hxxps://app[.]crmdatas[.]com/index[.]php/campaigns/bh927nmw9f026/track-opening/vr138zx16e8bf

Analysis

max time kernel
869s
max time network
844s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 07:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://app.crmdatas.com/index.php/campaigns/bh927nmw9f026/track-opening/vr138zx16e8bf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2072	msedge.exe
2072	msedge.exe
4636	identity_helper.exe
4636	identity_helper.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 908	2072	msedge.exe	73
PID 2072 wrote to memory of 908	2072	msedge.exe	73
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2028	2072	msedge.exe	88
PID 2072 wrote to memory of 2976	2072	msedge.exe	87
PID 2072 wrote to memory of 2976	2072	msedge.exe	87
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89
PID 2072 wrote to memory of 724	2072	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.crmdatas.com/index.php/campaigns/bh927nmw9f026/track-opening/vr138zx16e8bf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2d1b46f8,0x7ffd2d1b4708,0x7ffd2d1b4718
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4232 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7547935331806744002,14646555195935305877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebd667e8db80b0ab07f02f3dc844252

SHA1
461bade20eebf59e30e8c3620640d6df6db79249

SHA256
d04531e41d70e7832898e797081335b3f0314b09141a01de921ff679dba41b0f

SHA512
75f92d1f4ab942c3fdd3b70542956ea246f718aa8808a53f33d52278505f4f783e4c0458e5093ea4f459e72faea431f926373883eed2ec7da1109bd7efc6fb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f621c7614503377ba83f2fcfca1c303b

SHA1
c7ec737f8e0262052e038691e5b38db37bdfe56e

SHA256
c2d2e04acc5e2cd129dd3211f73b498043051b74a2f661c1199224b37b681b26

SHA512
203e5e582007efb7d11b0442e85d4e37a4cc1332bd6367cd74b0d4b9de0d0df85757bdc66474f62309bf530841ab7a5e4c0d43c95aa416b7175129e2e2b36c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
264B

MD5
91b430a4f2e9b5d7cb91f686b5afe14d

SHA1
c1319be548288174d51e5c060e3c8aa21c32f8b6

SHA256
7f0da4c6ce075180b4b62e888c19b4737c5612dbd6059489a007a52ae381de04

SHA512
6000d34ad1ba4beadde0ed02deee9769f0778c1bd2bdda68fc50b0aad906962ec2ba54e7d7894c9303df85979d710ddb4ff489a7d9a342c636cf0a0497622ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
196d2fb15945488b840693aa6c6354b4

SHA1
7a8bf3b8ca651615bc3c14d5fb539ab05bd4580c

SHA256
65ad26e138b62df6e515b5b15165045901eafbef7aae11fbd74867b895beb50c

SHA512
c530416f8655ae345ce6775ff6876b57e32511ef2be9084e6959fe0a3d5daf0f659819ea564c4ff5760718a7de0d1e25b2aaaf6b86ac78cbd3dc1845b81bac0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2580b1eaf2901c5607a3b252b50e49c7

SHA1
ca3e5ca0d3c2fca6ca038f316cc1f8ab3717006f

SHA256
1ec6d41b3c4e2b9bb274d43058b29beaa32b86f670d03de89fa6ee04974e1ff0

SHA512
8001519e37cd37d33843731d3f045c58490ea91d2a6f4c783bc6bfedc6a7d1f003b1a456b524344ed2e5d32e0cc1fbe76d1eaa41a6c95e727f9cfd8c70cf341e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95f490600af36231ebd7a097150a0319

SHA1
4bba794c5db4c48b23b3749cd04961a7ac7279d0

SHA256
0dfd6464d7109156b944e39feb0d603824c23d6ee47074b2dcf4e8a4c9d03d96

SHA512
cdc9f1b126adc4d6c56621e1223a4bb5a7f27a645be0238bb2196049f1dce6b4ba8088c2353d18d868cc4f87d859a46c3bef52215d794b6d71c59b4005309f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
51caae4fe61c171ce83620496e4ab631

SHA1
4bda3b77a9c98340e5494125d7cd573437cd09b1

SHA256
ae299aa6e31bc7cfe579b9127989c0789c965a3e12d2d886704e1bbe1aa4b0d7

SHA512
d617058ec6cdeed530ca879eee3f730c4a5c6d2e38299f45b67a1b3a59eac1ec8b8c3d8de947d9db751bade3d1ae0f159295dd43c254c24f402c10ee7b5ebaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c80c8d1eaa446631be945a10de0affe3

SHA1
4c00f55de29f2476ceff14b29e82b2dc7cdedfd9

SHA256
221df084aaa4d8ce3ffca48b788de86751242f1fc9a25fda97cedeeb4c13ca19

SHA512
dda3a83ab66ac7c20b2c9e0c9a6409b6c5b6c3a252c9fbee730cbc2629795624a8060f2951c540ff6ec9af0dd196a7e4f817a2a810b0218d3618119dd4be38a8

Download Submit