bf158a31b83ace341f82616014408f984f11a28a9dbb4b9b23077120ea85d03e

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0666bd49bcb0e558ccb4280d8fec319_JaffaCakes118.html
Size

8KB
MD5

c0666bd49bcb0e558ccb4280d8fec319
SHA1

0aadddf0b1858f597059167fd67d5bfe7076d585
SHA256

bf158a31b83ace341f82616014408f984f11a28a9dbb4b9b23077120ea85d03e
SHA512

38d4b9a2b1cb4be433e5f605b5181b84f09141f1df4d46bea1e92873b6c34610b5f26b687955908d8f7590e456b6c7246cc5e0848689364a40d3ee3921d1fcf4
SSDEEP

192:J+4kxS7FqQKY5B7Qqa3PJE4AXqdjI2k+aYpaC0pbXsFQU8j9b0Jpu9091pKkm7P/:JgcKY5B7Qqa3PJE4AXq5I2k+amaC0pb1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
4736	msedge.exe
4736	msedge.exe
5096	identity_helper.exe
5096	identity_helper.exe
5848	msedge.exe
5848	msedge.exe
5848	msedge.exe
5848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4660	4736	msedge.exe	83
PID 4736 wrote to memory of 4660	4736	msedge.exe	83
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3672	4736	msedge.exe	85
PID 4736 wrote to memory of 3540	4736	msedge.exe	86
PID 4736 wrote to memory of 3540	4736	msedge.exe	86
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87
PID 4736 wrote to memory of 1424	4736	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0666bd49bcb0e558ccb4280d8fec319_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb579346f8,0x7ffb57934708,0x7ffb57934718
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5652545009333330671,7637169597976767574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9fc0bce93bd34afaaf55dc3d7535ece6

SHA1
3fb6179388e1d19896fbd06a1f3d9f50457251f0

SHA256
e7992ba7e11048a4aa1fbefa51d896692eddc199cab71fc45b60bf922c3fc948

SHA512
16121da91156ebfb9276e85ffe3f8d60bf80aad8f0a8fe92604989492bb247be295e33941b8bfe572773fee95f8c26651206a314ea7c53f42eb7badc4f583e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
277B

MD5
c1784da0b7fc2e1ad01607909076626b

SHA1
cb0f9841d457e41920c6f53571baab4d05f3a9dc

SHA256
325b1f2d4d53588b14c5c7c4af79c4559bc039265866035d0be32bf8b8882210

SHA512
65f9fcf7ad5ea6baae811e3f0315a48f9d6a3035fe57affc632682536025f47c361e95e144ee846943ba9ba48608bd0caaa8ed332b60eaf54ae138a5de0f14d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9136c2a51958da3544337564ce6fa33

SHA1
ddc81a89dac1e08356b15d22c4bd104e8615c079

SHA256
a2e8af11af98c13dba8c9b43d9f71c2c98272f015a4a3a9518f2b7ce39ff1566

SHA512
bdd3b1c72c59f890c4981b712b51aac3e8f2d4c1086ae350325ab9a8c60461909196034428d2364889e12f7c4bdceca236869e8cb03a3675d5e25558a3c6ccbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0855259611a3ddfae80af277ff58566b

SHA1
caaf0033e3780431931898fb34293d47d3ef0988

SHA256
ce73756d2c8de29535f54c2813be89db31bc621bce371220e6578f98d7afddd1

SHA512
038c992990cbc7be917fed906dace007085e1181468ca1df5ebf43463966a9b32b6ab067a5406efa7d8977ffe92613a0edd5594f78b6cc2b2e2da13d1883e158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b414b91123f35a22faa8c139c75b8b94

SHA1
1351fa96f3ebe0d408979a81760fe507988e6665

SHA256
a3d540dd9b620fbd6a85e397b8f1fda47713301aa188af8191f08febef44fa11

SHA512
9c6a5b0c21e3b22f9b03ab72a0501e23f7db5060142515db1cee53d56d6f5575027c56ffc3311c61c5c718a47a0c1a71e6cbe54a192dab8c68517457b361825b

Download Submit