da762bc3e308b9eae011da68811260ed2b153e269f122ff9c5827f91c7f5e2f7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7a3aabd50bd8b33b20546d309ad39b2_JaffaCakes118.html
Size

88KB
MD5

a7a3aabd50bd8b33b20546d309ad39b2
SHA1

783ff275c8f77c48ac600686c0fd9fad8f3399a7
SHA256

da762bc3e308b9eae011da68811260ed2b153e269f122ff9c5827f91c7f5e2f7
SHA512

cd1f49dab4de28a4777e88b07b859cbf630363a45506dd0fc24a14ad4494cf4c21aefa6118493e7bbe61075d33a06921a83307a63b4cfc19e9da871573167f3a
SSDEEP

768:wirYR3xs0MHvvCIynoWgGvTgtIA4WZ08H7k6uV6z42JJp6eJbPMS6zuZtgLGpIAZ:ppBHv7ynvpTgtIA3CTaJL0S6uTIAmaVN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
4392	msedge.exe
4392	msedge.exe
3300	identity_helper.exe
3300	identity_helper.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 4252	4392	msedge.exe	84
PID 4392 wrote to memory of 4252	4392	msedge.exe	84
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 468	4392	msedge.exe	85
PID 4392 wrote to memory of 3168	4392	msedge.exe	86
PID 4392 wrote to memory of 3168	4392	msedge.exe	86
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87
PID 4392 wrote to memory of 1076	4392	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7a3aabd50bd8b33b20546d309ad39b2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16742074504006119923,18372294696863123262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c17f5b4-b706-456d-822a-089c65ea8b39.tmp

Filesize
5KB

MD5
3133d2593b6980395167939c10faeb3c

SHA1
850e41148ecc23c6f49cf5d629c17c53a5ef454a

SHA256
745605aab46a5e87dc43f8903a1a52bd97584c49904c56813a2a9d74a849dd78

SHA512
9f6e1aed63bf7f6c5afb80eaf787a3da35260f539340ff826527e1fb1da58f4d1b4d46ba084abd49661e214634379f20190050bfbaacd9afe0ddba35089fce1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
50a8071d62acc97dcd3818f61df548ce

SHA1
bfe53322d3fc622b185ea076467bc5510a18b3f9

SHA256
e44c3c9c15fbae707742e567e591f396d38987f558f7d84a4b7a70cb89da5052

SHA512
e02b7a320c45ecab18ba4bf6136f444799697adb6e1ba9fcf9734c8d06fe01431e1f1b14b64ffc79c2fc3e7850d8bf3cff732c10c4c5b6131276284246bf472a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
821B

MD5
f81cbbef2471a08b6629c674d0fded07

SHA1
b033f911ca8480a8b50e37a923258287b2918552

SHA256
42b73f3c11ec4c233919e3efc34ee43b528f6f2abcc9fcc03fe3881d5fedef7c

SHA512
d453340cc8b433a615761e8920ba8acc792232c8dd73fa574a76ba33e10ee13190441000ffba197e319ebe2b00d021927a9b8c8913d58f6e1925697c6adb1e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e64801c07a3ba16271b01db996c1d02

SHA1
dad9e8222f8fa6f2c472daa27236cb6199c9b18e

SHA256
a6f8db47af516783175c9a796ba3c4e8a0ad7b9f33802149a8a744a1389506af

SHA512
bc0d45fa840a060cc5c8986b484f04b317231d281980fd124dff120aa37a623f6dd72c6e90c0ef5448c4d2c649bd8836e4cb6279350a41cb2c6708388185771e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0178cb09ed74fc153fdce7aa6201825

SHA1
14e558ede1924e623df3791c403d26e7a70fdb83

SHA256
dbd278dd5aafabc24e169bf9429f802e61fe6ddf46a0efa73f8dc5886a20fb33

SHA512
42980d184e90ab4ebd51486bd3824f3b53447244d1a254ab00cd79b347596c0ac3d3e01cd2a1913ed7f51507bf5e9b6aa160aed16a4e42e7a0d1267b48e2119b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
130e53c249cfcec4ebbe4273a505e12c

SHA1
2fad500096f76e23943bf8720f0444affde8c4c1

SHA256
10709fdf087b259d0aa7c5ee9a56dcfc479062d6d76739694d853a07473e6a55

SHA512
43379b888ffeb6d5342b3cedcdf21b24f6f140a8fdcf1bdbe4620f5469ec6b45f61b5040988fcc64a6aadde1a97f4e231498002d4c19be198b05138b0e55ff76

Download Submit