53d426670085ff97d13d7b57c1c002cfec2bcb30c644d3ed775c1c12ee29efb4

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 06:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ef42bd07b6992d4c939e6adac836e833_JaffaCakes118.html
Size

131KB
MD5

ef42bd07b6992d4c939e6adac836e833
SHA1

e5a36aaeac103402b2799180478fe0b992dbf00d
SHA256

53d426670085ff97d13d7b57c1c002cfec2bcb30c644d3ed775c1c12ee29efb4
SHA512

a22fd8ab52d352179d47f6136245b48a7b0c6f289273e86396f1c61aa3733897047c23a38aab437f1216487cd736bde04be51a09603b6cff103b043b7ffe4f47
SSDEEP

3072:uCN1AvqWKiWj6OGO4TLJ5FmHjAg5OtL+5qlmSKiQc6sPKdo71pBeD3uUAnHe:h6q4TLJ5FmHjAg5OtL+5qlmSKiQc6sPW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
3412	msedge.exe
3412	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 4272	3412	msedge.exe	82
PID 3412 wrote to memory of 4272	3412	msedge.exe	82
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 1304	3412	msedge.exe	83
PID 3412 wrote to memory of 4816	3412	msedge.exe	84
PID 3412 wrote to memory of 4816	3412	msedge.exe	84
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85
PID 3412 wrote to memory of 456	3412	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ef42bd07b6992d4c939e6adac836e833_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c68146f8,0x7ff9c6814708,0x7ff9c6814718
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7844937343152114222,625379925106204302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
419B

MD5
108cd83deb5d7460925eecc951cda2a6

SHA1
9559fb31fbcd88bfe44dc7e82221ef4a6008069a

SHA256
d4780ab05fcf32a88516d3dd7c5528d44340d4f7e20f07daf7b1081aa80964e3

SHA512
57632648da3a7aa5a76d6375e1e7561b27adf0761553b5e10aac5a77aeca1cff399f7e1d089a3fb25e31a20e00821a3505b78ad304942b1f868967747c438f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
270B

MD5
53996c716b4bd887d58c74c39cd09692

SHA1
19e272cb7fccb40129325bb4e77cfd6f9cfeab3e

SHA256
5f968ef1d7dada6f56de72d950fc41732c1e7e77933241aa9abeded51c5032bc

SHA512
bbaf405a56ef25b0b80b985284b01e1c7ab36deee9f025cfe894d2fcfddc0b9f583aa30e5030d11f3f51a7b453d5d3b2b3d1181e9ac04a2c38393a0f03cc7f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f611f77017a32139e460858999811817

SHA1
cc8beeaa573ac4f621b64471ffe19d298ef5bc64

SHA256
6e0473237336c7a4dbb795cb70a6b28b12997630618e94dfdb7c164e82730fa9

SHA512
def699f5f8eeb0563690712d421461784a143ef3e4ca476df49c6f41dddeb29ee8c01096d5c75071280b8d2a9d8df01b19c4049e16612e9bc42905e26e3ecc67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
872229ac36ac44db21a8ffaf253b80e9

SHA1
60d33afa7b0c5fc982779ff8cf9935062b07e648

SHA256
9c97eb7efc8ac896c9e4f60851fd5a8f82acb62c305a5e473d297dd22286b7a8

SHA512
8412353e3fe96a6fa331913a0498e75586d55fde79542fb936a02c6036d1df96d98c68205cd28b0cda113aa1ea615fb05c69c947bda4b7f268e051acfc6271cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
e455298e35d68c40c10c1e4cdaf7e12f

SHA1
1ab73a6913d5a1300f811d856b238f609cfd3440

SHA256
f948deb12821e0847bfcffe065e0f0ed461f0ed246f995c977d0a775ddedea6a

SHA512
2433b4efd8f26c9a5b60a6df55ddb064099cf5a5f6bcdc4f6b334aca7f9f32dba2394b922e9ccba5c82cf6d87eccb70c24d6ddb9f021ad64c1a97f3d77f13c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e143.TMP

Filesize
372B

MD5
6953cd130b1e6c615d97d60c3e44c6b0

SHA1
ee3ec3dd389893b78aca518e1e7bb16e70ad2a75

SHA256
c0c04da49d06d1b049d070dee8be517d5cdeeff3ee581835e001385171ce0f36

SHA512
fd6d484ce988086e9ff50c67871d9d10f0afa147502f77bd9ba3d310581fb2b642b1c6c6308a18029fc744dea521d34e8613d086c35047e2ddc6973d4b54ab5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f213306fabf7868ec9bc73cecef31f4

SHA1
01123b1bf78bf0b40875dde39469287c01242ae8

SHA256
6de2f5d17126c0cf8c2802c95926abe91b603dac138ea86a50d9249dfb0a20eb

SHA512
6fd978417afe9a6ba7906bd1e230b40121fec9068521ced9e1b15fbf4e29948fdb15063f8aaf2d9344250557320d94030a0a82e63fa10fad6193cf055cba3359

Download Submit