ba9d445983858256c06ee03143e608be4d0a6434a0be8b974f8d86ee7183eb73

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b78e7698c7baa08fa94be027a6397a2d_JaffaCakes118.html
Size

269KB
MD5

b78e7698c7baa08fa94be027a6397a2d
SHA1

4baf135564eb5d1ad0c68cc94793cba84dad0c0a
SHA256

ba9d445983858256c06ee03143e608be4d0a6434a0be8b974f8d86ee7183eb73
SHA512

d8a94b9974179958ffb04b458bc94dfb2992c5efdde8c57a99ded509fc0f5a04e52c2b614d825641afbebdbb2b77f8c4c6fcb3df07d45abeb23aaead1f490d2d
SSDEEP

3072:Hctu+rXiMBl4mskwTLMCjG6C7/XdF6Z2npsVQkykZeZ3E:uQmsP/MJ6CbCZ2npsVQkykZ0E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
4180	msedge.exe
4180	msedge.exe
4644	identity_helper.exe
4644	identity_helper.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 812	4180	msedge.exe	82
PID 4180 wrote to memory of 812	4180	msedge.exe	82
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1080	4180	msedge.exe	83
PID 4180 wrote to memory of 1440	4180	msedge.exe	84
PID 4180 wrote to memory of 1440	4180	msedge.exe	84
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85
PID 4180 wrote to memory of 4332	4180	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b78e7698c7baa08fa94be027a6397a2d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18221192493911033154,13758624493148298180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
70253e36c7232026cb2b914308724431

SHA1
7afc0b8e78c0090ec4527e1b44c1a641ee45b5e4

SHA256
0421e0c16d77bcf722bf38627a56aa71c68a9c6599dc7517061a886d7c8a305d

SHA512
06cf4f3bf51d2e969fdd200f7ff469eb693ab71b932b97a42a69bf8f46600c13c0a08b52d0b53311e72a7595aab8f950e5469b7281fdb364d4b7c229ba523459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
819B

MD5
c99cff0f90dac8be554290471ccb0070

SHA1
78eadb3a6ac984cb1792688253421d09e1fe9b1c

SHA256
fa4a23c9019a3a77cd3fecdeb32946ffc0afc2f1d1bada02d45488b9d6f5d9f3

SHA512
8aaaa5c862f7829328848a4541140bb3bf9f38ec4cce7d811fb9ab66632126f706c565c0b6e421f90b89aae3ef0b216d3ae6cdb3f38db8dab1e8967248a135ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d252e6e3d784d967160725ad47b60cea

SHA1
07585cf98f2ff7ddb1b77ef345b222fe61c9585f

SHA256
22b33316174944c060d20fc7e4c15ed90cca3c53827553ebaeb025e3a865ea2b

SHA512
a63f65c9dc8e5a00fcb65181ead9d78f1a09ce3266a0b9130be29c389293b9d589bc1bc07cd04c3c7d6f695c68b2ce515122f3df2b4ca153eba6ba8346480070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fc204d21e5c848bf3714adeb2520839

SHA1
b45de2163edb8eea967a1200a8f799dd8ecbe365

SHA256
8b365f9f13575cf3cc9a4c539149b57b3537863d3767826f234efe840a0b3a90

SHA512
b0061fe30802861ea1fa376f735609ceffdf2e8d66378e3ab110bf988cb2aea316d2866b2bbf21d9e56166e56f7d032d2208768d74709ad5210bb30f8a4b7d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
3a954890a9597cddd2ad9f377508b116

SHA1
fc0e3f674d6fac4bf44347a253ec425b648be132

SHA256
c01f1831f58d6ceeac098621695ad42895f425beea65b8d4fe1aa613927b7b2e

SHA512
7fe425d6e341fbe1f0dd7cafc66abc33c740157e48eadbb33a64670774f64e492e7c2c8d919d65c83f5b9a1d0639da1290201884915c14f09083b81374109a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bdec.TMP

Filesize
372B

MD5
09bd17519cf62929f9c4ed5e82c89180

SHA1
0bfbdf424a3278fdd73d77701a602fcfcc24e2fb

SHA256
02befde9e01035d660d0f345cfef2b1000a95e4087912cc1b4520547a0ea2161

SHA512
0ceb875e50d5a76e8edc3ce0db9797f89d0fd58ef469d79f16b5b316ecb4f6b857ddb0ebf9539f1fcb90ddd96f02a818f4968694f026304659527018a885d92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d3a241a4-4246-4901-846d-eedd87df28c9.tmp

Filesize
11KB

MD5
c0850ccf1d38947fb58cbb2957fa099d

SHA1
f873d0377590a89311db36bd480144961eff83e7

SHA256
cca5b02c5492cc6415e8ac21a63aaf816c4eeb010289c9da0ab3c83e71d9fb3e

SHA512
262412037b701bd9f7a27477363bee8069521dfd73b5d262e7bd4a719eaf021aee7d65a11156395091d93e22112237cbdab5f1df061ba60ad9a11b645dbed94f

Download Submit