hxxps://supucansign[.]na4[.]echosign[.]com/public/resend?tsid=CBFCIBAACBSCTBABDUAAABACAABAAqFg-yYgUtQbh_9gdL-evuM3bxwofkLZHkREja1-hzwli-bAu1ec0hk9pLX7RT9M_zZjBlhG60SOo3Shu0d1Fu15XxsZRxoN63DdFjrivZP2cSGuNLb0qvPuFRL7mkbIx

Analysis

max time kernel
156s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2023 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://supucansign.na4.echosign.com/public/resend?tsid=CBFCIBAACBSCTBABDUAAABACAABAAqFg-yYgUtQbh_9gdL-evuM3bxwofkLZHkREja1-hzwli-bAu1ec0hk9pLX7RT9M_zZjBlhG60SOo3Shu0d1Fu15XxsZRxoN63DdFjrivZP2cSGuNLb0qvPuFRL7mkbIx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
892	msedge.exe
892	msedge.exe
1512	msedge.exe
1512	msedge.exe
1436	identity_helper.exe
1436	identity_helper.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 388	1512	msedge.exe	66
PID 1512 wrote to memory of 388	1512	msedge.exe	66
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 1736	1512	msedge.exe	87
PID 1512 wrote to memory of 892	1512	msedge.exe	88
PID 1512 wrote to memory of 892	1512	msedge.exe	88
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89
PID 1512 wrote to memory of 5080	1512	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://supucansign.na4.echosign.com/public/resend?tsid=CBFCIBAACBSCTBABDUAAABACAABAAqFg-yYgUtQbh_9gdL-evuM3bxwofkLZHkREja1-hzwli-bAu1ec0hk9pLX7RT9M_zZjBlhG60SOo3Shu0d1Fu15XxsZRxoN63DdFjrivZP2cSGuNLb0qvPuFRL7mkbIx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff827ca46f8,0x7ff827ca4708,0x7ff827ca4718
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,3825853761009056057,2718209224200401464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c89e9212e22e92acc3d335fe9a44fe6

SHA1
c43c7e1b5fb58a40a01a6d8dd947c41a48e0b41f

SHA256
18c46c863404b31fcce434662806fa34daff0f9af0a9379d898f772b5c398b44

SHA512
c6961c171af63ddc7a72aaba4c9d910cc6a424794c416cd1ce51206f7c7f1100ca51c9e41d07d68489105dccded2294c1d761a8dc6be80d22c661014efd6a9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
25a8709269a23553b0c280bfafa21915

SHA1
2ac2bd4b4e1eb3d1593699e76a27120e0036a79e

SHA256
4d44b3bd8c840943397a3ef347f4094ab35df6d103668ffd305b8061347c8338

SHA512
c34b6b7b58e4e01ea0b7b652ff8c0a8f8ac7202a17e023c376cce637b821c62c5da8a09dd7ee86de167162dc740399794387b2f69e01f1f02ea8afd2c3813aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
561B

MD5
cb725248f167fec03d504da73ed07dbb

SHA1
c5dbe60df729c5dbc5eb8909d27d1e795b258824

SHA256
8e6cfde3553c0abc47404dd9dd28dea3438c3abbb06d9eefaf806db96cbd504a

SHA512
323877f377666a70280b5abd6a672ab855c53b609449bbe08a2b7b3c986e25df36c1fd9f307f03d06333af2c13fe883d02f34e62b92288f1d351fc6216e47993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d36ae5f0003aa69b3b82a2096600d4d6

SHA1
89fcbe4d02721280deb9604d037ce158e5990a95

SHA256
7f996cf5d40293a387c245c96f7547062690f3950fe4fdaa7909a55f272763a5

SHA512
13e3c0e9b59acd3c8fd644705548d6d144f522cf359fa4818c42a6995946c3dbb70ab50755e83d020e36a2ebd98970d09fae1db2f89bda09e37a855cf73eca5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6596ab0512c22d05fa39b8e97abdfc80

SHA1
deeff737ca8081d0c507f1e2c4f563f0394c7d46

SHA256
3cc3064cc74bc25d1f213b3cfd2e1699f77b762d804ad1175169c53fa51bba88

SHA512
48bb53e72d97dc02623f8be8c2ede31d5acdce105bea00c85f43bad39c2238d431e6d46a585b6f0f4b956841fc0a907b83818a1d5130356b3e122ab353185012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d7b2b29ef1d9a33e61e1167984c8ca3e

SHA1
9a0da1a3cf9003ecf6aba220a8a00ca34a7ebd34

SHA256
7d4bbec0e8bf4e62f352750240a0bc0f7844d58fea590bc6a9fc972c3b752dc2

SHA512
3cc40b7e35c0749e419b035a73768c8f76bace77ed44be6a59469a032b643da15162733e5aaa94064494b055858a24e4f79326a863f31f1c28eab44cec35cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27fa3dcaab20c2a6f96484f91f4fcc33

SHA1
7ea790f5b3b3d56754f47f118703b0eda52a6b9d

SHA256
aaccae8ce320b576dcb45f4cf10c8020a48656615afabf99d07693a0e535e350

SHA512
3a3d97ee07253ee8f8a1534224941ea1a9ad3042e5ceee0c0cc881d11d4395101693d3a3eff5a927efee80b7209a88a731a18153a9af0c7c9a048dce86a07092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583a26.TMP

Filesize
1KB

MD5
df38737629a3715323ff43d13608dd2d

SHA1
9519c7589703add67b8454877c1375a8fcf91942

SHA256
a2df9cdceecaf5681c520360e24c1a8a223cce82707ff8ff9f3cbdea92b7df2f

SHA512
15dc39ae7c81b21e6b8b0fc550810879462a3e5cf3879e71906fc254a336b238367b5ac42f45fba8a44e31f09f25b228c176b51774ddccfab412cfa1c1a535d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc8ed1b61e3ec4862efe3715aca7a0c7

SHA1
836844b47e27e70c0b729a413f4a04074070a85a

SHA256
7159694d68e58fe008dfd423bbbcaf792846a38ebd28eb8d6c6ea29f4d16ccf2

SHA512
609a96cb20d5e5ea6a009373fdca2658e818d4cfa311c6a5a4d0b4bba883ed3180943d9ead9156f27ba46d162a271318f9e884ff6c0aa90dbf4e515211e9e334

Download Submit