98ebf88d6be235e91eb6db7442f736d929b91a9d81e2bd6060f24b18485449f8

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4359656ce56eb62a06c7024a76c7e398_JaffaCakes118.html
Size

28KB
MD5

4359656ce56eb62a06c7024a76c7e398
SHA1

7865308913f507be3fd48e9e0ac2006c98fcf70b
SHA256

98ebf88d6be235e91eb6db7442f736d929b91a9d81e2bd6060f24b18485449f8
SHA512

c2fc541ac243c9e35d761e07611dedb125768a0595efde91cf121495ba75b7e23da49c441adff29e6c48e623b4d96033def165bb4d535021f3a63f507ec81bc9
SSDEEP

384:GP5ChfUo/C6BMmX9NmCy5w11KoRT7vRhueNPND9SpOd:GBefUoq6CmNUCyA/RTFhueNlD9Spo

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
4888	msedge.exe
4888	msedge.exe
3464	identity_helper.exe
3464	identity_helper.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4752	4888	msedge.exe	84
PID 4888 wrote to memory of 4752	4888	msedge.exe	84
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 2012	4888	msedge.exe	85
PID 4888 wrote to memory of 3656	4888	msedge.exe	86
PID 4888 wrote to memory of 3656	4888	msedge.exe	86
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87
PID 4888 wrote to memory of 4604	4888	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4359656ce56eb62a06c7024a76c7e398_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8236046f8,0x7ff823604708,0x7ff823604718
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6011773841973032441,833944905645669250,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
333B

MD5
46013fb2981ec9f8957bebfb10cc759d

SHA1
466f2eb6d10750c24bd7c25f95c13e789a2257b1

SHA256
edc0760e660f071d1786074d8e58f1ff7f41ec85f9f10745ede85930c89b0abe

SHA512
87197423c04f55babe304e10017d29c13de48d213df6b58af6d4c03d3cc7bac3f7786ca0143774abcdd1fb9f61fdd32b618364ad8b27ea66361a694ee402dacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc4950a25ab9b5e0ceb1bb4f603d9f75

SHA1
ef693f1bf9c96ec806e4178ae8a5b8b5e8885dde

SHA256
2a0f02b9f35f9812a33acf9995b3fae16d18ed85484999dc5ebb754c196c05d1

SHA512
a7423584101a6b4da67c87bc437198df65eb986a09bf16f7ecfc2d30a5fdfd98c6494ecd7cc0a2d7588cb1371f2505d30c09768a6132efa85999d7a52128ac4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4264e7b05a63ad80171e176f03d55b02

SHA1
217ffc6f8de363832e9e135ea80713ca3ca25b64

SHA256
8f185599355c3f40baa4ede64e1a49c5d7204ebe9f190a1e80cf94af3dafa017

SHA512
df9cb58b25e0bac4dbaafe98646af9e7089001eac028a808d290832aec11270762bb53af4703d8bdddd2964cd1a82f6ca3af9d6d935058e9b823fa013d0d2c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c694f4e7d8566d7f6dd3b1cd132bf64c

SHA1
4f245c9f694fa98a6fb007ab7d8237793a6deb17

SHA256
82e2b88def1f65190dbcf7c3e1b3d0d7a9a3fadb08bfac1c3df7952530460d9b

SHA512
166acdf310900ba8f20cafd79d58e983dd800bca53043b0f5472731dd7c8e7b135a169bcd102b40946479a9a94c805266dffabd932b87ca1d0c4a6432d87a479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
4bfe541e89e4246483e9e126c1ccc805

SHA1
9466156485cf0c11b26a8e4c22db7bf651851fa1

SHA256
f3dbaac3aee2a774fc09455ad4dbd2f332779abe9acf406d092d1f9f49b1cda4

SHA512
029d0d6157f66038ee8891ee6412c62ebedb110f7f399e83519b4458c8c19e11211382cb1ad9f81d65d66e41afc0f376d2a3744e9885f0100adfb930e0652fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
70e58f9ff750f98b3afbbc3609539afb

SHA1
8453e5887c860319add395d7ba654e8d13229898

SHA256
841fd38807dfb30659ae64886da066bc68131b0f37187867eb3fa2824844dcb8

SHA512
37ee91a5f6308453aa598dce1e5bd766cea5044523d14f380d4929bddb10dcd3c0cda05901a670f0b1cd826e2fbb6c1923a39fdfb2efbaba47578a53f042b7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5873e3.TMP

Filesize
204B

MD5
ef9872e8ceedb64778c78f3fd9c97b1d

SHA1
f07a274c29eeab50dea3652f9c119ed9265d7875

SHA256
6689b1d2d57e8512ba557bd23284c24e42be79e37af58dc41d87e6f83eea84a8

SHA512
2b9dc847f9a8cadad5c4834fdc79ecfb07c3623ae4e7c90af3826057d1956d583628879de1b2cb5c3da81bf08865c2adc27565858025346e14d0257209729b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e38b13d8ba0fb6eb62306beff96fa10

SHA1
46c6ad108c50311eddd1310eda1b05291232a65f

SHA256
42e3f9b175aa57e651d04234f219d952cefaa89206cd64d1bc8cfa039c5e660b

SHA512
7678121eae0d92d5c78f4b0c3e5715293e5e08c0136c560848e0c4d25fade4740eeac79b12bb87b562fb7b2ad4851a143f17e24328b2dc696079bd648bce51e2

Download Submit