aaad989d1f1cc0188fc4411e4961ac0c7e39fd3fb5e12a4ba8acfaf9147cc8a7

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8ad29f39b935f9311dcc8343a4c534ee_JaffaCakes118.html
Size

80KB
MD5

8ad29f39b935f9311dcc8343a4c534ee
SHA1

2e7044a33b83a078bd2d0e78e8a04fc98887f350
SHA256

aaad989d1f1cc0188fc4411e4961ac0c7e39fd3fb5e12a4ba8acfaf9147cc8a7
SHA512

dd08f94ed59e671d9e3aff5f673e66b2091a90e17fdf4fb759fce9c120a992fae2f9f8eddff9d27b0ceccaec3bec3f2e1ff64819b28e2e66fb984f908eba64f3
SSDEEP

1536:vklcWklcaklc7uG/bI+3SkcXklcPEijZeqhREijZeqLIcNYiHrFacu9qL3eEbuE:vklcWklcaklc7uG/bI+3SkcXklcPEijx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
2420	msedge.exe
2420	msedge.exe
2348	identity_helper.exe
2348	identity_helper.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 4456	2420	msedge.exe	84
PID 2420 wrote to memory of 4456	2420	msedge.exe	84
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 3980	2420	msedge.exe	85
PID 2420 wrote to memory of 436	2420	msedge.exe	86
PID 2420 wrote to memory of 436	2420	msedge.exe	86
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87
PID 2420 wrote to memory of 2912	2420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ad29f39b935f9311dcc8343a4c534ee_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a3d46f8,0x7ffa0a3d4708,0x7ffa0a3d4718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15911840207381170393,12995221072390759176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6d65ab95fda375fb7e0dd75346322778

SHA1
03f3755d53652081cc75d208aad80cc5e99979b5

SHA256
b180008ce5e38a7c13e7466c7f2507634f6d85a76260b4e5fe1bd053e7ad0d96

SHA512
cd09723b9a0fddb293d4883cec7d217661e39e65611bbd9ec314d4ef283748f1882f31f3e270cefcb6ac7862e34f5e6354e03953321328e233144dcc2c286e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
76afe8355de4d2a83c7fb66057dd6a34

SHA1
68def616dffabe1cee580ddcdf92877d1a57aa30

SHA256
1d0725f1bae43581d466a0835f34cc059d82d00a624d4e59a649f4608f8074a8

SHA512
5d788a7b91de1b6f73265804f2fe4a066e4bdfeab092a5f5e47cd5ba27ef3ceb999ff72607ba66c05c85541181166c924bc144d835d8795e20c0f4724a04b92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e5b43c27c9e0e3c24e271042e9c2f3e

SHA1
a85affdc4f32cb156814666fb8105b69211a06b1

SHA256
84a4036a7aa695601d48580d7af45cb5f0b83746f12eedb42b34cd30f44325b4

SHA512
6d727b33edd80e9a23c762506739dbe26dfb41b2fd7d873d8838f316997d22b95ae08c7f9b2d4b76b5f742b0ae4d7bedb3268874098d7bf398f3eb35812149ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b16d967da269c9538e0db2bf2864ca91

SHA1
862fb93bdad329fdfa6a285d025d2315aaa17602

SHA256
eca2c9fbfb8fb978aeef6b1d5b86f1d8082923ffb2c248b0a29bfc060850f64e

SHA512
8e39922a31f1beebf7d3ca3d4d307aa5de2fe93924855ad16ca0aafb4f9f02160d4af915738d4e8ea373bc20d51d71515240b48ffa13563dd6a4a8624748abf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78cc85d8522cbfaf7707aeb3a8c21077

SHA1
ecc2eda9724d27a0d628f228dbf6d19dac714ba5

SHA256
440f7eb38f3208ed604506e7e78e0a74d2a35c230878a7358446806a6461cc70

SHA512
729187946d4566233f6c11284568f27b57cb9777ad38792db9b9f45d34ad9904cb08399099406acece8031b2dc54b3f35c8f0e69cb11c954175a9a8865b16199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1239228346d23183b93bd4a134ec4e61

SHA1
915c5b3ffc8e9b57dc7d5fe019ec57cc31047013

SHA256
e5f9b0578dd465604627a4d8e25d16ad5350ca82b4a6037e9f5079a342020317

SHA512
176508d7f731fa3aad49c60fd0b5dd84944afbeff4e0ab80d5df47753b26b3598494c25cc97a29d7275cac0dde02428c225e1d46e9696962151e8e96a8f3b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53a50f208830dd4b91ce05a1807a6911

SHA1
bbadf2d841c645097b2859f892ba4d85dbb6f0ee

SHA256
3995f068f5d856020b3308df3f7d027976c708e86b938f265db250d84ec2d750

SHA512
302cd88df03059d974060c2021e853b411142686848a0796f46cff4581a0639839df0d64d46c0ca763046cdcf9f7da6487f59b666364bd0c4eb2af586a7226d4

Download Submit