f68a8ae0901355fc16b7d7c0dbc4c662948121373a4c441ca7a6fdcfa4b1149e

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 11:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

41418f30acf4e4cab42813920da3c09b_JaffaCakes118.html
Size

32KB
MD5

41418f30acf4e4cab42813920da3c09b
SHA1

3a06a2b6e7a1c825e5392bea858e8c6cbcb2eaad
SHA256

f68a8ae0901355fc16b7d7c0dbc4c662948121373a4c441ca7a6fdcfa4b1149e
SHA512

391725b58e99c08509816da0e1f2b6efce03db363d1def097f8279bf95176ea3363861cdb4c7603230b9aead46b210f21c8417e68601a603d3c3e13b82558419
SSDEEP

384:Yb0uuJMSwOHSaFoZqlGp0lTF/+8juavxUAWH6CKycVKOQJMWkMIUIbBj0:2daHI10lhr4JoBj0

Score

5^/10

paypal phishing

Malware Config

Signatures

Detected potential entity reuse from brand paypal.
phishing paypal

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
2504	msedge.exe
2504	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 4424	2504	msedge.exe	82
PID 2504 wrote to memory of 4424	2504	msedge.exe	82
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3548	2504	msedge.exe	83
PID 2504 wrote to memory of 3348	2504	msedge.exe	84
PID 2504 wrote to memory of 3348	2504	msedge.exe	84
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85
PID 2504 wrote to memory of 1288	2504	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\41418f30acf4e4cab42813920da3c09b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e2546f8,0x7ffd7e254708,0x7ffd7e254718
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17634202733608025848,1766470124264139736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1a7e05db-1b8b-42bf-bc30-09ef7a8b8ce2.tmp

Filesize
5KB

MD5
48e161398ba56609939443c5b9b33c1b

SHA1
09455979f6ba2e136d5dc9ad098e6a462bea7938

SHA256
9a2afaaaec3f70aa72f5db727b0e4da2e521ac96648c90f82745b9f1c8f21dc2

SHA512
d8e3c50cb5fb94f7ac81c3a59f7a52889b24d88afb2237d89cece75d4447af21a478125cdb8398a2c30774cabea7fa274fbae191060d6ecc8f3d12f9e376878b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
efd079652ad21c50d69ad30ccf61a40d

SHA1
000bc74057bb6ab42d2a160349e1597edb211bc2

SHA256
045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f

SHA512
35f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
844778e7ccb2d4072c1aad2b1eca8adb

SHA1
26cbfe2db0adf31f47704849f2e2201dfa8f9198

SHA256
4380c7f072dc1f8781bdcf59b1369cf591766e3553f9e51282f2955ce8345e78

SHA512
9883f848b2242cc7b5212ca62fe0dce112f450495d01c498ca4666efbcbdd377069f75a5ecc9233e1b53c0d402634da3bdd24079fae64ffd0c0ffbd848e8eae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd89fe13dcc538d11eb18f58705237dd

SHA1
40c023ba607448694969ca57d732b3321024e325

SHA256
9a7cbc7a0da024e635a7656bd9d8a477f86cf35061f83c938c90729aa88d1839

SHA512
832e2fe1ded882f8bc628addd727547ae8180edccd1db8816b1d757b721c91f062b9642c50fb6f9662e8ef347f60d5e1966b2041cf7117642fe7444f538532e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
66913b75f6d7eb2756fbe9649fa3e98c

SHA1
ddf0ccb340372ef67c1f621338e52a0b56437caf

SHA256
c813bad56bff867b6b402048437766fd137a7ec9deac36f2df0df5fdc3b5c770

SHA512
652fe685a0a36d660c0cc1dbce52172bf670a740f063f6a06e0394b4641be9baa00039c5a676e2b2ceae51ddd43a8b3a13f30f6c783550c4c5e1153f109ba643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce1d.TMP

Filesize
203B

MD5
54c565023665f5a70aef8a8a105f2f77

SHA1
23d4132aafad943da83707ec4247917232899b5b

SHA256
a8c3a1f9045779c815013663a6e77e0e402d1dc3b2fec0f9ee21cdf9d0e40960

SHA512
36978d56bca7e2c5833bb98c64e8365e19f88693cd2719836ceec7d0e74925aefdc2ea07039ad34ea6faf0e6ff077a5881b3818bd7997eac614381841edea0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17eb91c65a567120937c8832ca54b5b5

SHA1
2e37cbba993a6d5e91a175891a2157fb15582c51

SHA256
2cb0248f37ede342009195edc4a0781ec48a0bc5466b15c2deed6f379a5dc157

SHA512
bcd78f989a352c08f8bcc3619089a1a37ec13278ec54d48aa779241fbcd76d1394eee0ca433e6a003ba47bd7c743ecabe323f2fbc274265cde1f27b5b68069e8

Download Submit