8c2fd035bf6bd4c34c21062b9271d760dc8d6bc99c581ccf4ec21ddb67eb8419

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de0d5bef3dd8fbf4829d1584173eb26a_JaffaCakes118.html
Size

137KB
MD5

de0d5bef3dd8fbf4829d1584173eb26a
SHA1

9865bcdcde59da1625327c475ae04fefcccfee14
SHA256

8c2fd035bf6bd4c34c21062b9271d760dc8d6bc99c581ccf4ec21ddb67eb8419
SHA512

d796aaffe16ece0dd1de9ea62c29c8ede8e23b6e13ee414538b4fe67f73e6ece3050552037718de744ee6bca309a1992cff660ac7a077e3d905f297dc02956c9
SSDEEP

1536:D5N2TctXG1L4rBgfdgQ8KJGMwtk151UtP7WMl9zJOEVT/Y846F07Ghgi0A:D5N2TKGKQGQ8KJ5wtk1wteMLL5F

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
2284	msedge.exe
2284	msedge.exe
5032	identity_helper.exe
5032	identity_helper.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 4760	2284	msedge.exe	83
PID 2284 wrote to memory of 4760	2284	msedge.exe	83
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 1352	2284	msedge.exe	84
PID 2284 wrote to memory of 4940	2284	msedge.exe	85
PID 2284 wrote to memory of 4940	2284	msedge.exe	85
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86
PID 2284 wrote to memory of 1264	2284	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de0d5bef3dd8fbf4829d1584173eb26a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee4718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
421B

MD5
b03ebadf451552426e48dec56e5d1b2b

SHA1
453d0f9778f11138b21df4ff9870fe56cc7006c9

SHA256
55c9059e0d6af0924f85111f92a4533421f61ed52cf41d4ee36911530d2bf8f3

SHA512
acfd6926362af4d8f334cc3305e4246ba6604976d60e2e0caa08b62d383a175283349b7b570aaacc9368bad33069fafb57c3df77abde834533bf0aecd93519fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f625f0ef42cbb50ea0125441d1e9537a

SHA1
771d846849c4d55d6070c944cd7e12e2f6657a58

SHA256
0c55aae32079de9f5e589319421014b753c0f8572ba63747d432ac8ed6892a51

SHA512
52de3a5a829f45365cbf63860a96f7ae82b3cfbf394beaa4f4a485845373e4be2a18fb9d8a76197e6024e646f1d11f349c580543891fc0f9f658c7f254576ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
caae7cf1746be950e265231c320e56b4

SHA1
2d8ca8129a8da9b89525fe79a3e75cdd6e02ee10

SHA256
3e3e83a93fe570ad05e2f7bc09efed1e606170ba02ca5f8ab887a62a93b901c6

SHA512
2df43546ab5f82a1d6d8e340aa327b2a325d0327de4c0cab1f86c6204f52b7cb3ee2da95dba664b18a4d91d89237c8402cb6808364962991a767761bc756c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0e1a3f10a79a76996f1041c5f195da8

SHA1
d93cce0ccb596c7ffce62520d28a193a11068991

SHA256
6ee5a6ab34488a846284e68aa6773d2d5e177ee51062db3063529bb1b5e5cdf1

SHA512
561aa842833190faac1a140f89b66ebd0f134b31341931e3b3c42b69a8492508758495efb2c2105d1d563ecf7a52d5df8e80651346a422b52f842b08bcd91321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
9648bc0632879e819234a04ecbc17aa3

SHA1
ad4a699cc30a8ddaf01ab93058b2f4aaaf9f20eb

SHA256
e94e5f23af07ae6b3925d2ff25b56ddfa40ee4e5d143f0cbe632cb5f54875e00

SHA512
47163f70938187d2e2998b0c430b8e6019bbb2a47071147d331b1ee67d3d81856292ec79d73b5b578159b5226ac4025825c23842ec827667838bc8b22ffaacdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e05.TMP

Filesize
204B

MD5
4c31ef7f5b421ff53f8243cc03a816ee

SHA1
c04c3917fb1b7b500999a7ff89578f55ff25b4e5

SHA256
074361fa631603ec9e1b871a8299c16877e55c816eaa2d8a55685c66148e4477

SHA512
469556f4a19b19bea7f579bb018866448f8cde51f4931d066ee13fecac60de45cc7831535608d21c4726d7067ddb8dc7d489a7d0b2b72a0f11cd8711da7e47af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35c15472818ac0dda662b2864b01c3ab

SHA1
0ef3e5e75ecd6f85f884c48ea6d498dcae9abbd4

SHA256
8599a4e7f1800b4775386da665f3d5de55ee4b101ae6975ff756d9ac781dd1de

SHA512
3fe687e6e9653c2ce1077d5fd90a8f3e66408e808abf82c7422ac0a779534183377b4165af6946ef4a05fff3e86bde1cfea31b73fe7e1f9c564c7bc63d498e58

Download Submit