1d3d2f438e5d52e409c36da1f5b0028ee43455c3112c2bbcce01f5a2981d11aa

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9cb8a42db6a41cfafc2f5beaf447dc51_JaffaCakes118.html
Size

9KB
MD5

9cb8a42db6a41cfafc2f5beaf447dc51
SHA1

7935c95d1e6ce7966dbb38472f01b8a616fde9ef
SHA256

1d3d2f438e5d52e409c36da1f5b0028ee43455c3112c2bbcce01f5a2981d11aa
SHA512

38f28064395236aa0e619b16223a9bf37a45697da8ffafefaaab1640779ddc6440ffb33c48bab7bbbe7cc148a2d42175df341af14d4eacf360dbe237cc727277
SSDEEP

192:eFPNoFe4/fYVZOR4eTTYQAl7clUbT1lOCRT7aH0peTL8TBIhPq:KtGf7R4yTtA5ceb2sl82ug

Score

5^/10

paypal phishing

Malware Config

Signatures

Detected potential entity reuse from brand paypal.
phishing paypal

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
4156	msedge.exe
4156	msedge.exe
4208	identity_helper.exe
4208	identity_helper.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 2824	4156	msedge.exe	81
PID 4156 wrote to memory of 2824	4156	msedge.exe	81
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 3176	4156	msedge.exe	82
PID 4156 wrote to memory of 5000	4156	msedge.exe	83
PID 4156 wrote to memory of 5000	4156	msedge.exe	83
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84
PID 4156 wrote to memory of 4712	4156	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9cb8a42db6a41cfafc2f5beaf447dc51_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6126614513639617634,4183712050253623579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
efd079652ad21c50d69ad30ccf61a40d

SHA1
000bc74057bb6ab42d2a160349e1597edb211bc2

SHA256
045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f

SHA512
35f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
613a619ac7cd2864538b3cb7255b4113

SHA1
c67c0a8481d2cb5490286c7586deda2522348d7d

SHA256
ca3784d0cb6e3b2390eb4205a3aeff9e8c281c9287ab51180ff91074d914ed27

SHA512
c67982d52cb2d1f342f73c954216e3ab8bc5418ad34a0be45d3400a5af0f7ae28a74c2d8d1dac52b8216d39e7e23632bf3e210e1c75738cc050b1451af6d4b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67598ed435e94219e401ef7147f6e0e0

SHA1
ba057ea16d7a6ab43144fb1b373308a64d63d507

SHA256
55878518636ccd74a0819723ba560b6506b07b6fbcf46814454359b3415f7672

SHA512
b98b26da573f817c9ccb7479f06abaa4fa4759629a42f75d91ee0a66a56f6f754c9718a76bd11de729956295ee9d32803f6bc33cb874e861eb9d7e484b706d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0dc2d921dd6e236df4e7d78241308e4

SHA1
cee339c9892d1f63c66963df25a4c76383cff607

SHA256
2b53b1f26ea1dc73177623068e16eb580fe04cd204b75b441b857c0a61859e74

SHA512
13211137731fa2f073456e495d1b70605d563db15ea1da3052882df29d9c3b93850d192715f7e8321e2e3f25d1f2a6a0e50a365b879f4d322061a5772a45ead8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
573b50f345f8ee8ddbf618b20d3e852f

SHA1
e2cddd27589ca0b940c3ed215d72df3c5a4cc44e

SHA256
ed2465ed4034a34854ad5dbbf4727729ec8729fb00a3900c0520675c9867a8cd

SHA512
7275a6187529a222b0713350b72b64bee7e41bd83e4aa0f5a897206b0e04a5763eaa4ec621c401563bb2ad583a7132223d016dedad5e681e23f744ac49e011a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d2f0.TMP

Filesize
203B

MD5
a3be429a6f7e395aed4a9c4ac3c6e9be

SHA1
a594eff7ebd0748f4e4626ac5f37e77deb5e7d4f

SHA256
5cf1ef3e58fd76682d8f2571e638e804a84f44cc01fb6be36abe22568ae404a8

SHA512
a87730d96705f72bdbc283d990ad31edaaa28c5ef294aeeaae2e4ee72ae25a67bd28056668e28b037ecd108b8f84a553d265cc47bb183bb07c15a9f6243d7bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
52fb8684f5dc06dc6bd5cf62bb024fe8

SHA1
85fd55ce82ae5b50390b7f2d0e0918f01615bb06

SHA256
44d32b5ae134ac1f828a711277952506b73476054b3f557434a6a49e4fa2c141

SHA512
ddeff6097592bc9c93289832809eb25ef3a88f8877906a508ff509a980cc64461c4bfd5cdb07da5455750e0d900363d6b5a7d67c3d913215d1f409ef0b0d0b69

Download Submit