870d396f6c94f613f396078e2b6e6d22fec619bb7e630c0d08acc5a907762919

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ffe068c29d20b04e2d9fb1c850abbe7_JaffaCakes118.html
Size

502KB
MD5

9ffe068c29d20b04e2d9fb1c850abbe7
SHA1

7bf962c78557afada742319a1c99d67beaf849f2
SHA256

870d396f6c94f613f396078e2b6e6d22fec619bb7e630c0d08acc5a907762919
SHA512

e4c0aff2565df667bf5b9c64889acb5db7f1db6a0f3f96fb6caf8fea77be4b17790660e241a947b3cedc0d8200d564aec9731d8654354ec81e8958ae63811e5a
SSDEEP

12288:1LoTeAJu4NPrALp8rGJD/QUn36fVCqYv7VQy:xLp8rGJD/QURtVz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
4604	msedge.exe
4604	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 3672	4604	msedge.exe	84
PID 4604 wrote to memory of 3672	4604	msedge.exe	84
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	85
PID 4604 wrote to memory of 2200	4604	msedge.exe	86
PID 4604 wrote to memory of 2200	4604	msedge.exe	86
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87
PID 4604 wrote to memory of 3812	4604	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9ffe068c29d20b04e2d9fb1c850abbe7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeab346f8,0x7ffdeab34708,0x7ffdeab34718
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11247243614876780378,2217192577944505774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\646d2275-547e-4c43-ac1e-b9b431a4b8a2.tmp

Filesize
6KB

MD5
6e23c16c43fe1e6e08e7e58c085367aa

SHA1
e5401524e572a87c22b884e12cc96ec2ddd181d9

SHA256
7805330518b74fd33dc42b55692d7f5bf63659e6b072368ef691a9f33524bbcd

SHA512
e462e149b939353f8eb527f95d77eb97da5fc2da34d64000f9b07f006bdb6202ee79261bc0bac0e158c1fc9d78c06ce7695356765f16621834744be898897dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
506316ca415be3c4764e3fe018e1442a

SHA1
5d2d779ec2450abcc918943af1626d1b9607471f

SHA256
33133848755a9b0c1831be11592b14425cb909158ddd16abb1b9810a26ece658

SHA512
cf451b13c1b811ec9d23663326ed1c0dfdd64a75020a9ae41390b2fe64b8ecab3c183d2051040759d231c8e01e66ebf58bff1ffd90819e9be00e6c20bfad17b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9509e4469fe59850b0a370b8ac69e120

SHA1
31e798cad9c36bdc11858430e849b60d61ac4ef0

SHA256
f0b8b67ed57fde613378d58674777ae4cf2be482f9ad7c8c42fb5ae82179f0ca

SHA512
92b5fe8743608d138c4deca2700cf6bbeb746381edb6447b0aff3016047111741f29e5a3141af88d3f7001ec125f11a54009ec44d841cb0e5c0f4b032e5bfb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1652692812246e85d6c27f0db819345

SHA1
4d71ad5b4838a99dff3f5aa8629db9a7c7734b56

SHA256
46754c56589d48c6ea829bad3c7bf07f403c51c7abdc0693736e4eb2f853768f

SHA512
279bb32eb3d3ef78e91dc0c1a6f94803e7512fe15310023a677bff0202905b4dc2b4524fe44abeafe00d9c5fe5d03515fad14e78a741dfa2f0f500ec9ca0c73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31002d0e747500414add79560fbe250d

SHA1
6a2b51d5af45e33329f06b3e18f025b49a0a6544

SHA256
3f8dc08c8addf1c0e4638400b114096889c7dc1b01408c20af7e52eedabe2845

SHA512
79979d44b1f4887fc20188e43f663a3abdfeb4b4fbdca4efd68e6569c214ae1a3331bb62c496e95123457029360db9d0e402c6d93bae3ddf12190bd8c6ed5833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c7aa7f85c74a2782c314eccea28893ae

SHA1
ec48ab4e67b637397eef2a8d9e366435443d0a0d

SHA256
d0add3735747371e5a5c3d053988814f99c7d6b4ae5437b39b2b8da0f8338da0

SHA512
93003a369d6b6354c21e0c8ea7d308f6f6863c9b5b1bdf69dc612f392850e211243778801bb02b60aa11fcb7bbc3c3a731a16ddd174699587cda564ec2542cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
db91b1dabacacfa0ec3d33b1598dc6f1

SHA1
55e517e93ca106e2360a147d9189647237599ed3

SHA256
81d37360465e6121b251bd1437322f1cc216eef53ac434c7e1413995f41cb33f

SHA512
77bcb60c95bf069ccd67dd47b62122ab1b37de756fd83c5a140e5ad97fa3b4ef7c4d6e13a9a23297792f0ea7e01fe85f31de9250bd483bf1daffa49f424c7e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7173dc8041d6a935210233cc4f78c6bf

SHA1
720f6027de550d8f592b58015f6f6775a43557bc

SHA256
0612a354af3c4a241d087465d9e87fcee7689b6e67731b0317b05edde273900c

SHA512
b7d0e8b1305702522736299b9a17f61d10d88f54ea329e1f964aac30ade395cc82bcb48c7fbedfe029daef4d33cedf2c8d2577f41a0471946e150e31619807d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
289057fea71d615479e06d850f766d6d

SHA1
b90e0f549bc901f9cb13368e3c68b205ba415205

SHA256
207756ced3b2ba4a4c5cd53a9c6e655c02586740e51ec1066f26e90b88489301

SHA512
0935a31a9b0ec27038163507d817fffb8df62dbbe606092a1d2a1fafc3d94c2bb98ebba3957a95f4ce806ce8fd920acfce1fb17cfa615dbf2a865a699f227334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c786.TMP

Filesize
1KB

MD5
4c105557230083644dcba8d8768b288f

SHA1
e609d348359034348d7eb9188acdd1428db00d00

SHA256
b133fd24f3274952cfb58c350ab2b165193e74dcf72faf93e8a0be8bd2e8c6cf

SHA512
7bfd442152fdb7616780daf17ee9b2076614db911816fcc83e2037f848315137f6fb10dab238ee4cecf4d0b53cf165608d9fa656b1b243588c111bb6fe62676f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b3b851ea073228db7886c26dba002364

SHA1
d4aa159fc8bc1d146a23bab3e4519546e3095605

SHA256
3dba4a84de200fe6d14b30f532548641bc5d3b27766518684dddd9103b6f8ca1

SHA512
ed0f1aa013a238198dc12a7cf2be7cea94f2b9f9c0d68c9effb6af145d661d5a6c51f63336cc26a56f20542a7c20b623de31ba67f8df1c4c33ebeca4716b8789

Download Submit