hxxps://urlr[.]me/vFzxB

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://urlr.me/vFzxB

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
1028	msedge.exe
1028	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2360	1028	msedge.exe	83
PID 1028 wrote to memory of 2360	1028	msedge.exe	83
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 116	1028	msedge.exe	84
PID 1028 wrote to memory of 3572	1028	msedge.exe	85
PID 1028 wrote to memory of 3572	1028	msedge.exe	85
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86
PID 1028 wrote to memory of 4556	1028	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://urlr.me/vFzxB
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f17046f8,0x7ff8f1704708,0x7ff8f1704718
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,18062262257046947832,16070002617077859444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c69fe2dd2cd8d1d47f129f0030b5af94

SHA1
9276392204e96ae03749645636141f64bf5948cf

SHA256
d7aa52359bce5160b80bcef74ab2a3dd2c79bcb730ecc2f688f67bcc25303e21

SHA512
a02ccd7eb457ec6bfb73fc2c1540d38d47b117f87202d40b809ad4664c120a2e5908d372c02fe9005646729e395fe5a62c20c413e88d1e2ee56a5784324d4f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
aadae93b8d636d034aee972c3635d7b5

SHA1
d8c1119ed585b5403056f37515b98d32d3275ab9

SHA256
baf498aa585a836559bfdfeba511aa8392d8fac7d57e594062dbad9bbd5c8327

SHA512
0a27888dc32f54cf0f1dff75e1f38813c60a0e0d04c16eb2f0a6bd898455f31f0008aa550b1e36f342527d777e71d9ef3e7e88788366f6b64cfdf8ece6e7bd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5c78c59eaae7ef0707df9824fe08526

SHA1
1d95ab58bf92e1c1c10d2dc6bea8ab011c59588b

SHA256
c7538b723f2a886a79c9181c82f7a7f7ab0656b610cd86e409b5747573e14c14

SHA512
34645e4fca26300b71150e7c197b3d57a7bc81ac761a3a0cff154ff1586eec1753d8ace9d68a6ab856c984305aa82d9c0605da568e75be2f524e40dfb5e77d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da2e72e7d6b4d76291e41c365324fe8d

SHA1
d8d7e7fd21b6af24bd84766493105712b77aa775

SHA256
4c29e330968cb4f047f35d7e1b090a16734a02af04b380e1fab798dacb69ba99

SHA512
3ca19aa9e2e3ba7950d338e8991a50ec9f430e79d60b99fb361f348e21baa5216561ac1a558257afa024255da2cd5d1af3412356765e52cfdc844d83e5fc1b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84c387c38561bf3a31965af3bcf2cd76

SHA1
c5cd5907cda866e5f6e8a339c10e2ebb933fb87d

SHA256
513d35f8386713ef75b4d30f721606a65f674dd765f508099806f03327bf2ac7

SHA512
dcc80a76dcefa0bb1ca470973f00610ee544500fad91beac0eeb5dfc0d0c38532256a343417de8fee3c8e6ff19a1db23a24353ca9016f34a24f4713808c4847b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47154817b57d9a6b18e70d151d2840b7

SHA1
11e33b16242c10eb22231c22eb17c89d0eeb3c79

SHA256
d2fdd72bd64eed74b9aa8c6dc9e677dab14340a464a6225bfa6338a922be50c1

SHA512
a2fb70bbd495a902e192b5509346897a6835ce270f91949350f28916dc4e85106500516f5e139baf4ec07d27251c7829f514c7f909311d8458e60a0b773952e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c776.TMP

Filesize
1KB

MD5
7a18dcc3676e6b4ca925df50f7675d70

SHA1
fa6ccad6926a6839223b7eaee6a295511d6f7910

SHA256
a424b1798f85b00086da09ce980b5e2bdba4c187d509843b40f58c6fd0815e54

SHA512
3363048028760f15dbf6bb17b21862063392799f64590f98cdf969875c71fcd5bc108d3ca1f755ce4b869064bb8f7181146daae7c591f92a1c7d44e5964f75d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69ed5098d88e8f5ae1242ed4b5537a96

SHA1
c3f60b8d23b0cb674d3de6923744cda01bc04b65

SHA256
d60e591d61b38e0d9ad692e2aece64d3f67e7fef5433326c8f869e476ed7fef3

SHA512
b982e982e587b85956b798d411e4f8add6cc438b8679e0cf5bee85e58678de707b1faad6ffebf4db63c7d7cda386551307e0ad0cefb55a77725cd2a61f8261ed

Download Submit