584eefdbea96a0777d723f505fbc9ba9479f3481577d18ada4266561ec8be349

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6ccfd6ac53e015220e4a79e81e90360_JaffaCakes118.html
Size

175KB
MD5

f6ccfd6ac53e015220e4a79e81e90360
SHA1

438deda9fea48fbe1da132973d5bd10ae62d5cdd
SHA256

584eefdbea96a0777d723f505fbc9ba9479f3481577d18ada4266561ec8be349
SHA512

6e7c4ec3d29d62264f8e106b3b5afdb83e7f96f8728d27ccf4881b65ced48d5661cf14527ce741ea15958c8efba7ed538b176c88823590c42209e63820343039
SSDEEP

1536:Sqt58hd8Wu8pI8Cd8hd8dQg0H//3oS3yGNkFoYfBCJisx+aeTH+WK/Lf1/hmnVSV:SOoT3y/FNBCJiBm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
872	msedge.exe
872	msedge.exe
1292	identity_helper.exe
1292	identity_helper.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 2708	872	msedge.exe	82
PID 872 wrote to memory of 2708	872	msedge.exe	82
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 1224	872	msedge.exe	83
PID 872 wrote to memory of 5016	872	msedge.exe	84
PID 872 wrote to memory of 5016	872	msedge.exe	84
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85
PID 872 wrote to memory of 884	872	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f6ccfd6ac53e015220e4a79e81e90360_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9723d46f8,0x7ff9723d4708,0x7ff9723d4718
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13222830049491436161,4254325927681548118,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
20f0d63f6ec52bf6f75b84cb63f2116e

SHA1
4ad33577601b268795b356149c9f1dfba0fd2725

SHA256
38435c1541aa7a193210cf1988498809675ea6a9447332ebbd741b2e84410795

SHA512
ee5e733d9526ebcc4125706127ecc93478f62062c3234dc72a8ddc03e317578039e8f3fb939ef353b8796126bac463b177791bd901638d57b573499fbe919210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ed4234e5fd1076ed0e74f1cdbd6182de

SHA1
01002893cb20554aecea1711864905a71111194f

SHA256
c8be0d7a5554b8aa189bf8af926e3000a16f07d54ba76811d9b2bfed8da19490

SHA512
4dd884afe61937fc16b99bd2e905cfec6a7d486d1b0954a6ecff17b5d6352bc197392322db93f6f42cfff2ed2ffa2f2f0245258ac4971e4202c337401e24289c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7af24a56c5a091bec46be32ac7891f6e

SHA1
f20c77940d9e39ad889239b5f7e7816b17e6c85e

SHA256
6c604154daa186dbc20456ba9387dd308ecf2467eb9c9167050d7fdf62946e3c

SHA512
c4549f4efbaf8447b5d752d5d22f934536740571f0b14be2de8729db1117e7b3d5619337e936b670980f8d1cbc9ccb3c3979e76a837104fc8a1c93b1a26679ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a7a752376fc7c925232aedf638e527a

SHA1
8c7aa1b90314ee1053ee59c13f0bbf690856f1fc

SHA256
7504d8ff2854d0dcd1383e91200ed4388fe8b67807832d68eac219e034c487c1

SHA512
76db987b772d5f5ed5e3942b35c5543e2d84df9cb8aa94696ad12a12d26d2d321295a0f5b43df14e33951e11737a8a3d92fbda9a52634bdd5107ace890ff8036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e111fb8582fbf7674049951de27c3634

SHA1
6b11c2960fa5522bee41cc5c6daadd3e60f84e77

SHA256
17660fef65c552ced8251c4b5bbcfc12b8900595e71006ee1ac3c4b5b5d69c08

SHA512
2d014905c096e9c740a366170250e4aea617cad175e1ef41ee9131409c009bb61adec7739c69e7c9d4b119051d2d69d7fa4c6475c516d5d16127f045d07992d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1536c833f4269a63b0b2af576ac4e91e

SHA1
ecdb203ebb602dc2deda006b87bb977a6989acea

SHA256
35a50ceb94ecf3bbfb959f792a1e61b59118b3092934dacb0904011e9ace7b6b

SHA512
14b3a7eddf0180c49a0e3c1bfcb9bdde74987ab6eed341cad6a2cefa11c390d88a4a1d94d326a0271aea54ed123e5c4ab7e1574d108859ef89fd6822e228de8d

Download Submit