de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/devianart/login.html
Size

74KB
MD5

2c4c4782edf762ef3d91ab073b9c2be7
SHA1

85d6da97e9ac1bbbcd148376ad70ba12f97b81ba
SHA256

db3440e5a15c5a13603422612155a555db2b8e60fef07f023900e3eae23e7219
SHA512

c5993c55fd119fc37bc6d3a12c53c8b268c4828dc0f89451cb092e4f2cbc3e8ca78d5acb17f229c3f9baae52cd8c4d1184e315d31a544df218de81c5dd3a91a2
SSDEEP

1536:8CgR5Pt5Rk4OfZEVYnQfbltvgwoaKPzfmrBXmLK8jhbTWwPY49h1g4ng4dSMoKNq:8Mwo9PLcXmrjhbTWgYs1oxRN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
5080	msedge.exe
5080	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 1608	5080	msedge.exe	88
PID 5080 wrote to memory of 1608	5080	msedge.exe	88
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 1136	5080	msedge.exe	89
PID 5080 wrote to memory of 3232	5080	msedge.exe	90
PID 5080 wrote to memory of 3232	5080	msedge.exe	90
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91
PID 5080 wrote to memory of 3736	5080	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\PlutoReaper\PlutoReaperV2\PROGRAMS\PHISHING\devianart\login.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9320846f8,0x7ff932084708,0x7ff932084718
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15620718691659327201,14158528662131499052,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cdd2d2aae57f38e1f6033a490d08b79

SHA1
a54cb1af38c825e74602b18fb1280371c8865871

SHA256
56e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff

SHA512
6cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2b08db3d95297f259f5aabbc4c36579

SHA1
f5160d14e7046d541aee0c51c310b671e199f634

SHA256
a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869

SHA512
3256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
fedd74b407d8d492df8e3aefa5cadacc

SHA1
3021d9de1ea965f8ddbb91af20ecc82695575fef

SHA256
dc2e38753f0b18de5cd7abbdcd145c2f7d5a10cd9ba7674062e9e3cb5047398d

SHA512
700ea97b1197d519b236b047e8176a6f6596f7c1b99514dc92c8a829db0413ea2076640eabdfd79806667b2b9ff321c3f81daca2eb71f4dc8b3947fa9c3f3269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
552793bf9fb36b74d6492eb48c0a2c9b

SHA1
9bc91b092af247cae2cafd172350b25a6724f3ef

SHA256
c23027f7c6ec2f080b9e7e09ba5bcca0fd912424d55b1d339c106c1c5c1f00ef

SHA512
88f7e17a2d917b339c5ccddc1ed7118f472f7e613bf9c099da8ff5816b0a2a10f6deac167a8393e206b07ef4be51ff6d2639ea6ef3df740c57fd143ed79e4cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69a99f15ddcda56d238469bde00e865f

SHA1
5761acf934c379110f3f67472e75cd093e8939bf

SHA256
4dd99a2a8fe13e8d1786b41e4f4fec8cf6c8ecec245be3e8add50d7b2af611a7

SHA512
5a87489cc84140b15e368a764c528fd317cf3de4ec3790804a1afb02a8b5c41ccca315bf8ce8d3c849e9d43cba299729af66b4549071b7ff070bb8fc56ff8f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d188088863ede55f1fc2ddecc0baae4

SHA1
6d73a8ffc94efe5b70743654da9de1129b0ae7f0

SHA256
324dad5be5cec9b22570295f51ea1b4ff6a5ac45d664d29a804090879ff12d75

SHA512
2b5ed2c391f979242f916fd0ed3077ace22981b70fe9dd376361da6883a6e3c34d4498f7660a16bc3a7f247f299ada06c9e30895adef902972b89fa761b3563a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd19d39aa1484be185343d1c764359d5

SHA1
549e39a79f3747eea0db44c4afdade8250f34d84

SHA256
2e1b189ffefb00e95ac8fe5f0b9fcd6efc7534a506dcec411fcdcfec5117cb65

SHA512
83ab40b4b9f2eb6f4c31b32a2d35fce064562633033540a7d645309fc9e1ab1f7f6b074ffff227f7146414479b8e2fd8cf1d03a6e5341c873957a5b6bf243332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
20b2de1421767ed02fa5cd0247aeff70

SHA1
e3387839a45c7eee6a9af8596162ef6d87b5f5c7

SHA256
6605fa9ea1305a4b62a93f8923e5cb22c1e8e20fd20a8a81f9ea8f064ab4166b

SHA512
884a23794a6c219a382ada2ac58116c574a39050bc350e61055f6940e6601ecae39fd5e33335f657ec45785b24a2c55569e3432089c7c7da5ebf582f5f643673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
68aae11d8dc986197ceaf6902e28b03f

SHA1
144186ae042df164afd621e4d09f4956314f7aff

SHA256
65f99486e4740086e533609247312dab5dd32e5ad77f02f94d282d185c4c31f3

SHA512
27360bef1075a5dcc7815f358f080459f26cc7ebbac3bb51763b44e5fd2534508a7e419f3bcfa8f8025f5ed105b7b4534a971265261593fd8382e6001441356c

Download Submit