60f8be5eacad41e45e773ab771a5da432594d6eccd0f99e0effcd41f895c5e7a

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 10:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

172787da109567d2082b9408f2306f97_JaffaCakes118.html
Size

44KB
MD5

172787da109567d2082b9408f2306f97
SHA1

e5cad7c99940c2aa020a1a2b359814cacfbb78d0
SHA256

60f8be5eacad41e45e773ab771a5da432594d6eccd0f99e0effcd41f895c5e7a
SHA512

bff847e4f29c306d4b44b512ac99eed33fdbcf0b88445377866c294ee131e3401af333938891f1ef20e89c799c2efcce0678bf0451bafc3d1fc0940c23a0ea8f
SSDEEP

768:rv0roX7krptHTxjeLbQpBIohjPcXE8Z/1uLC/rVdcxt51lzD7OF:rmhFjLpBIohriZ/1Vc51la

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
460	msedge.exe
460	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 3988	460	msedge.exe	83
PID 460 wrote to memory of 3988	460	msedge.exe	83
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 4924	460	msedge.exe	84
PID 460 wrote to memory of 3488	460	msedge.exe	85
PID 460 wrote to memory of 3488	460	msedge.exe	85
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86
PID 460 wrote to memory of 3120	460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\172787da109567d2082b9408f2306f97_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba2546f8,0x7ffdba254708,0x7ffdba254718
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3436025698612448846,15414177403549768341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\75cf4497-4149-43a1-98d0-a58d2e603f4b.tmp

Filesize
2KB

MD5
c01a5cbdfec96d0cd6278d91089ffdf3

SHA1
e8e4da831a8385e9f8006ab67ba95960d7fb287f

SHA256
7e412f259a9e6eb77716b16fc5ca2dc12e6ed1bec0a252231fbd29815695258e

SHA512
932094e2dfad4fd67487de76014d7e3fa121c7582f5d5494de1f37f39d2b0fedc1566937a825cb42b33e98faa9989f19d886398eef62f166f0aa660d1105aa31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
eebb5d0b934e4621b1d25e4906e52377

SHA1
565e5ace67deae534aa87b6a6c3c0200f8ce0813

SHA256
e595314f2b65ca16ccbd459512b940424264d1bce070044498923d4e28d66546

SHA512
3e5da7aa1eb8a9f6aa4e293b4833fb3368836a32420a8ff39e78802309a646f5839fdefb1f5d7bac8faadfc5417477d6724bc2043772dd678a1b4acbd542bdf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8168a6006e4e33852c88dd55b19b3db6

SHA1
8c79a60ea77455ecb90e7f7cccb6a77d5a1ac3ea

SHA256
de1ab648582ac98add0a76d029a1ab37f7c849ca4cb4aea6b987ae75aab3a9e7

SHA512
41a6e6f42d46b8b0a7909f1a197a11d81959f41639be9589a61f9da866e1ce5ca57aa70ec912032e6d0be0e02ce98b16c441d2b87ee286737ee6ddb2ac160c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1447559e4b2346e1d258b20b2dea566

SHA1
ad5a1cc814d5d4b9075ae8258ad56f7053640f5a

SHA256
2706c838ca3e21915b9d381638e2c9fed18b066b7fb940f70cf88a52ce1c5715

SHA512
7f1113a60fc9b8a4cc78f7e1120e952a7d8c71661d0c0fdb5c91d3404a8509928b6e12f37eb079568400ef6a8a4f665dbeb3b290e8a17922f5861632a4d38035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63318ae1de34ba46a0859a9560109d59

SHA1
0f4b81870dbad15113f4d8ae7054a1b3fa2d022d

SHA256
6ca4e075bf2ca5712b887a7a2b4e878b56a5b7b7f5ce100e6f1ad3327b500e30

SHA512
32e69922f36270a10d138d6dd2836808597be844d3b148c959f58054fd99ac5159823ff9d8c3cca38a954b851ffe28cf7cfecd75aecf76ad57aa1c1046105e79

Download Submit