96f2595327e625bf1f0c85b3331fb5000584fedf730aa2d03ae8f3348d58e8c1

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 23:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce2c4ebcc7a395c6862cb148963ec775_JaffaCakes118.html
Size

42KB
MD5

ce2c4ebcc7a395c6862cb148963ec775
SHA1

3f1716dd7d9eb680e8e0630f3e21f06786089e80
SHA256

96f2595327e625bf1f0c85b3331fb5000584fedf730aa2d03ae8f3348d58e8c1
SHA512

01f00000bcd99863488a329119c15c63c7dd49ff583aa9b182a13be2eb2fe6158af9dad55345fcb6f6938792e434f4a0063538b4ca6243c04c13ffd329fe9241
SSDEEP

768:XmT0EipBB6Nn45SXQCx+NpHGcCU3TmL13GNf:WTupBB6Nc+3wNpv5O1q

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
4068	msedge.exe
4068	msedge.exe
5072	identity_helper.exe
5072	identity_helper.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 516	4068	msedge.exe	83
PID 4068 wrote to memory of 516	4068	msedge.exe	83
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 4796	4068	msedge.exe	84
PID 4068 wrote to memory of 5108	4068	msedge.exe	85
PID 4068 wrote to memory of 5108	4068	msedge.exe	85
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86
PID 4068 wrote to memory of 668	4068	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce2c4ebcc7a395c6862cb148963ec775_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7444209966155642806,12826718441479827353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\899683ea-483b-48c6-bb61-6b2f83780aef.tmp

Filesize
10KB

MD5
eb366f9d2b93cfea90299ef9b85afcc9

SHA1
bb2121e9040383a5b044c582d00ce13b0d1667d9

SHA256
b90b84296509e8d5fa2f4f26bd0801b25b82ff091834b72ef6d13cd289af06fd

SHA512
2f910e12e588f5c5d2a1c4136e82f14bc146067e341c6e9d402e59ef4aa636f50e2bd83ad6b284481c902d69d568b6944c90197654c91f79f2917db619e83126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
99ca1a10542cd35259c416b434c61527

SHA1
c7624119065bdc3d70a8028e04a34667f228bf64

SHA256
52dd37c6290788907d7cb9998b611e538400ad215dbc1952dbc9ee964a9072cf

SHA512
0dc036ce6a6102799454a56a2f3ff084e90352667517a46688e4d82a976bd1f23f37ea77555cd93377dba438cd5399801811322bfb6aaac5fc0d6b7febe4fdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e0d5cd666546d52629aeded769a1c346

SHA1
b2211180968eeb410f2e02c70340459bfefcc847

SHA256
4f7baa1702a33d805c0d0d661c8a90e9601d173e52bee9f046b072a718adc284

SHA512
00cb3211f213e87737aa179005c5ed934ff7e777f611f90d45518da94476b41fa574e0de7c636413e6604235cb0182e170f634904f08af079c3e2887073e2a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7451146bdbdb7f05e1e38191b663194f

SHA1
b8582e9f657d16cbf72e7adeb7b717683cd4389a

SHA256
8d94b3b6aff6cf09e64eb79bcfde2fe37f6233d51ddab938fd933c1544184fbe

SHA512
cb5c4681c1b042c2c7fb532296e369f594dc8e3f3ae2fe5a03466a1a748d79aa144f96521a226ecf898ddf624df6fe547820a8e980c53d0050862fc044b7338a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bbf5f80c-d8eb-4d3a-9afc-b5e9d28e68ab.tmp

Filesize
5KB

MD5
a3b058b1d67e4db06de108f039260105

SHA1
9f5579a367b23e6bf34add4c27bdb38d4badaa3e

SHA256
d887915b65e76a8b28655127147733eb27aefcd495e6fe9ee4a9330860c70115

SHA512
9208736049102826ff709a88fd3835dfb8f061fbfb8bd38d441677b2e6347d76a8871f348ea79b41e3e33eeed7404afdc4773fd64cbb61f0c22d61dd50cb03df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit