1a605f326d2ac5863383b501f49d9e96bbd2bc6db095ea12a11579c13b30372a

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcd1b760e72e312cf4e0dd14b5613bdd_JaffaCakes118.html
Size

107KB
MD5

fcd1b760e72e312cf4e0dd14b5613bdd
SHA1

cc6e5340b886592a8ddf96add6ee3ddcf3c707ed
SHA256

1a605f326d2ac5863383b501f49d9e96bbd2bc6db095ea12a11579c13b30372a
SHA512

11bd37442fea89d9bea13ede044ebbf070fd109c3ea39dc31992d296cd6e240690630d2ace3eda5a042185f2efd2aff78e2080ea1eed94bfd5990de1487d1cce
SSDEEP

3072:c+A5cKW3ZcGHHQ5l0v1Xya9qEiW0Gv0eYrT/i9bdivCOdZkhm7eXd3+qc/kZnX+0:pKW3ZcGYUpya9/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
3228	msedge.exe
3228	msedge.exe
224	identity_helper.exe
224	identity_helper.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3228 wrote to memory of 5016	3228	msedge.exe	83
PID 3228 wrote to memory of 5016	3228	msedge.exe	83
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 2212	3228	msedge.exe	84
PID 3228 wrote to memory of 4140	3228	msedge.exe	85
PID 3228 wrote to memory of 4140	3228	msedge.exe	85
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86
PID 3228 wrote to memory of 3684	3228	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fcd1b760e72e312cf4e0dd14b5613bdd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15286251091577076075,4822869726792548692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3ad76d5d49adc0e694d2a7f85dd8c047

SHA1
c5136f6648d0523901aec4f78dc2502da716a15c

SHA256
54780c7d63022fb5818b0b0272e0a6f28933dda0b94aa99759d7a96a33c63a87

SHA512
57b586641dfb2ab00845f181474260cae84eebb8308c9ead493e4201212137d451a8698eba3625e85b7bda33b34d644322d51438a32b1fdc9b863079c72d14e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
965B

MD5
aeec2de55a033e1d51fe51651093241a

SHA1
2f8f7c87b2fc6b98ccc05ad3324341134fa021cb

SHA256
7f1be9b312a47582bad845a0e6d96a99fe52dcc774eeef51f59ac3a395af397d

SHA512
88c45fcdc6acc06c97a23fbce2c8ea9390316d089ae382dfd833516e7edb415ecdf0ab0dd8b8a25818a91955bd841b9aa40915c521d2f1c9de1594dcd466c714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
414e0d5b9b0d778ca349ffe6fb96b19f

SHA1
d46a12462c8da06079dd3f777c290e89748b5140

SHA256
f2fd27986962de0fc39992920c336d84b948b079e43a652862b7d535acdfe2a8

SHA512
a32f9a478dbf56f1769cc9236d79a887fb960e6e845e51e5f0bc8ef229efebcbbef330e09ae6e162f6efb6665bfe284de465e7a3a56ba6671d5dfda03a889d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77454f56205d3b7826131bef647d98c0

SHA1
d58409d34dacf19fe927fa61103af4a2c180fa71

SHA256
f636cbc654aa13ab8455eab69d235b0ff0a64db27bfe3193ce30f772e2745a79

SHA512
75063e000d77192d3b4c4cc29f626e4ae2cfa7072092d19e52628ac0beba8be2ee8f4ece188fdbb0a085ce6b18aafca0b634d91085c523d246c4eae0ca4af973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d305b9299848a6fb158371d325a4914

SHA1
57465884a1155be1f38aa0367ec80de9c0e92564

SHA256
de67f200946152466fd11b4b130e1140ae5b0999bd7219f4b09d3b5461803bd2

SHA512
d747a69e76e93ca44c61fd87618389b7de9759d71c834d2b7d7caa87dd6c3da04fe186e6d9ce8bf0a5f544b600c2fe2d5908db5777520aa890fb643a7301d7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
9c3a468d8745298a3b37820994498dba

SHA1
f10c8009fcb6bc5843611b429b17102d4ee7a373

SHA256
ed6e454dcb578529ea5d37df92d425cbc91e8580946ef1835b6ace8bc299107a

SHA512
99f99b557ae7ba7570e2100ab0514bb1e21b913eefc880a759cb288ee9aeb4c82b6ae6c8c28f04e0fafbda15051e853330762d38e1e6b9e07041ca30ab449a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e450.TMP

Filesize
371B

MD5
580b480e9503d5449bc1a4df47e064b7

SHA1
80d29b9738d50e60b90ef1b6a92fda3e9194889b

SHA256
5bb4834c559f6ee33b8579a162320f45261f6524a78856411b4c06685062d84d

SHA512
e97416955f3207602f8f844cd29cb8783b32ac2054130cd56e47bf3730576a137201b98c280588122f79258da3e21de963ea5585ee1127f377ef1c39437181bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
718b3bdb4cb2d8d242a837602a1512ca

SHA1
10c36bdc74bf251d0777da4c1d941cb8f36484ed

SHA256
6461ab33b19d9b9d6309d945fcde814002bd3ce9b5571c4dbdddfafa64755f2c

SHA512
9168c0e5bd4bf9b75bd71b29217cdfaf000fd73936f0ca21a2372123778e19f95b2d087800885f4f71c8dbe7a68ba27eac087717de047483857340444f6d610e

Download Submit