1a32175ff87371261aa83d5dae4dda95ceba65ebf154649105c51e45c5c4844d

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d56e68b0b083e6f92c8a52c398b939e7_JaffaCakes118.html
Size

175KB
MD5

d56e68b0b083e6f92c8a52c398b939e7
SHA1

a37e8c272895a6a14061be6cd1f221288a222a55
SHA256

1a32175ff87371261aa83d5dae4dda95ceba65ebf154649105c51e45c5c4844d
SHA512

6a8e05928f22a29d4be414c0ad30f13e905d26b361c723cf5de221296fd4c5767455e96fd435f9f2d288aab07e73734010359547cf557e15ea49b165be060a06
SSDEEP

3072:jAfz6bPWDBJMB2ctlo9kNc4PGdwsvP2a59mW+9M00PZeieVeb2Ipwhdvctnfl3XW:YMB2ctlo9mc+Gdwg59mW+9H0SJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2568	msedge.exe
2568	msedge.exe
3940	identity_helper.exe
3940	identity_helper.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2612	2568	msedge.exe	83
PID 2568 wrote to memory of 2612	2568	msedge.exe	83
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2280	2568	msedge.exe	85
PID 2568 wrote to memory of 2020	2568	msedge.exe	86
PID 2568 wrote to memory of 2020	2568	msedge.exe	86
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87
PID 2568 wrote to memory of 1412	2568	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d56e68b0b083e6f92c8a52c398b939e7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9f4046f8,0x7ffe9f404708,0x7ffe9f404718
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4297174562502714904,18408619264872862445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
630B

MD5
048f68ce18bbc8ee19eed2f22085e98d

SHA1
159f1696f190e813afb3687f24d2df155485cbf2

SHA256
9424a738c468b7e38972a86d4129054f4d88da8fa2d0129f1da45d8361eaf755

SHA512
55f20574c096ebc71788a5523efed408489eebee37f312629183262d325c60ea846597f8de5f4fd92e546ef9a0f793f513c09f2417f80a3483b655030c61f91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
630B

MD5
87dc04b3d7bd2b0f94b7c0f3b5eb59a9

SHA1
18efd8de7e1d85c079d38b15cee18244af1165c4

SHA256
157ee186f716de11295735ffef80ef6b318181e54efaaa5805b5689cd1bb4ac3

SHA512
6f8366c771e2faf2f774eae03b0a3600109042b551d54e83b0cabe70ee1eb8973c9e1956f1da713b7c1d129d8da308ddc85da65ef2800873683cfafd1a749255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c1a5ec585f4bde563328c55bc64dbe75

SHA1
51cddc419200c42ca946bc98154d6ffbd32e8c88

SHA256
f599989f52997772a37cc6e53f2d2c38c282705672a5bd77fd434e3446339553

SHA512
f14af1a2f9be4f4bf1074c758336270fa2134a96d2afea506c01efac8f36a95100a144e23fe54c544e9b5e7fec78707dd3f21893674495b36c8541d7dcc9cb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e076e422c4197cc4710703372e4419b8

SHA1
93dec7576c1cddabdb7c540a523c43e497f6ad21

SHA256
7dc75a31fe2524123b379bddf7343540ad29505febe96a6a2e02de4bafb03eeb

SHA512
5aea416e056765da1af329301643412852d402d365e0dc316013b6ed6748ab938110efb153b4a809e572638d23b36b7fc34c6dc84ae7f3f8c9be2b0e3b466edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f763797b7f1d2824595bc14903312fe3

SHA1
f586e3d111885e385063fbb7fec8be5d7b833226

SHA256
fd851d7c9280002e98299d75d73cb92df8524cefbd36159dd42ea0b81e2d18ae

SHA512
0fb51efbc5ac63910bc72d24fcac34724d8717772a9bafd9436ebe9fd24b959f9a61f29d7c17dc283b01057625b7e012b75763237d092eb02613ec316e70f68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
255572279c749bd4868dd84dbc4fc8b5

SHA1
8ed8c1ac733419796784d5cde4d9c274df713616

SHA256
5d22c3a1617fafa9499c3d2542535697a312eb13b13f1af9080aff7a52e98b9a

SHA512
7e32c422ef2a4f1f5e91430c1c3851b91484e6d081d87cfd2dce45c232c67b154d8ce6f21566f384d4cdcecd50a0e5b7c06c50e2fd6a3f4920151c9499b09476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5833ad.TMP

Filesize
203B

MD5
6ffa990fd120a4934e1c90fed85500f8

SHA1
d24a311db6d5ade61396deec1e8bb2b0915f5239

SHA256
a8902c875de8bb1919894d3ab866899fc7de3b6c5d3399c00c8effb1d237fea0

SHA512
4b02c7498b4ae9febb2886b7d8c3c3728d765d532d5dd92dd62bcce415dd38be4361d6186d82c6969582f14796285a3f737a47b05ab6af35cf6119fd5369c58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
18ccce5a4f7964430d1c1360ddeab774

SHA1
16588d74050d1d796e61f9f3a5eda964abf7d8ca

SHA256
0c70d23348d68722bb0522cd81fb2baccb1e22351445fa15cfac56cf977a7bc3

SHA512
d614b427e53ad7f548aa5edecde656abc004e762faf2f64f5d25ee818c92a2f7b15a0717f567472d5ba4da1af55cb9ec67930d0fd670f3ddfd473eb686ee6c2a

Download Submit