hxxp://cajabanrural[.]negocio[.]site/

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cajabanrural.negocio.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
5108	msedge.exe
5108	msedge.exe
4304	identity_helper.exe
4304	identity_helper.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe
5628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 4536	5108	msedge.exe	47
PID 5108 wrote to memory of 4536	5108	msedge.exe	47
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 4740	5108	msedge.exe	88
PID 5108 wrote to memory of 112	5108	msedge.exe	90
PID 5108 wrote to memory of 112	5108	msedge.exe	90
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89
PID 5108 wrote to memory of 1956	5108	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cajabanrural.negocio.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d3646f8,0x7ff80d364708,0x7ff80d364718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,11711831378401193462,16203390301471256523,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
72d18c17b76a7f5120c6eb4c6c2a0f40

SHA1
dd1a3b78801b878095b8babeb335271570372e00

SHA256
be344d1e4d2c296128b3e53d21d1295d4e9e33529c02d6a0e2dff40e7ba4ef76

SHA512
6c0c75b7a3c32342adad00bcc17fe34beaa7827daa31bd65f9c3c6484149f37c8c8b6709c34ce5e34e746746a900c62603685296376b9c911744b0234b2f86a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aff4b3aa56d1fdacdf724103007db6f2

SHA1
db382d6faf654d1e2d9fa79ec45bcd1abd42b0cf

SHA256
b5fc1ddc87b37d5eddd1f30bc147efcbe4683e8bbf8990cdfb9c5e9527a764d4

SHA512
b929f463af581d823d16520cfffce1d7c370cdc832f9ac017de05afee3c2574754c55ebf51f69160f4d2924ab9068407efe911e471713c0598904b9bc2dbeff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
68bd2a387fad7ac2ce4a3ee774aa2db4

SHA1
67684d537316e01ef6ad22583e7594b17d51fd89

SHA256
cc1b327998bce35e86c502e6f47e5546b07312daa51c5338460fcd0e60b4c7f1

SHA512
28049f1da6232aa2c174178e36875f9e3755d162eff1b3f581acec06ff5e8b8890f3d025e9a8f68960b9d76758727f0284fc0fb2fd74f05dfc9122409e410305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d84b8ed8a9c44804fd0bfc39bf2e07a8

SHA1
3f49b8591226f2ac67f11ef31a69e6c2312c8dcd

SHA256
0fe2151a1919ee43f9dbac6329c12785e496f0a62c1d0fc3ab59950c7ed44739

SHA512
4c630a7e969690747580b49c0132651c86457a34224683d4ffc1f90707c8ec254c8968f9e06edb95a064a4e2d33bd523aed5294b3f75952a526e99340bc80e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62e6277f2a71499afc6717559ae1a591

SHA1
646c68b010a77c9be126ea8c617eadccc74a2b16

SHA256
305895f3ccd48798a43f9936d652ca68bad195adbb5c90aa4019844a704c0bcd

SHA512
3e3d358e2057f646d24b3b1bdaf016f209f15cda4e2151ba73a96403141539f67a9fb88e9f28d4474b63c958e9d79b26d5169696a4b5d63b31f64eaa2f109d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90e3550d296a40845000e12e591a62a8

SHA1
0af7e1e16f9b412031a35799e8c743901ee185f6

SHA256
055e8494039dd27c3b6b05cd3c9cd28bbaa2c7379a68fac94ade700f331247d1

SHA512
9a5aa1dea90bebe1c0fbb97bbee2b6e9886addb1bb7e7c9b0ed7f122ca7f9cfa4efb1636bd614fbe6a869107bffb41feab166e2f4deed857c4fc258faccc9f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e1f2cbb47b2064bafb8423ed78eb91fa

SHA1
f458aa862797f99788b0bd60edf13445b7b0ffa0

SHA256
52db419f4e8c39794c1fe62dbdc3388623302851468e1285280f37a2d02f34a0

SHA512
6033fe73ae82c754992a07cb36ff3f1e8efd2d70fceb4d955fee94e94bcaf31e04ef43ac06d137ba54f210343cdfe6ffb6e1fcf4d8faf8b7b8ef187984f633c5

Download Submit