hxxps://cdn[.]discordapp[.]com/attachments/1210890454485442563/1210890781221720074/file_release_2_0[.]rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File[.]zip

Resubmissions

24/02/2024, 18:40

240224-xa85yabh9s 6

24/02/2024, 18:37

24/02/2024, 18:36

24/02/2024, 18:35

24/02/2024, 18:34

24/02/2024, 18:31

24/02/2024, 18:28

Analysis

max time kernel
1723s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4076	msedge.exe
4076	msedge.exe
668	identity_helper.exe
668	identity_helper.exe
4496	msedge.exe
4496	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe
344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 2448	4076	msedge.exe	84
PID 4076 wrote to memory of 2448	4076	msedge.exe	84
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 1512	4076	msedge.exe	87
PID 4076 wrote to memory of 4368	4076	msedge.exe	86
PID 4076 wrote to memory of 4368	4076	msedge.exe	86
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88
PID 4076 wrote to memory of 2152	4076	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc78d446f8,0x7ffc78d44708,0x7ffc78d44718
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13129219994541547170,2279448939375522430,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8410b05d-29ba-4c7f-837e-81b7a51d94b1.tmp

Filesize
6KB

MD5
fcb361c1bb9bf401709aa927399f8cc4

SHA1
bc724242e03d00e225bc51857891e127e81f69fd

SHA256
59b672cdf8ea2be94d229036a9e07ae058c6492c7ab37d8e426c09dc517a3cc1

SHA512
629afc1e8d277b31dbc47441a64e45aa0357988cbf1247bb4336aca62151c83bfddaf0ee758cebf4b4a58cad4de163e45c06ee161ca10bedf4fb78f4125ee90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29706951029de7919b59e3fa294dbe3f

SHA1
b951d9c9f84111342259b2a4ed17ddd29fe657b6

SHA256
92eb438a443c5ddee98546d809acee47ada5d7d3abef8e72f98230c101bfc920

SHA512
950373e31710752a1d463aff3f23d31bd58d1396233bde86c83a8b0c0c65aa26e5f4acce79aad636a2e8c3277144b82337ed13bece9f94ba338da1f58cee115f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3a9f64b50a010cdf69102b8904f9a38

SHA1
f6ffe7d301a4c54db74fd23a9cfa5033a99c6077

SHA256
5078a3efe6835bbfe63a9d67d5a20952f004b9c012d17e1c28edd8f9ca5cd666

SHA512
8ba893e08c0d9ca68cc6001cccf134c9dbedbd5fbb2841fa6e6f2ebfa799e8ae08abc14af7450334afe16b780505d25ab16b1e53e6887d0f6852ca162d812786

Download Submit
C:\Users\Admin\Downloads\file_release_2_0.rar

Filesize
1.8MB

MD5
08373ae995ae6fda1edd1e30ff5eea28

SHA1
ebe60dfa9ff5cf2c91c09c25a43700f83e361fe3

SHA256
383c55c952179dd1ee79e3810f2e478e35be5dec76a084da3eb6602f02b07d44

SHA512
41731a16b00c76a87043903afd6227a168882c7aa943ff79b7b35f4fe8c0151df611e0f9b609d1acfe6dcb6b9c0a203c07eea4e24f8205142416b2ed3df89e85

Download Submit