fabd9a074377bd7ac54fc8bf5bcdadc1629dcc690b4fe85768afd68038f107db

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 01:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ea5fcdf3a5dd814e6d2232927fb2a8c2_JaffaCakes118.html
Size

41KB
MD5

ea5fcdf3a5dd814e6d2232927fb2a8c2
SHA1

21f17dc3407e8b6a0188ecd663110c130bfe2519
SHA256

fabd9a074377bd7ac54fc8bf5bcdadc1629dcc690b4fe85768afd68038f107db
SHA512

d6b2684b9f57f8ae0539b49aa257ec827c010a4fc0f74f8b59c06bba8eae5474832aa86c3cd6825d8a5cc75c7d86df8871e9746623924f1ef668b92fb23c570a
SSDEEP

768:+f1IGAYjInZn02szpW7M7uLZu9RAIYxLIFkCwLDu2:+tIGAYjIZn0zzpW7s0u9RP4sFkCwLDu2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
2376	msedge.exe
2376	msedge.exe
3384	identity_helper.exe
3384	identity_helper.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4388	2376	msedge.exe	82
PID 2376 wrote to memory of 4388	2376	msedge.exe	82
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 4700	2376	msedge.exe	83
PID 2376 wrote to memory of 1848	2376	msedge.exe	84
PID 2376 wrote to memory of 1848	2376	msedge.exe	84
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85
PID 2376 wrote to memory of 3152	2376	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea5fcdf3a5dd814e6d2232927fb2a8c2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ffcd95346f8,0x7ffcd9534708,0x7ffcd9534718
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9697310286571968219,17084175011886198441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3be8747d-7ba3-4dd3-a479-c4909911d88d.tmp

Filesize
371B

MD5
33afd102eb304450f2bb052084a4c1a9

SHA1
5eac5c0dfcb253d48b5ff5ea8f4f363ceb7ca100

SHA256
40711a722d16c00d42b34983125d312dfd883ca008470f0b366660b83fb8be80

SHA512
71b2b05faf6b192a731248184d815f983dd145a90dc92f63700c20b885404ecfa1a72d4211d05c8f32888cf727ba264c9a8b0415dafba00f1b9d59d68b698725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\437461ec-5587-4ee7-b766-13ff0b94675d.tmp

Filesize
204B

MD5
6a065375d8d11b27d9538c12bd102295

SHA1
5290f2b8c47d11c8c116b413d2f70a1a566ff42a

SHA256
4055fb904e0bbdd81bd7c0f31b4ea29342aa4a8699f4f8b82aaad9baceb8703e

SHA512
88ae26bc3366c1ea67de97c2f5b4d43baba28add87a80c83588169f326492329c48ccc3df410809622cfd33f31aef1ff7e18bca72ad0589b868d235ab1be479c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
506B

MD5
2ccf67fb2b2807046aede621060eaf3b

SHA1
729a81734e0f95dde99a6e34774307aa2e48af35

SHA256
a5ea4db8e46ef5a827505ff9d0dd1262b19dea3c18bed130263b6ad9b90f9650

SHA512
d1a49d7e79ba60437b750927ddc9ae818637e7c13c54d50394184f640c5b5c6269ba3a760237fe136a351ca127dacf01a2b888ee60311564ba9fcc05af7bb2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
172B

MD5
6a7410a06b5236a8bd0354f57f17da43

SHA1
8f81dbffcb912e486a939320a995d36f6d71b303

SHA256
3de84d8b9f283a3bc6527730625ef1c8c3ff22fe3e11b36c174999deeee52372

SHA512
23a164904e61725a717d43b18379ef509eebd3ad87b2d99f765bacdea399762c50833497a9d23abc0f065f43b2188d75f5824f09f8b30cb096f5d7d654f7d818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df53e216fec926b5849588d32314554c

SHA1
a41394e833fef4111945db9cbfe2202eb0d54e70

SHA256
02ed07099884d739eb2fb927d6fc21e1c513036f3fd04b8eb9388f920f07d6d9

SHA512
e2bf9c562eff81701008e780d275f47fef918594e2a114a8961aae2190d2e947cce3996f92bbeb079f8929b43393505ee697f5d79332dc223f2f98a1ba632309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7ce13589b908f1f08cac471d0a67e35

SHA1
0eb2ed0d72d7e7b8b8892c59383d2ef34b7960cf

SHA256
0cb8d75572e42cc10ecdd291a5c3a24022d628f832684fe363702fa3aba4ee60

SHA512
cdced5b2070b77ac246d806a727304bff48689db2109b154f966a7cb6862fcc60aafe63cd85eaf014e10084f5bf43fdbd8308cd52bf6719d5a733a7907e208b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28002cba7891f53257289e10c60916a5

SHA1
695b2a5bd77d9bffabda97e6d14ff08aadf32094

SHA256
886ea6833f3a156263bb958e8b38a4fab639d04a5655241e2e386e4fa4250350

SHA512
bb168fd10fbbbc48279cacb384651190e9a9902fa65c5cc0790484d9acc9ae598205b2549fafbcc010c6ffb9d751fd38c4ca74e06971814a52d43cc75690dc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55da755e05e6c9947b3551afc5d2c596

SHA1
750dc63ae2bdf3ad4686edbd8497c484bcaade02

SHA256
8a4ad119974a3b5f1078ec82968e283c7f72559ee4bd6251d3f59cf87e9327e8

SHA512
188b644ef244c904258a719051f9de378b35e16407983e863b67fe48c88080bf1e6114b18ec6804cbb4761c7071008112e38383dee7831d9426e715c29a9b00c

Download Submit