4c566f0f82cf2cf9a05d41641bdbe501bdacbb1d3033e4e606c95b9cdbcaef36

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 20:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db273614e7a4ef4e5e41481f99589c0d_JaffaCakes118.html
Size

66KB
MD5

db273614e7a4ef4e5e41481f99589c0d
SHA1

653effe4a73ed1d82d1bfe28459e353ee5a43106
SHA256

4c566f0f82cf2cf9a05d41641bdbe501bdacbb1d3033e4e606c95b9cdbcaef36
SHA512

d658c72a911f0b91a00a8e448b0ad4378298408c35d31ae04f48fa4960e5b410d5656cacc2deadecd6c90928420d54735ba17f1f1638f4f8963c6cc1169ca7b3
SSDEEP

1536:/u0pGlSWQIaAkOMh+aedXe5yeoJeeWeXGePqN6/GtSfQ7yrHAfaUm8Pdk:9pGAWy92AfaUK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
3920	msedge.exe
3920	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 4516	3920	msedge.exe	83
PID 3920 wrote to memory of 4516	3920	msedge.exe	83
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 3360	3920	msedge.exe	84
PID 3920 wrote to memory of 640	3920	msedge.exe	85
PID 3920 wrote to memory of 640	3920	msedge.exe	85
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86
PID 3920 wrote to memory of 1552	3920	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\db273614e7a4ef4e5e41481f99589c0d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc40146f8,0x7ffcc4014708,0x7ffcc4014718
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17477684041044730659,16123531814739589115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
467bbb97e21c87c7297e2e3dc5409630

SHA1
e4c1925f420cbe5f4cb93e4d7b2fecfdf93ab1c9

SHA256
b0be9d21aad04c464c53391e08ebe5c078186b1680f2dc4d0c502ab0691a7c9a

SHA512
e368dfd5c8038cf3fd90735dc709ca4f41d350b23b7606cf650aa4590119e405f472cbfa56827f493867d72c538db979d8a5ae6e810504c87409f0ff6acf2af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab48f36545c13c72838d49645142412b

SHA1
a351cd5eca809b386ae01c871cf99ee5e7e39f51

SHA256
22b01fd07840653e3c5cddefafe10022e74350c459ed46236c435508586fc422

SHA512
447316877fd269a620f241c4eaec0013423a2c7eb894e8127295bcf054b528fcda462777c7b1f0854502d0da9dcd9538cf8b84a806e36c6af90b9dccbad8a27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4da6596e174670f8834f8dd0be473841

SHA1
022639b61197a0ea96d2ab9354222b943a636592

SHA256
d0deb73fdf00137cc737fd18a61e13a561cc461196b541e49f4e71bc4f9f62e3

SHA512
102a8027fd5386f51b9edf89a43571c9a34a68c6ff346fadae17eed6a32542ab14079fd1ac6e5b1c1c91baef157d0bba425eb432dca1d8a384adfd37b1893fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59184e3edb86ba501e171782a7d8772d

SHA1
7438ffa4f8852c693536147e7d446d8bbf1edddc

SHA256
21d36477648fda6f52fd3c567ce1a89f398eb0857b32217e14ac804134c936c7

SHA512
e987242e9599789359b55fd9d8e15a0685485aabcf640f229b7ffdbd31d3530c3f19fac865568b341ece497de98a54056a47023e64510d0f7b8b0ef03aa0b4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
1c56046c53211cff03c97a3978cd36af

SHA1
182e0b27e3ea334a7abf5f45308eae9717070d49

SHA256
9af787526215672867625f6a3b7b010fe02d74f714e58f37522ec6d8bf063bf3

SHA512
a4e26d7355f647889b358392e459b97f70239e00ef71dc25bbf28f0bf06f123b20dee5c0f38ee1889714abe4910c71ba03312c71748de170cc2682166280d217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
4f5d7f2040a72c369636a230798b3b7a

SHA1
ce35199bc4c3f7a1f097b567610a28dba87f7bda

SHA256
d6555a62db660ca325bd24b8dd01c4045e8d835f4f8f57bd6e2979f8576f8ceb

SHA512
49158cec27a4778172f6ce07dfa02665f449a4e6fd401f0669195b51d5538d65869b1594ff86b3cf120a19e54b184f3954de9089b06713cec37dfda98c1171c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591822.TMP

Filesize
204B

MD5
75be6ee80623cb0e2591b8edce4bb29f

SHA1
3e69eee06fc65cbb1f39b2232de844e6ab652841

SHA256
ec8088a385fb9bf3f31db208314c6d198ce8fdd1e7311fc5329291a7d4675af4

SHA512
84bfbacb0cb332bcbbe141f7ec046f372bb659edb67736792aa13725748563721c977c9f04339c08d5a66417ff8df8ad979874cc645833884da68b5876999249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2b534438ce524892a3654b3be1f36f1e

SHA1
41ab8026acff6d549f9be393ad664b2672590825

SHA256
27514a4c72e28e3fa5c124c5b26deb41000057e9a3f6b427534ecbb3ce7780a8

SHA512
059d8d0df9ce99932f76b6500161ea060be7378a03a9a871b433d4cfab798534ab5a64c1f39e09e5c6050a4fe1ad8e6ba65d0bd0b16d08348156c82ded1bbea7

Download Submit