bc2d0380d2f8c019568ef23d91854a2af3b7054f7a450011df6ba25d01d7ce6f

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4263edb658a43fb6f1ad353d9f3e1d9f_JaffaCakes118.html
Size

76KB
MD5

4263edb658a43fb6f1ad353d9f3e1d9f
SHA1

a32937e8b76a2bfeb0cff06d1910c27b5b0892e8
SHA256

bc2d0380d2f8c019568ef23d91854a2af3b7054f7a450011df6ba25d01d7ce6f
SHA512

5d17d71b75ff891e65af8272a341501d6e50d0149330f89a7245f43b35f3027646a4a312b8dbaccc9a08d58bff38283bf56b37813f276116a87b29e621d50de6
SSDEEP

1536:vwUiv+28yKEcIb6Qm/pY+yCIM/VEXjPWHtJPWrhRr/FEIqD9yWcnUOcgEEX2q6KN:IUivJlm/pSCIMyXzWHfPWdRr/FTqDjSD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
4600	msedge.exe
4600	msedge.exe
4216	identity_helper.exe
4216	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 4924	4600	msedge.exe	83
PID 4600 wrote to memory of 4924	4600	msedge.exe	83
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1652	4600	msedge.exe	84
PID 4600 wrote to memory of 1484	4600	msedge.exe	85
PID 4600 wrote to memory of 1484	4600	msedge.exe	85
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86
PID 4600 wrote to memory of 1056	4600	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4263edb658a43fb6f1ad353d9f3e1d9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce3ba46f8,0x7ffce3ba4708,0x7ffce3ba4718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12536774735826151483,3613955585572780629,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
74d2f0f90495ac01e20ce963b8895454

SHA1
3e7a293570d9ffd9abd5d8ca8db8670ffb99d9d7

SHA256
147c65a8291e02c49bea2719b9373ca9306cb825e411feed091204fd4788a78f

SHA512
313477648f15432e10ee50534324a01093d78617fb92b2b3670ff482553e91f5a5899a8cba9978f88ed98e7a1d281b1252d7bedcf549acd1a021be768d1ca67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49bca64bd915488ba664fa3f0aa14cd8

SHA1
473ccb42ac418bd890fd3d92f9e8ff641e96f67a

SHA256
e7a9c199eb216a76778e8fa89bb44f2d96c912cd0395ea3865f6525d60e6c9c4

SHA512
794e996799c1417c64efabf54178b2ba42a57c73f7a498482e5c5af6dcd334c90fa42247d2168eea94e6186bee75e371a2ac4e229f320d9dbb0953d681092afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
467a6a8d7fb4a5b246ec38388f473e9c

SHA1
3e135de4941afae659554ab2acff751941ac6d34

SHA256
25531e20fe3e2f233f6a010a0b02a5bc78213bf85c6c4791a0fb8a9e877c1aef

SHA512
af142c4d6d1d4d9dc7240de75be64801f19f936f0d11179e11adcdd1f154d488e2159a4b22072a570ed543e200158e5e048209d15d2f4131de34a24a90c5b793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
480d0c552c14cb85dcb214cf78f1dea3

SHA1
d58607ef229637739693f6e99047df1a1c86b03c

SHA256
025de395da3a7eb258a131873696a4b3f1685d62d4ac25f207156bf6b3cb71f3

SHA512
9d16c3c15ba8b53f0a63e4ecc931a14b8be3d8658b5a328bbaff07bd9779ded806b1fbc12e7d5d9d006e83ff50c6ae2c2837f6b93f572cc34895ab594d31ce59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
34971adc520c43592114c28a9ef3bdbd

SHA1
1fd9c158ecf26689fdeb07fd59fa991f4e28e718

SHA256
d78dc051726d9faaa4ecde558269c5e5f445f639490b7652a948f3dfe4eb3ec3

SHA512
7e1532d573c93b6b7b2035fd49154f71606c5e9ce53578fe6eac6884b55c957cc87566eb9af3c8b845ff7bf66518e4a44be3efaa974b8cb11cc496b0de97dac8

Download Submit