0da637b1bb7a38b3cfdf08c2f2d276c631a3e57b7c52eba8fb7e9c6ed333bb39

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d2d4ad4d8c2680c2295c8651500b3f0_JaffaCakes118.html
Size

34KB
MD5

0d2d4ad4d8c2680c2295c8651500b3f0
SHA1

5d9d8f6380eed51cfce29dceb83ef35f30528f23
SHA256

0da637b1bb7a38b3cfdf08c2f2d276c631a3e57b7c52eba8fb7e9c6ed333bb39
SHA512

475f9f56ff58655f3aafad64d9337c024371c9ba5609bd249132185c9ca17ba035b95a4b5ab53fdbac35975496a34628808c1154933242e41ae6548c852d9450
SSDEEP

768:+QWIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZ2:+QWIRIOITIwIgIiKZgNDfIwIGI5IVJ79

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
3936	msedge.exe
3936	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 2720	3936	msedge.exe	85
PID 3936 wrote to memory of 2720	3936	msedge.exe	85
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 3124	3936	msedge.exe	86
PID 3936 wrote to memory of 4492	3936	msedge.exe	87
PID 3936 wrote to memory of 4492	3936	msedge.exe	87
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88
PID 3936 wrote to memory of 1672	3936	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d2d4ad4d8c2680c2295c8651500b3f0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8593b46f8,0x7ff8593b4708,0x7ff8593b4718
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,7522951717014489198,416286455076473365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
7e27b06a258351e0fcb502598077c215

SHA1
18d77169b22f82e1876e9d8e62127fe92edce4bb

SHA256
283db247ec420e542ed9897c7273a07145f19268b14efd665a285c08f703592c

SHA512
0310e7e888ded8857a431b7bf5ddca2a6c58570398c73453dae09c18aa56b0a88dfd07e6095bd0d496b5531411ce5f1e4a4689dc0d20ae77d5324523109e6f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8e58c5472da466d21f1a3be50f14cd84

SHA1
40e562b9f9f042b5e917f6467fc6590cb216a3f6

SHA256
99cd960b84ba31f98ed94deb3ca36a3427de2e5325ef62ae7b309c42ece0e36b

SHA512
03bc3a230a421532815e277d5f7e932141b84d49957c371ad87672d025a81643918239ca843e41ea4a3c36c2c0761e1a231d804e16a1760f03eaff373130cf1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53d9eb3820a8bc929cc2e4340194b670

SHA1
1565739c9beac27da0eab585633fb8e59baca868

SHA256
24b745b1bf5328f5965f7ca479d5c0b86c043dc62487041d8fa863cb8395a20d

SHA512
9a21a1b60a6e95c2c3ce6425468160474215270abb7c5ee8e517fd94e12497e68ea7c1805e7b7927d293a425fb56a07fbeb0982ca41c45010e211e9af2eb9c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bf9007a652e496e547dab674dea6c12

SHA1
238f5b922466b823834497d268360ead2549b100

SHA256
bbca124b172798be53463c1237551c28c0d0ec6cacd82d7be0f4132911909947

SHA512
8ebb49eb3540d5b6ab3c5950ad3ca8d5a09ad5207a6c97dc5b0623a1953e1a9dd466841a12f312cabc98a17e1fae51f7cc98424161bd305ff3588d27294476fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4ef2717c35eb15077139b410ebcef39

SHA1
545d712c5402977b2e09ca8ecc4440d4ad277bef

SHA256
d55583d5f5f9c6bec55d13d2198a5e6c55f04caee78555bb23f9505b5aa96e52

SHA512
cbfca29f8b99dd18658d25778162ccd93d8b579aeef8bda7d05c4c6f69b810b4e632242ccb405f195149e0a74e7f2d47baef8992eb5c0eaedabbc15b3d7ac386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8387e0a79c3511df04ae88ec560e6c39

SHA1
659a6c8ae5c19bddcd84291d6d85d59bd7581096

SHA256
619f8b318287480e872e47ec41f39850dc863c3dd29ff9945d0fc35200874acb

SHA512
0e7dd689fef0a3aae09cb1dd48f950cd6d55adcc4f641f9e48fea835860cd2f69cac957c559d67cecf3ef37aec50efba8272dce08b1a2e7549b32ed27331047a

Download Submit