e3f0611b42fc5b01263ded31ac95d76e31af2ace04171bd59435774c5aeda3d0

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40609b7995b8a68d5a27fdbaa974bd70_JaffaCakes118.html
Size

48KB
MD5

40609b7995b8a68d5a27fdbaa974bd70
SHA1

4de7155ae3dacc0f2bab9763fdb4a7039d0d2ee7
SHA256

e3f0611b42fc5b01263ded31ac95d76e31af2ace04171bd59435774c5aeda3d0
SHA512

56bf9d33277cba1f213ad46e8fc9416addee65cf6075ccc52be29b037236d8d176dca3a7dc4f0ed3d376c5241ebe88953f8bb742fdbbd43992313a488c92d474
SSDEEP

1536:nzvbDqGiUCuVeefALEeXe73eeeeeeeeeeeeeeeeeeeveeekeeeeeeeeeeeeeeeeV:nzvjPCdFXD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
1284	msedge.exe
1284	msedge.exe
4908	identity_helper.exe
4908	identity_helper.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 3332	1284	msedge.exe	83
PID 1284 wrote to memory of 3332	1284	msedge.exe	83
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 2136	1284	msedge.exe	84
PID 1284 wrote to memory of 4040	1284	msedge.exe	85
PID 1284 wrote to memory of 4040	1284	msedge.exe	85
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86
PID 1284 wrote to memory of 4996	1284	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40609b7995b8a68d5a27fdbaa974bd70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99b7b46f8,0x7ff99b7b4708,0x7ff99b7b4718
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12594497425991565260,6020726490988188703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
327B

MD5
9a97f469902c3292e86a8b79005eac4a

SHA1
cb30e86fb93265c7629d22bca947559c66715699

SHA256
0f6514dbd4938431d3f9358f8a3f211a78bc9dee54f9ca4616559c1a21515178

SHA512
a63ded15d86c2aab6e9154d25ae4414713179e48b2b2c6c247a4952c149639270ceeb31904a0d7b655cd6195cedb52fa35e1278dbdf3bda6d561980484b8428d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0980c190b0482160064935aa3b1f7df

SHA1
97ad57b90bd94c8ff4d5388dfa9b9ece77583fb5

SHA256
0c0c306ff84f9625656751edcce7f7b4d6b8d19e4e3384fec68ff0c66407470f

SHA512
af22c993f1d7cd805a5230d088225e5e3c0551bfc2c9ed2e4957bd347af6459e0f88a55e48e0e29e65b0472eb0bc3ac79775a80fb16ad198cba7cfa7babcae52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f702d24d88056abf7cdcff91e466e96

SHA1
0cb70d46213c3da49089dfed32d18f6bcc0e847a

SHA256
a18a691d184b2578ec30a7020b9d059a7c311d45e791cd84211ab41cc87916c2

SHA512
6f39ea20df5002f6ab2286fbb79d5d5aef2e6c3e6121b2a83c3478c36d4c5b1237309aed847b9d8c4416c2563f3ad3d93749708a3fe83dcae3beb42a0ba194fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6cde1b97e36774e56683504ae4a5dad

SHA1
3d2457136246e5d995678dd6039ab146aabe4bc6

SHA256
fed691331163bd93d9e92dad467e69ca9c43cabfa6f30e3354de5ccb2f0329b5

SHA512
860bcc6fee87f3dc1fbc51a91471f1191524f55cca20cca5bdac2b5c8aa6b6c940ff798ee6a10834cc60c83379f5ed4abaaf7109fce06c4c2a2b4f81ed59fca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0b7097227a44de24009ac303ee667028

SHA1
88a05c49591dc3ceeac55c32ccfb237134a04742

SHA256
08a5c0598f7ca17508dddc535013c3f1e925e562f3d992b5037fa373765c0da2

SHA512
0a4255b0a7e433c6ccd723e7062bd5a21f2cd5881b31c25ccb54168b9bd778eb6d83fd0133e67d79c2658e98873f7eac2e951ca444faf2a7f867e9fdf261b0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a9b02259d5c389626c2713fcda0cddff

SHA1
2730cc717378f0802496db3466c23608e6ca14d3

SHA256
a6363705ddd39538042ea215325b1d7f6e5cba913aa0ddadeac39e144c1e2893

SHA512
2a5ba1094ad2238236b3d68756a26008bf64479781237e296c357477fc9699ce2e1ef92fd1784708b59e7e3779e903a42e111af097507e6e4f81bab06fd986da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584b5c.TMP

Filesize
370B

MD5
d17623c4ef9777b799883e9385ce6a0d

SHA1
ab53deb220bd12f9455b24394e5ad91d73e53545

SHA256
9c562eeb82bb04a74d15f489715ab79e0e6628107dcf75c7db879df5ef298259

SHA512
f2d1d4a5b93bf6dfdfa7c068834ef56ab1d86fda2ea3e55c93f2e63fb3f205b948c39bd2684725f5ede90d3391d226bc0af91bea857db24d9efc692f6fc9344e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed3447ba8996c472b00770032bc7f7b9

SHA1
ed2887135d60d48c9c718cada22bd19c223cd085

SHA256
2e508515a9ed944cb0dfc4a5386c84da35988c193f9576f1f06c84d75c0ec5fb

SHA512
fd8647d106594da46906c9afd58696a776f540deda321a3b873e4aa46ae5f0b4a834ab93b817fc4c310738ebedaea0bf46fe984c34e013999c6df1b6313ca7f2

Download Submit