45bf05bebf532f1fb8f25a71f3215b4546749d11f5cfb6eb069733dc2706f4e0

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 09:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b4c341d524b91d31a274c82aac575c1_JaffaCakes118.html
Size

19KB
MD5

5b4c341d524b91d31a274c82aac575c1
SHA1

61a6f1c8e4114f06988e1db8dd62a7cd42907aff
SHA256

45bf05bebf532f1fb8f25a71f3215b4546749d11f5cfb6eb069733dc2706f4e0
SHA512

8affb689c675d7bdb3f56cf2f3e6297ab640f128284d7aa8c14c3e52aae4aa2dfab48a5f0e70907dac8af8d54bcccdd6efbcb0d94cd132f3b99989c5e6607028
SSDEEP

384:Yu6wKfo0lAtsdgdy58LLOegqg2gjdAg+gEg6g2g0gkgmgsgCgcgigGgmgOgWgug1:6lM4dlL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
828	msedge.exe
828	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 2880	828	msedge.exe	84
PID 828 wrote to memory of 2880	828	msedge.exe	84
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2360	828	msedge.exe	85
PID 828 wrote to memory of 2268	828	msedge.exe	86
PID 828 wrote to memory of 2268	828	msedge.exe	86
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87
PID 828 wrote to memory of 2276	828	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5b4c341d524b91d31a274c82aac575c1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089446f8,0x7fff08944708,0x7fff08944718
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6697346095115854806,5425552848771521425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b0cfae854def576c5ed6f54ba5b118e5

SHA1
7beb5089bb24535a7eab27027747575e5570ba59

SHA256
a5add4b396a37ad9e5170c6ddaf63b65a9ea1486149e28ec638e9af1bd4ddb61

SHA512
fff1f19d9bf84eb13daf444157e08765caf127fc6fc3b46e473f26058edb0f492c35120c13c6d9b94a6784217efc540cc74b81b5743b735f9bcd2b29b2cf99f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
b009d8f14d3730182dfaef12dcb307a6

SHA1
c43e471297a6dfb6e4b0f31d090f56332c6e8999

SHA256
0970b4076647525a987cb36e9650ee30fbaabfe1c348fd2cffa4f5fc0e5cf35b

SHA512
1081233f554066f25b4d77b172c07843c77afb3ae76931ce616b35914a4ea7e46b6cd590eb8742279c185bd1ff0d15659a2af89013c06aacf2a66b4d8dd4d9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c632c22983a7be55c93fe6fd4793c6e1

SHA1
bc10081d0eae8fe08570833bd773a52d07e8fa17

SHA256
d90ac95ed297d5125e2420ecd58ee7da918933a6a58e09199f4ee460cb069b66

SHA512
29535333bb554b27aa92296339a21d55369c3b379f3bed9d0bb44f059b80ec44282f0fdf34538ef67da1c7ac9d21d194e28b57b7343f1e4af2c83ee526d1612e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16fd65cd519fe4feb13c9c8b5fc76181

SHA1
fb05bd38f3a1033a389d3f5848f138d293b99c4c

SHA256
f34fbd9f5706cac31ab3aa0e3ddfb727d4b46309bb9af4709e35e058e63f174f

SHA512
bb6fab9d06a0507a7ff4e378e595a40134a584613fa6266471bcd5cfdaf009da0cdf09c2251e4f6e39b30613b6be1864dd82971c711b86759d48eb0397e0d2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a56c8e996dcb0c2714559e706af8a5ee

SHA1
b7c9b089ffbb980fc66c05c703bd26e151d635ec

SHA256
563d856f7ffc85eea092ec37390f34bb9fce42bcf1f5ccfa2699fcd409d7ffc9

SHA512
7aaa3d02c281a2c4da04cbe1331197c011f13b7621bb38f7a707ab98e2961b98df02a23e08c154766d8b18495566f459a18ac47f5888b497b92a16d87c8eeb2a

Download Submit