hxxps://wa[.]me/971549917489

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wa.me/971549917489

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
2856	msedge.exe
2856	msedge.exe
4356	identity_helper.exe
4356	identity_helper.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2792	2856	msedge.exe	89
PID 2856 wrote to memory of 2792	2856	msedge.exe	89
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 520	2856	msedge.exe	90
PID 2856 wrote to memory of 3892	2856	msedge.exe	91
PID 2856 wrote to memory of 3892	2856	msedge.exe	91
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92
PID 2856 wrote to memory of 812	2856	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wa.me/971549917489
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa414546f8,0x7ffa41454708,0x7ffa41454718
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1681754628475485920,785591486810225410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
33b8107001b27855cfbf9e2c259a5859

SHA1
0f043abf464c25b8fa094b8add744de8ae81e030

SHA256
4d9972da502ed7b3a0bf2817d3e31217e07f255d7c02c3ef63247746f352e181

SHA512
b997cb832b72f2e715ae6e5eeac6bb733e00ed714971ca4dedea919942f8b5d6accc26c55668df203055d582bf064568f498166c5e56179649bf89b0278c1cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
247B

MD5
27890e79ce0a01c378ce71456d517e18

SHA1
b8f3dab2415a9c10f3e58b44be3cece2ebf9c091

SHA256
857de9d8aee1bcf9ef6c1609915cdf2efed1d91be887987a2904833ab626741f

SHA512
1b5fe55a2f5a0220f80424c28a3eb2a2d1871d72b1bfc2c17ed342b57db49b25b8b8b8db1462f2269fc8a7e8e40c953c3d3b4f016faa5ab98343a2b825cd29d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c834a2bea8f6f84f9fcc01402d0d3ab

SHA1
bdd029cf7fc9f53af5ba29ed4135a5c9218e8be4

SHA256
172ffd02dd00e3fa6131d4b0469a257413d6c2e8ed13d2a71639ba69bfe20db2

SHA512
848431851c702d55741d45523876f0f9cc17b8afde43c7799a90d9ab0a59973482aaa36d300b83a170dbf2c7e40bb82cc6533e5e00a0d50d6491df61d3cb5165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bb31acecc269a8800248ee428e365b6

SHA1
be6bb91ffe5171eb6b5537590cb2c33d4e7efa26

SHA256
56ffe637226d5d5cfa0d29b41a7cae8dac6c97e4bfd72dbcf4daff44de6ba6ab

SHA512
b4c0e5b2e26aa962e6a97ee9d071be8f8b0b9d19cb069f7a790b48242bb7ffe92ca64f4a610231d18b8fbc36bec68a018870e4b045031f75b838758676d1c224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
27404dd2207dbcfe13d33d661b4321c1

SHA1
010fb1ac6556ff2864eaedecdc90458d88c7eda5

SHA256
06d4fb06330a89144b14927af179eb8ff225e956361d157fb9ddf308b4eac370

SHA512
2d0d3be8bb66a8da33929e70b9c9f2d7147861461430d07320e3d7a529a3cf0a0e23b919102ccd7dc080333d277593d013379644a682c0b484b3b7074c9b0efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
add2f6b3bc5598cbea84100b7f899e94

SHA1
2a92dc19cae0d297d16ad866e5112c8bfb714c67

SHA256
ac44b301851d72855a1f04ea74e61a41d60139839441e449b2a64f5e8f69ae62

SHA512
c9f0397bf7301d368971a15159c4d5f70a4f5a7a2b3ca7579501351f279e43833eb2bb5215049eea936014e2fec0916dbce83170054a20b7362f1bed25b69db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57878f.TMP

Filesize
538B

MD5
fad9bf03e1cffe28d5919210d82755c0

SHA1
015185ee64b61ec57165efcfa2de58b08e7327cb

SHA256
d4a3ea702b7e689100b36f7a53c07b0d2a2eaa9e25f0c20ee1ad7200b3b83a3f

SHA512
081ea1899fe38b00077e5b4755404978df60b5ffc16076fb3d76a73a12c3da6aea55a00c287d9724514d9515782b5ef003f6a21ef516fbbd44b4924dbf4de54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2dcc47b9b32fd9e6feeb24479f588da

SHA1
8bf96907689bb6f99e5449b081093787a1cf705b

SHA256
57bfdc2f406637b9b93cbeeab82d782ab1300f1ae8d0511f6573cba449adcc61

SHA512
7554c5a99b5bddc918d842d23f8fa491984fefaa886bacedbae2e134a491757be27c5a13569490a8e6cf621ad949a88a0de4ec40cc949400952d7a10a207ed2a

Download Submit