hxxp://bit[.]ly/ngcSMS

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bit.ly/ngcSMS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3896	msedge.exe
3896	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 2488	3896	msedge.exe	88
PID 3896 wrote to memory of 2488	3896	msedge.exe	88
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 4876	3896	msedge.exe	89
PID 3896 wrote to memory of 3692	3896	msedge.exe	90
PID 3896 wrote to memory of 3692	3896	msedge.exe	90
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91
PID 3896 wrote to memory of 3888	3896	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/ngcSMS
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983cb46f8,0x7ff983cb4708,0x7ff983cb4718
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9314012820288691131,2610322527691273322,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a518e6ecca0cd9f05e4e47393230561b

SHA1
b8ad0f9b552a5857e44c3a5c09be9290bf85ef8d

SHA256
e68dbf9a1f6771c3f0e144dc476075eab90e4fe43d2c69f7a9d2c6200ffc3428

SHA512
8359bbdd8c46f703e24fae24edd55adf7ab187d52d922895683b004ab6019ad1f0bc99e810ec5dec323b3650ad4c469dd7b95249b0e6afbab06512c25c8ce0ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
25465b15b7154c9e177a64ff47c53d9b

SHA1
989170c2af990e76642d8e40203ec8e4aa9c6034

SHA256
a4f52834957d6aca6e8014a47ef0528112d6cf31ea100d0fa7103775ea6ceb91

SHA512
57edeab61b3ce7e445d1eae762ec504f343ce9d8b87d88e1864c4c0815cd87e59b0e0434314b693fa79cad7ae32184cd6975081f83622d8fcbccfe272ac83e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afa62a0793d4454cc66237115d1dbaeb

SHA1
204aae5d6a115b45300c8db1a031116a853abff7

SHA256
d7dc9c81667ea50ac43f7b09e698b2fca6ca9ae9b3b8e04555f7c04bd4e1cffd

SHA512
36666d2b19da49417f02c88154a7eb5059f1db4379d7b5899d064d3c1263763eda0e6e13c33279f7fe74d71df2ead26ca861ce8004ad3466b0b62efb74f607c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5322a76220820599cd692bb87e5ccd2d

SHA1
af1536ab21d2d3a9e36f44ac1599fbd0150ac555

SHA256
32eb96b1cc319bd0da5ebf911b053dc00431d78a931ad3a83fe4323440235213

SHA512
31bd24b4f319e8d7984d963f2217221d3c4ec79851ae5d27dee8eb0e898688b52ca9b4e4b6ce4ce8f933dc10b0ad75a2d891f11e00f7c7a235a8f3a009179087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
abf82858cd734766aab7f35a918d4330

SHA1
52bac608f168624083813f9cebf1fa2e219fc41f

SHA256
fe9fc39a2758a11be8398d225a05ce075a16a2df87ebe0ab78153ea3b36639dd

SHA512
ce1328f4a3e2b99af7fcb69f2b9d2c5023cbcbf7ca9c169536c22aab7162bd6173bf389f1f0586128d2458de60fd8585b7b62f55aa03f3185b70ba3cdd71ca9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2c4ec1fbe3eacc22a4987f803d582a59

SHA1
da32832c0066df4d9bba3a8c48af2f81638d62a4

SHA256
092fa9b96740023f94dd4246d9263f3ed17b1ff9e09acf7061ea202b8144894a

SHA512
84dd6302c63b5a1ee46516eb6e16520313a26a0ff84bd061faff5383d040cd9fc625a924a314519e5e452ec3e03874eea76dc9b6e6c3b4e4eb6c98182bd77244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b66f.TMP

Filesize
201B

MD5
01da9cb4aa52508e0665ba198d018f6f

SHA1
0aaec3aacdef735a2c9e71c09c230912ee6f2f0e

SHA256
c64bb04025e70c094767cd820c914d1d5764efc7fbec38890cb5c3ace215380f

SHA512
a4764724593856ee23ae468f950c743d5935924857fc413e90076776c5b85eade05b29cda4af8c7b11d41c843461cbc2aabbc7cf948a8662740fc8979a373604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7c3b7e6afe15c0843adc2bf5b394825a

SHA1
d1f86bc0671b36c1d0a8ba271f74958ff8a41364

SHA256
f4ece3f5592e2057888547e0532d03ff38528fe665735d6f20387c14d9d1aa55

SHA512
e05ca3d056619bc4b1861869ffbe8fc836cf2aafdc761e08aa9d360735bace99ccc0ca616d425c5e61ccf7df2795c893c1249849429d49abdc70f139b16582d2

Download Submit