4108d69ff0775a9a35cca65024ca138b8a337a32c7526a7f4e5c9c4bcd04d62a

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fb1990ac06ae9cea7f933114dd3b3aa_JaffaCakes118.html
Size

82KB
MD5

5fb1990ac06ae9cea7f933114dd3b3aa
SHA1

e946847b5d4c12cb7195f56b149a101e4110dd13
SHA256

4108d69ff0775a9a35cca65024ca138b8a337a32c7526a7f4e5c9c4bcd04d62a
SHA512

390c5ff365a359554691246cc6c68d5db1f5906ed9bb1912e3df7d4bfa249caebb46447a5b533e970b6428d69e76149808f70c76583cc5cad9f9cdfa2803f09d
SSDEEP

1536:3WVOZOUYf43XhNSOYgEQHKw20lDgvz/jIeILOrao+Y+uVP5vZ0NEZ:fOUI43xN5EQHKwKvz/jIeILOraoZ+uvf

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
41	sites.google.com
51	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
4520	msedge.exe
4520	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 1156	4520	msedge.exe	84
PID 4520 wrote to memory of 1156	4520	msedge.exe	84
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 4808	4520	msedge.exe	85
PID 4520 wrote to memory of 512	4520	msedge.exe	86
PID 4520 wrote to memory of 512	4520	msedge.exe	86
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87
PID 4520 wrote to memory of 60	4520	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5fb1990ac06ae9cea7f933114dd3b3aa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb094046f8,0x7ffb09404708,0x7ffb09404718
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3399538521672273513,15018646921348170892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
05da0ba82e7797f5544acefcb87bf1b2

SHA1
42872e7c218983b293da9b8330c621cdbe1a6267

SHA256
12a685f5bde1a018f98b700782377d1640f7a1ce6a7f5da3900911ec382c787d

SHA512
7cb503efc6ce9b3c0aef5a3542c4a95e7d3bc16cdaec394905ebb8c79ca05c4b7317e668201a1db2b7ebee5d79d57ee28c5e1e3159c3b744f3309b19b84b6a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
fe3e59dff585c0bee97f44c0ea3be422

SHA1
cb85335cccaea8ce3d5be87e99a56335825eca4c

SHA256
8394048489c27cc06611135e7563583c376cdb48f1d8ae1d9e9dab4846171a8c

SHA512
e456e988a705d3b791512f12fd4b056ea6bd37392a8a5e967e4938b4312111b1e27d99dbf7413685e35d136bbbcbb432a0b142e2758081af9c503901e7513507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c25ae153ef5bad84bdd29025af5c0104

SHA1
2bb99c1277e76340fc1253be1911e2c8be5cfe24

SHA256
1610de8b2126c755c910dc906f57aacff9ff439d18ba11644e8e0063869d98b6

SHA512
8a6aaaa39d22d601f14780e32a90e3b6e5f356b7e4bbe51f76e47ffe4fa1794ff25182d9211580c7edca170068a73e2832ea1b82a3d156c8467eecfe7b8310f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f546322db38a604ee8634cdff7924778

SHA1
a365ea043449718883f7a2f2969de35b5aba9008

SHA256
f9b0ff7c6ef4dc0939ca280dac66abdb2ef20549e6d5f2a514b3ed06e2f623f2

SHA512
8bd9d2ae78d4d63683a4cc3f8f1bd0451c0b8fc2d6ee68fff2abfb28a1f2218ae6dcccc78380770d40687ec02073034ac4d930bb510f1ee65644cecb283c46ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c92a51009e9044b8d79c189309dec6c3

SHA1
d0187303963a29311234d346188ef765a0e3827a

SHA256
3b03641e7b03c9867ba7c6c045907c77f32fbec09c0923b83804d520d6913c31

SHA512
278e8a58ea79ac1873d40150ba2093d73c82691a6e85d839288fc6783c0f0287219365e5be98c25c935a7383a4f207f91a42a530211d8e245d593fc37ac5124c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4b1b8fa33004f7a7e471a5576dfed30

SHA1
235efe2380ec2758770c2d081e84c474d56c0b59

SHA256
442cd677e51796a4ffbc441ed37e15522aa119e74c221e33cd07dcf934caec72

SHA512
2ffe9ea0834d5e8f72c0f686d9e912f57188b738cfee37a8514d08ab240db6c1d9fecc49eab28d2df16d48a9dc6989039d221159c5a10d23a577ac39abb6ca9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
00deb8a5edc778c397d45342d2ef7fa3

SHA1
68ddfd30394b84f1937f3378c0c71740ce9c4e49

SHA256
58ad65893c942abb978734611f1f8a7c8dd9e8760b24a888ad61af084a2d3023

SHA512
5942a19edecbb3a518fc5e4adf3bd695c029f54ff552919ddcea15759749f0b6600ed7cfcb11db3a7026114683291ebeb301c0ee69e64eec5a30a9c3db62c741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
1f3d2fc08b9a4976ec172f0e51ad8760

SHA1
2dd74e9b60e2956aa22f015f6106c1c48f42e43a

SHA256
fc8c6de25708520d41f5b8b110878743dd9fb0abd589d7c5a637b67b3662099e

SHA512
37639674f56e5b3022f9d2280afde81eb7e241884811fa07c68cca005a38ac5394e0db0a0bd2ae52e5ad3814b21a4f1069e003681e9e3f917dde282b98b64951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583469.TMP

Filesize
370B

MD5
6f4b7c9c641436f92f900f69de499123

SHA1
0b45bddb83c753591f7ccd524975019ab9f5c241

SHA256
948effe6b4f7e4dc073d5af361da36b7f6dbed61047c928c6d2e35add34b4f49

SHA512
904cce7061344288506e953f678a941cea56fc542aaed34f7b65a6e392b8411e89a3df01dc55db2c63953281e22eba384d00232ba61f58f6efe928f26f0679f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f330b9980057eddb4c42f753ecd18cba

SHA1
818dc65e064ee2319a6c3b470dcbe62e8f3d1824

SHA256
8c57299b2f92bcc3a43a4bd2432ec905747e7ae3fd27502d8224167d79085adc

SHA512
b930e28a48c3615362873ec3375150f5b82960905f80a4e8a6b0683c7f4f80d0ff573faf1324ebfed7c4e676e8a0329c9f5c9788e8225d6de72e8e9a44ff851d

Download Submit