hxxps://click[.]e[.]atlassian[.]com/?qs=33492bbb146fc5638fee582a0a91201abf3013fc7e3a62727facbb6103a7ac730220bbf4e8646676994124c200c5aab3f810dcf1f33d8b07

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.e.atlassian.com/?qs=33492bbb146fc5638fee582a0a91201abf3013fc7e3a62727facbb6103a7ac730220bbf4e8646676994124c200c5aab3f810dcf1f33d8b07

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
8	msedge.exe
8	msedge.exe
2168	identity_helper.exe
2168	identity_helper.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 1896	8	msedge.exe	83
PID 8 wrote to memory of 1896	8	msedge.exe	83
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 4252	8	msedge.exe	84
PID 8 wrote to memory of 1280	8	msedge.exe	85
PID 8 wrote to memory of 1280	8	msedge.exe	85
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86
PID 8 wrote to memory of 1012	8	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.e.atlassian.com/?qs=33492bbb146fc5638fee582a0a91201abf3013fc7e3a62727facbb6103a7ac730220bbf4e8646676994124c200c5aab3f810dcf1f33d8b07
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5642802039710084297,7022042046091367083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
bdd0c1b80f35a2144e6236294867ead0

SHA1
cdb7fc5fe23ae586e1d9b1bb1ca85710dbbfba05

SHA256
4bd744d74bfe96a2b05405dd32039f2dc50f0dad033d23173477631961283be6

SHA512
45bc10131ea77816e2e1d5535355fd093ac6e129cafb83b4f8e8e068a34363a6c7e2d2e311db12b1d701dc1004bf5621d7b93a8c6e5fb16973a1b7894472e739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7e80e9b7523ef78aff647428246e091f

SHA1
6bf0f8938c71003a5f43ed9fb93d87064dff7b4f

SHA256
a98205e18d0e6ab33b699ea98cfeb9dace282c96eef55ff2cede41ed15cac8d9

SHA512
efdc9e897a66029cb76e76ad00a2dcda6548159115c1d50ebfd15211d5dd10e038f9d81eaaa1c451b5874755b2134304ea244bff9640843fc8995f5313ac84fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55f0987b9c47b0f82c82f558961524a5

SHA1
95a94d4808440e13ef0597732a6c6d8cb348fb9b

SHA256
ec6cf561eef6d8245a566c97de5283d6c19ba7dcc3affdb987581777dec77b15

SHA512
29a8a786b4508d4eb0206fa2101307c473720e3a391a9212246db597fa4fe10ccb627aedb9c26ceefb6a2be74888e00e6e4b9715911ba6430da1a13e84be0b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f710ab7e90880845d74e5785ca75e47

SHA1
a2c0398e2b9b8f7d2e8684b3fc30d42130d86c41

SHA256
0b0923691d126909fc3ea0729bad16ba7c46725b3b7d5419d3cc1dffb5879f67

SHA512
06828d76e4138854c3b881c2e4fd6ad5333402f621a10a5b41c834f6e0783d2de6a2d9317ed6ca02683483a804cca4391a6f7f245c64afef6185b8c2f64969b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cfb9efed600d4e0d395d59c3b3f9ac7bc015e447\index.txt

Filesize
101B

MD5
62642b02f3ca68acfa8264e08919ecd5

SHA1
be8e556974bd42e554926470a16b21a4ada87c41

SHA256
750e85a6dd7ff1fddb9d4b02c0fcd5d976846cb01394a1ab39283c1f0882f434

SHA512
be65a56276fa9c68290981ed036470b56b062cc0638ed6e2420bd9588a209f9e1f1f31d6ccb5cc894f515f53e789491fefffaade0db02ceba59e83a00907df3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cfb9efed600d4e0d395d59c3b3f9ac7bc015e447\index.txt

Filesize
167B

MD5
d04704c891d3b290a8c9b18d1ec31b5e

SHA1
2ebeaa88fd95a1a660eba0276d585b345229fdab

SHA256
be515d234c49f3e576b559d1391c2756c7be398029878b8fdc7abd4250933431

SHA512
a0eafef020db92acbb6f16ec0191f7f48990ab3fac2476d6fc26d5f5cae8ae6982b85a879fc42ac7759be67f922598d00f5c70981b3426efc78f3e5f7c829d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\cfb9efed600d4e0d395d59c3b3f9ac7bc015e447\index.txt.tmp

Filesize
160B

MD5
2f09c7818fc1c2eebaf933edc48a81c1

SHA1
a2ebe8b0176417fef76a44248cd686e02639c4b3

SHA256
9b4033c2c28e870d957c4a7910307a7c689446d18e9cd502b532b1b3d7b6ff41

SHA512
389f7b1e924f92eb3bd399ab10b5bc83401894fe623d330541c3ae050bc2f2e1133007c993571efcf6adc0a100bbdc52f07e845ae9f4d58da3119f4472f3cff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
571aee4b1df7c7783836b5a0bab74890

SHA1
3b9dc06f8e8df7fb2632d5556d785e8c995a00c7

SHA256
e624e1003846c04abf1d7f4cf1e60c6069938bbc53be241ae0ab487ead8ffcf3

SHA512
5624e3b977401c49438c679e784ee52e65771923fe95b23b079af903dd6e5ec2a0d56563976937a9f488a38369f6352f906d4827284427cc9940d3cf1332d878

Download Submit