a5b334714b39b7302e86d1d5be0fb20c8dff2ece1e6940304e5b955ca83dcbfe

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a053e7e5a94ce9983a525c755d16c113_JaffaCakes118.html
Size

17KB
MD5

a053e7e5a94ce9983a525c755d16c113
SHA1

111edf0a1ebd783248ca4d5dbe21073d8699c8ca
SHA256

a5b334714b39b7302e86d1d5be0fb20c8dff2ece1e6940304e5b955ca83dcbfe
SHA512

0ba8f3c36a567fbaf5defc7c73a30c98da27c91dc1166f2a5ae9aa80c53c05b1effc7002788aec5bd818aabb85b455cc3a6529e240d09775f595d99fa9cb1b51
SSDEEP

192:rty8CR7uzDlt437+mmGk8pafknZ5nYsdIUkBw8okn6RZblW5+lPL6QokwB:ER7uzDlS3LBpafknZ5nSUd8odgQo7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3792	msedge.exe
3792	msedge.exe
2620	identity_helper.exe
2620	identity_helper.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 412	3792	msedge.exe	84
PID 3792 wrote to memory of 412	3792	msedge.exe	84
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 4740	3792	msedge.exe	85
PID 3792 wrote to memory of 3772	3792	msedge.exe	86
PID 3792 wrote to memory of 3772	3792	msedge.exe	86
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87
PID 3792 wrote to memory of 612	3792	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a053e7e5a94ce9983a525c755d16c113_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14266457248402533010,6980814587566277373,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
49f8b66720fecfa0783ab4e8dcb8ee34

SHA1
a2cf08287859300c4a2fcff79328082a7c31eb48

SHA256
b4eca77a3c83f910d9650af19e10fce8d71bff1378beb540699089288c12bf8b

SHA512
99f02912470d2f90c11e7d97d9a6ea1077060c80489fbfea41596591ee9b92428111fa6950c2270135292084ac5a40db88cd67bfb96b842e2afb44f678fddf5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
81b4ab89b012c6fdd249e364967a4a3c

SHA1
3a72bc3817e7394712dac612fde82c322d4e30af

SHA256
a7baf57bee3d533c950bf088a1660b0ca8a0b6e676bff2c816eabb19787e5994

SHA512
a29c1a32c84beb54a8b965f12f81d4e31b287f91cee3608847a00b85f784d6442eee328d72cc22409a7e047757f5b4b6f1f775ef9a22adf8e60f522a9740a346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1022B

MD5
0a57c8ee77dfd93f23fcbbed81471411

SHA1
76d68fca8173204399563649692808e01092c1bd

SHA256
af628073abcfdc3333741dda1a242757b8a824ac6d502474596906d88a25f43d

SHA512
3ab0ec9d988ef6a53a40661f53b81809886f979b69f2c076ae5d0d9b8ac4940283a887eb9409b8a66b23d1bcc49155f45a866d14ee35aa4867bb4d1d5f6f86a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d49fdfa66d845955e5796f0ba8b08c6

SHA1
e5762f76139604de0be89e4bbd5ae6edc1e050e6

SHA256
4d89ba24ec14b92ff515f00f611956e2a283801edb5dd7530fda92c9b0b64e88

SHA512
5da973a2e16b49d594ea7ea6744108e01b29c5e4092b7d82a5401757e5a291e34346836bc4ee4ed88d0287f6e4130b5b9726a28b4594bd3f8f9c00caeb9e91e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fdadd8d0120d4b07eddb59da1fa02596

SHA1
a6b941c63bd5dcca69da092315672d3f8415ae67

SHA256
68062ff20cf349c8692784652ae747dd193ea9be826dc4f226b0d3e396df48b9

SHA512
abc7c530629c2359457e74e78b11317533073bbf1eb39398bade3d2ed5f023472d92602a31c781ee57bb3832dd39115b19100ddfb51f7b305ba3e3bd57b33489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0437a15c8265397c1b4ee0beb40dc487

SHA1
42649ae4809f08d675a4f7e919ae93eddba67fe4

SHA256
af553a2e9df3469643f69d76b1525c54cd40749f16cd7daa3c51f58de161a41f

SHA512
b3824a82482d42d1d9b8d25b85862521d61d5926f026d8e8fa316087dcfd26e3940abaad4b2fe9cee3d799f0222c0587024d5fb7f73ad2bd8f02e141646a6e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd07f8370110b9ff3a81db8a65320d7d

SHA1
fe68ed12d453ea902d601c7eff4c81a97d4ed808

SHA256
eef9bca0e3eb250c8b37388addcf11b04cc6ad1e343d9452713f1dcc0faa1a19

SHA512
bef4f02ab0669a716156e0188135b44e75abfd2c6ecddbbd2bb7503bd0b7e07f5ff38ed3ed57bdc8db67b2bee23fb3d3c769d54d3d4e23aa9f305faaf0786820

Download Submit