bf432740dd814a836322d80c3312a7589996100289b076b4e4c9c158ae39a5b2

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f5ad03edcd209636c0dc6b03dcb47d0_JaffaCakes118.html
Size

27KB
MD5

2f5ad03edcd209636c0dc6b03dcb47d0
SHA1

4a070888dc7060aa2c4e626ddba701a82071e0de
SHA256

bf432740dd814a836322d80c3312a7589996100289b076b4e4c9c158ae39a5b2
SHA512

422ca08fb6cbacaac685251fa5ba631db83b6431879784c142d05429d2a510791a2a3f7238cbde033981e4944ade6c97a6a03f29ea5121e29526c849f9ea36b7
SSDEEP

384:SHK5sHsUpvZ48U9Aqz9GOb+DztiGgVoKYUSiGgyvU8kP/UZjL9u:SHKyHsU9XqRf+liGgVBfSiGdvU8WAL9u

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2620	msedge.exe
2620	msedge.exe
4248	msedge.exe
4248	msedge.exe
2204	identity_helper.exe
2204	identity_helper.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 2792	4248	msedge.exe	83
PID 4248 wrote to memory of 2792	4248	msedge.exe	83
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2264	4248	msedge.exe	84
PID 4248 wrote to memory of 2620	4248	msedge.exe	85
PID 4248 wrote to memory of 2620	4248	msedge.exe	85
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86
PID 4248 wrote to memory of 2536	4248	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f5ad03edcd209636c0dc6b03dcb47d0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97a2c46f8,0x7ff97a2c4708,0x7ff97a2c4718
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12572659436606050158,17019618773927510476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8559e7a7a516c20ff267c9ad4d35b6d3

SHA1
b616eeeb5518e3e63b1d077ce46634051117b078

SHA256
42deec90292dc14cd17b9cafa0d130873525067190c675f57692f5156991b21c

SHA512
4958e048ed5b3147510226352fb0bbfe784120e378ea7e6dd5650bb7c501620ff1891b222cae83cfc920ef76180baa3e3d46570520a154aadbd84a6bff4147ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd5e8348ce34bd9f38eaff7d6b118872

SHA1
3a0c396b6134add088ed7ee8fa26e3a170a871c4

SHA256
69bcb7557437a2af6ff30470c96e4d89139b8e332a223864dec4ae1f3f8055a3

SHA512
4e3d1b646b5548f4f4273205ba140b7b7c0556702c84273c0426656d5b9588e6152740d9ab15d13d59ff96de5aad962541436bf508d34cf267e4b356131b355f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d35e92d057c074eb9ec505c687c6e7d4

SHA1
425fd00ca8d0ad1e1b03638a9c5c3e6918a73358

SHA256
d3fc64896418c6323d8bcfb7ba7f0287eb2bc9859d00fd0033b59399f065d3e4

SHA512
e5a3bcb2ce1f8eacd2116be3549363f6b3143004228a5be0c3a8a29d0d310652669d1a12aa4c1c68444ae2c6d0c1912c24501b74890a9c4ec10662bea9ae7bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca446c10-1152-48fc-ae46-e4efe356cb6b.tmp

Filesize
1KB

MD5
144cdeddc3a78b14a3cf4ab7dd8098f4

SHA1
6f23e220a8345aaf366b933c45c2e8614636222a

SHA256
3e264b734dbee382d304c42237ab0810aa236bdd8a1be88447f616f2334e857e

SHA512
ec0f4faa3f40b4d30bbde3cdf23850425cd8ab7225e8220e5bb728a9393ecfacf2d64efe94dd51a641c771a7c4372ec71cf3e0bdf0df6cf853df2a6c18f869f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8464ae160ce5d290ab8c86b0d2fa1790

SHA1
663970a84c43b47b42319135aea28455e9f40737

SHA256
a98c281c159f8f838f151575f22a4fbcae1bc9cf488ea8c4bc08ffe941e95067

SHA512
0c730f69fd8b925b4bc1b76dd47ff407321ccb35efd0a17ab30494ed35a160e53a6bba50ef7adf8098c546d0f6bc7bba030f29d01c855dfd280eaf2807c204c4

Download Submit