9c52acac9cd45391b8ec9701fddb0d5e1081871d2a1abe5bc8763c7a4a4c462c

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

52abaa0dd85e614610ef008b9eda4bfa_JaffaCakes118.html
Size

142KB
MD5

52abaa0dd85e614610ef008b9eda4bfa
SHA1

8435b0b497e18167525dabe4916a1a3fc53f08fb
SHA256

9c52acac9cd45391b8ec9701fddb0d5e1081871d2a1abe5bc8763c7a4a4c462c
SHA512

6b5eef5b7ff465b2493da032ddbcf0128b762e1ccc1f4a728969952f60b2e339dae527d7aa9654485e7924347fddf31f78d07041aa26a1164fb2b9886e50ceb0
SSDEEP

3072:UVGejtPUeUwIVGejtPUeUwMMKjxmjLZGDAMJJlzTPPA0ZLpfq8gMPhbi2zhkyy:UVGejtPUeUwIVGejtPUeUwM1iLZGDAME

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
1636	msedge.exe
1636	msedge.exe
4728	identity_helper.exe
4728	identity_helper.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 4652	1636	msedge.exe	84
PID 1636 wrote to memory of 4652	1636	msedge.exe	84
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 3224	1636	msedge.exe	85
PID 1636 wrote to memory of 760	1636	msedge.exe	86
PID 1636 wrote to memory of 760	1636	msedge.exe	86
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87
PID 1636 wrote to memory of 1700	1636	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\52abaa0dd85e614610ef008b9eda4bfa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dee146f8,0x7ff8dee14708,0x7ff8dee14718
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6576280278227835304,3385313194799783208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
7d835dcf5df1ea0c43dd9550571ed0c2

SHA1
b02e4ad944d8f9353ee72b690d8179cc500cda15

SHA256
f2d163f71c3c02056f81bb27da26188aceaac24f4c4c695759a1d785d8f67491

SHA512
6b65877d41e8fd3453f4631f64d9f5297e30e3df248d60e511649156f5b4344fa66d4271bff76f37c003baed9a49ea485934ae4eb9a19657d124f7da204d1674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc08840ae9b7d9edbca8fda10e4502b4

SHA1
6f72d88c8fd8b5bd06325fda1f3c3ece00ba0ad8

SHA256
b61bf5f381b563afba1f1c9ddc332f6c49f37b26628ce584ed8a6b1bb1445f3c

SHA512
17e6e64749fab39e7b46aaaf589569c7f9ce5e160c50b4143a6a32e5daf94d7297b1a24b3079015389ff2a5a0e262022552cd029e140d4ae585c6a3c16934ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b11d545079d844232b081273cdbd6d8

SHA1
f2272ce0d1231ddd3beed64a5b8f6de1f493a300

SHA256
44d72f81714d39c14de4aa5da4b88e48ad56d6c3be8efdae8b382978bcd3e93f

SHA512
d1298b9bd9dfa802566f542165804bfa1e56aa8e29fe689bd049133f222b5596f2bbd920936ddbe7990d882f26c79f43f35c346e9108f33395dcfb5940936ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3023baa4ecc98332616a59f82a84feb

SHA1
6cc5cdb1c2232a851e916aaca0e19c0375925a50

SHA256
15530014661008dc1214c8432e1cc621c47a000184d97fad33766581b92846be

SHA512
2ad3dfea713fa1c2fcdad905641e7e551e2d58dee92f99bb3cbded33bec5791d20585fe97c914077d231121d416e2c0a5aba58dcdd8f7979444a932dbdc2f608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f6dba296e0600b215e75be24c421226b

SHA1
bf79f8899f8d3fa3a0858bd16d59b67052cd397a

SHA256
64c926c874a2048652e252290f7287a3695d12a31f6239cd753d4e4224912fb5

SHA512
1e8544bbba12f800d141337248d904818ca7fd24ea0c3adc72953b59e2417765bcb5b1ee4e13836b768b4915f0df3af1842a0f72e4927b299d9da67a87c815b5

Download Submit