c2373a700b569e301e66a226690c5cbfaf3bfcb0b853977162bfcd1aeed0e1a3

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e49ff6acb54132a68343a8854bc819b_JaffaCakes118.html
Size

33KB
MD5

0e49ff6acb54132a68343a8854bc819b
SHA1

861d649a463e097eccd551034f386a5ae462b00f
SHA256

c2373a700b569e301e66a226690c5cbfaf3bfcb0b853977162bfcd1aeed0e1a3
SHA512

71d8eb6281ecb6331b33300871c778f11a0dc67b1db44c992a447fef8bb9b88a96b381b9610eee2b7568a2d8a15bf3ca88767bd36385708cef7d231a4ed72f2c
SSDEEP

768:1Hp8YRfy3c18ETWgoFrylpDgEgMKO0OkO4ZWGVGJKaCNGUK6lgFXtvUCNUtpzL:n9Rfqc18ETWgoFrylpDgEgMKO0OkO4ZB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
3684	msedge.exe
3684	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 2312	3684	msedge.exe	85
PID 3684 wrote to memory of 2312	3684	msedge.exe	85
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 3468	3684	msedge.exe	86
PID 3684 wrote to memory of 4408	3684	msedge.exe	87
PID 3684 wrote to memory of 4408	3684	msedge.exe	87
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88
PID 3684 wrote to memory of 1432	3684	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0e49ff6acb54132a68343a8854bc819b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff873f446f8,0x7ff873f44708,0x7ff873f44718
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16637488484512905,13521448008257851219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
8b46159f0c940fc3e6abf99185f44f11

SHA1
1a2e27feaf823cf1a84a203d1bcd320a7f6771d1

SHA256
c77f0313cc7771a1dbcb739c98e4a8387669747c359cb59593b13c3891164979

SHA512
6e780c00db95c810b62752a5335e214d815aeaedaa220fda93a191b514d8d6a077e772665a1ba7f321d124c17b1d62a4f4b3837e4e4c65eb3d4e029999389560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
74bb3cc957caa0fe573d4a8e62836a46

SHA1
86ffdb07670347d4cd9840fc5787f530724e360e

SHA256
3bd2b272bc9f367b3f0622d01ee7683bf19cc210b623ae0472387c54f8ecdf7e

SHA512
927b7b4b84eff554945cb50daf6fcb482aab525176b6037ab85b5cba9e12325bff4848102b6b12cfde6772fd58934b263f30d2c6c9212152a2bb0caf945034a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5771300547fb015428a02684810641f7

SHA1
01e2ee3d6031d32a6360cc219eb6600ac079686e

SHA256
bfbf21b439bc4f3950d66816760146c969e060cec74440e49055f1cc2eea7d99

SHA512
0627340fe924ba8617eec18a85bfd2e3788f30292baea9d90f128740d36fb0aea774b887ef71d52c0aa4a5e86acbbf0e53c1efc823b4bdc4fe52b57ac5a30dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
06b8449828a7fdf645db445815a2df4d

SHA1
ef700c78c09606bfaaaba48ead39f81c98445ae3

SHA256
1e1fed8c8cfc8d1f91e3e0569930e8670cc211587396fa84f403044f9c9b388c

SHA512
604d64f0cb5d1163b6b20d350aa95ca82df6130a7ada91ad820dfe9b0f66a876727a72b11f9192c6d537096c814d136d3755e4e597723bde93dbfc9404685133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
691cd8a50eb40a9ad5762037e3686f60

SHA1
f334818be62900ade8a020d6ab3d96c08908136f

SHA256
7ec6443bc40acb56190b9e31a8ab411de753ee49ae9d5a34990b73d65af00e78

SHA512
1afdd5ac26b1df3749ac723d98a2df4d22160e662ae85d71974048196a27925f74e0424798bc028cc0fde727849c14dc2980ccf357dc61f4b04e68e22d4d9c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c14739eaad0d2b67fde6f0b93e330c3

SHA1
9289ac425db484c9622d6df5489dbb5f90f29132

SHA256
238f5ad283783aaed903333c42215ce60176f36d1a352133a60bb205d3ea06d2

SHA512
49bcc65fd7cc3439f5b405fe4043e3c692e40cb6e2fb87de66747cab8d912f67749c830354999830bb0d318a6ba222f44b9abc15cbc178f662ec187cf3e947f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a37be82ddab0ca1874289bf79792cdc7

SHA1
3997114c9c4231a0d3b622a2b340eac7e1cec1c2

SHA256
64fab53848c97be2b00834f6db9cea1b065df6c1fab99f3b96d7830a50e64c69

SHA512
f0bc5b698f71bf7207ec7ec786ba09187878d02c291bef07627ccd0d8626827db70476f867a2d338797fb93123813207b53bd1763baf62752d8cbf7e6e16c3c7

Download Submit