f71965e94e54824b8dd13695636b47e8c0bce93871bccbebf59a0f5a5708cebae44922daab7123cac772b339e07c6cbe608
SSDEEP

6144:igiH9agAgfNc0+/knzOSNiPKDBbK0CiFvYrvD/ncdkE6P4XUlNk1nemZjX:iginfZCiFvYLLc76P300mZjX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
444	msedge.exe
444	msedge.exe
3652	identity_helper.exe
3652	identity_helper.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 1220	444	msedge.exe	82
PID 444 wrote to memory of 1220	444	msedge.exe	82
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 1948	444	msedge.exe	83
PID 444 wrote to memory of 4828	444	msedge.exe	84
PID 444 wrote to memory of 4828	444	msedge.exe	84
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85
PID 444 wrote to memory of 544	444	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\783ffadf2b5ad43d318538e56ab7307c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd0746f8,0x7ff8fd074708,0x7ff8fd074718
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18264572392286560065,14874983197906413791,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\27544533-2933-488f-a302-37e187f32938.tmp

Filesize
2KB

MD5
ee52d806d87d4d8727d0332637a45e10

SHA1
9e7c876b372efa50af6191fa7ec6d51f4db2a6ed

SHA256
f7f487df01702c27bcedc6bb3f867638309cdc900a1dd6748107b9a5966363ee

SHA512
5677d18b5bd67d0ce8e1a5f7757f1b12920d05979e78bce79452c64220abe8d9d51abbc93d93401f37a60e49b6071468a4b8c4073b93dc5c6c12198a444e15c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1ab5b67c8da5575cd81e63db35d2405a

SHA1
babb88b6474eaa8dc2aa73e1341cef21646ffd0f

SHA256
c8beafabb61364d7aa7379061e82443bcaf054a7eca5c50bfcedb7225bf69ed5

SHA512
e989df7b4de8efce886867f5d92c565bb20165f22de51bb9fd59a81b5ac71a3b6f7c9b3c0a5d53b8172d4b0f3765db3ed87b50b56321b702fe00eee97b11844f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ff27b7f42c7a041b15d3e313c753691

SHA1
9b6e87c8f9bd6949f9fd63435c7bc9398421f59b

SHA256
c7a854a026443ffa3ef52076fac9c5ca825bf215083ac61581e134f17b00c4c8

SHA512
b88ade2359a172b84036ac5f5dce332d48948bcf9ed141ff1e5859eb38eb05289a9229183829ba9801068b9fde60bea1c045c0996184a597f1e16e5088597d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31e0d2df2b61b3d6ed48cb4359831208

SHA1
4c58e7f67e7ed137a99141d31fb2e1da9704fa95

SHA256
488f6d24852772b0a1262a4d6885b620c2b6e5f1aa16e18f6b3003a9ccbcacc9

SHA512
b36014ddc45c9558acb74b5f9528b5387d8a841fc2e77a6d6be8fff9959b78c564fecd747d165c8af810bd352c65e3a7e28c1e32e9e4f95ec09665e744d4740a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc3ae6b6aa5ff6a1d69c204f948f3943

SHA1
4b78d100d2a902b0648f62c1264bd4ecc1e639b2

SHA256
b0ec5083ef531641ecd299b8a22a2b59a0224e1db122ed477159d3a783695de1

SHA512
8f5d0801fdcf71c01da95086050cc953db35ae9c60eb707a43826972249aff60564de32615b878eaddfff7981add74c008b14ba07be3e21315e98746baf22164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55ff8c63a3af300703e831365bdfaa58

SHA1
d63a8cb677293fd7b1b0d4d09f5147a2ef7df030

SHA256
2da3d36f35b79911c85f61ef8a3dacb9eb7e77b533efe07059b430a460c1721b

SHA512
65af0d0370b637904a7cbd96e5522bb13a8bff889657cfbeed32985f630af94d09dc52fe1b88ab1b2e16fe7efe2118ea5c32dbf9364d8d8097f642b1a21e7d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7421da4b00c02fc021b11a3579c6baa9

SHA1
aef961c0e37a4e0148abda0766b6367f40efd1d5

SHA256
029e06bb807be541ef4d094c1b84008e076e68d2b6910e8ffde8c68a811f5174

SHA512
97edc43e1d288207a7eedfe10946e775aafc14c4762a885a4b2097131cab258b0b2f13a61ea8658c683c811fa3d5bb16300e5b549f25f5c9161848ae77659702

Download Submit