506fcf7146cbca724a31a4d967e0649a73180b5ba376c4bcd1c26956a6fc6d3c

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd06a218e1ae0a8b48a0ddcc419d041_JaffaCakes118.html
Size

68KB
MD5

3bd06a218e1ae0a8b48a0ddcc419d041
SHA1

6d196389db52e4cb36cf420c9e3eab52926a4ebc
SHA256

506fcf7146cbca724a31a4d967e0649a73180b5ba376c4bcd1c26956a6fc6d3c
SHA512

7fbc79f68fdde68083b436d77a06d8caaa23290f19887ef91de022ee63d7ce80c17fe44f352783915388f84c6249edd4c094d68835c9021a23391e1e0db50779
SSDEEP

1536:sA7DMtXqFhVKrdhVKr5+MF1tr1cF1GvYyt8U9NMgPnogBtbWi9+itZFIet:sA7DMlqCMF1tr6F1GvYyt8KNMcnog/WA

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
24	sites.google.com
25	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
1368	msedge.exe
1368	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2188	1368	msedge.exe	83
PID 1368 wrote to memory of 2188	1368	msedge.exe	83
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 892	1368	msedge.exe	84
PID 1368 wrote to memory of 2040	1368	msedge.exe	85
PID 1368 wrote to memory of 2040	1368	msedge.exe	85
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86
PID 1368 wrote to memory of 2296	1368	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3bd06a218e1ae0a8b48a0ddcc419d041_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d05046f8,0x7ff8d0504708,0x7ff8d0504718
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1713972027182635561,11463504658449316796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
29fd7b159a9fc831149f655550f2746b

SHA1
b41f538de10ec6f9e689b426f9ded4e885330b85

SHA256
0284c6d21e47d0dc388143a131948c48a4d3135ce93f541a5c205a7de606c999

SHA512
16b299bcd397aa0d44a6055407201127a2d00113091941efacbbd36cc6b68f82909643dec7ab969023f425a1786cf7f611189b43e6412471c94f8ea4f68efff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ff18e5a96af1057a8d19ccebdcf1cc8b

SHA1
4cbcf0ee91d545c421e3a77ed848ca93a93bede8

SHA256
6394f651aeefe99290a302ef4754d1f17f6d9402dd5fdf3d10134767eca65d6f

SHA512
d973f471f0ffdde1c9fefd023517ee26d14268cebef8526a0bd4648eca5fabd1dbfe59c488f6d988214bb2e678af18c48d45f0948aa42fb8fb8972e4eb79a386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6698ca968f058351dc416a474ea71b3f

SHA1
53c0322aa168940b53390c67d3c3807b6134d5ba

SHA256
b8c99c63a430c3b96b8e53fac60bb5af7a3a236029f8cade1861c87bb30415ab

SHA512
26f042d1ca6eeaedab02ec23ec27f68210d14f5398758e5e9a1975a392a9204ac14605275f0b67168662d6a542fea4c6ba2bbf3a4eab16dfc7f0ea6d9f381a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f4a24421434fc9e9a72ee944e78dab3

SHA1
298cd42626fe292bb5d636ad11c000252ed56b43

SHA256
93b03428c0605c50bdb5d6572ce14e44dfe3d8de04276024b0fe554a96c9deee

SHA512
4f3cc867fa8b77a185f65caa13b46c71ae88d3749d1fa12bedee2a82480a2176a4ed39565b7173b50d030b3d2bdaab889e921bf6d6ba7f78a8b92ed462a7ffe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
d89e09990243d759edb21438c7b519fe

SHA1
9938eaccc1b902d242bf6087210559909e19791e

SHA256
c2e172e52aec22bf34443cd381f022c58ee1b40049c249e1d739ac812acd4370

SHA512
18b50fb6f2a67fa21c3978a50afd38e9f10adc7f3f3d3c850cc3daa765d413090cf06adc6fd0e9f2ea84d77dfef26455f55d276a323b0a5e7698157f2b43399e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5c3.TMP

Filesize
872B

MD5
2564c08ea77630639aa6790325548cbc

SHA1
046dd57bfe9162cbad700365a02c54a4e00a17d7

SHA256
20570109b58076e09cc3066ebc1ea3ce13fdd370961e22c9dce846cdcec01279

SHA512
444e2755a60d9ecd282594b555ae2a3ef88ec25c44141c08874dce90cea8ebf078d475c02fb5ee2b56452e240850780b7850f00cc121af48598b52c7e242f64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9156438-2895-4322-ad36-2c6ab3ffc5ea.tmp

Filesize
7KB

MD5
899508cb34b50801f8a0b514b7dbe9e9

SHA1
fa8ceeb0a53671ff283d67cb9562d7a884d7d655

SHA256
cb8111bd746b8e56401fbb591701cebb7f23815ae66eee40952a10c88b74087e

SHA512
1c33f5704426cdd0022eca160175238d647ea45e42b3a32065f585defcb79f72da22f22604aa5e2814dc1e1bfb7d48927d9a152de788c05f93e8cf159f3ec7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3000d5f88a940e596ebd5cb48ddf9022

SHA1
71c920183b22b2f618dc4dcdbdb926d22b5bae09

SHA256
adfaa9627df924cb7f9601d142eccbc3fc5631bfc36aa8e66d1f06d51e6a8827

SHA512
2649a2a84117e37d27ab9a8637d0d41ebd65a8f9b106bf44e22c56431028ae4a444fca2579cb8698e32f80741128f1e13ba9290d2cdf9fd35335ec74948e3526

Download Submit