hxxp://breached[.]vc/Thread-Documents-Data-leakage-of-the-electronic-manufacturing-company?pid=1479169#pid1479169

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2023 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://breached.vc/Thread-Documents-Data-leakage-of-the-electronic-manufacturing-company?pid=1479169#pid1479169

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133233858913579294"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 4544	4152	chrome.exe	85
PID 4152 wrote to memory of 4544	4152	chrome.exe	85
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 220	4152	chrome.exe	86
PID 4152 wrote to memory of 228	4152	chrome.exe	87
PID 4152 wrote to memory of 228	4152	chrome.exe	87
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88
PID 4152 wrote to memory of 4672	4152	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://breached.vc/Thread-Documents-Data-leakage-of-the-electronic-manufacturing-company?pid=1479169#pid1479169
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd04149758,0x7ffd04149768,0x7ffd04149778
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:2
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1904,i,17397471050019747464,10822435572828923004,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6dc86c2c1d590c1eb7a1b1572075261a

SHA1
6b78e205288588a8939a776795ffd616a137defb

SHA256
c0ea7589bd5f05355bffbb03659d742f79bd036ef87f8d4adbf4031cb09e6a10

SHA512
309a8abbf30de8be9333d1938728096e63f246b2d4b69179309a06483648164f4276e547f4657069df7aa42713a7c1ad7c3bcc59060c2d690866c76629b8a7d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1527fa250f2551b0d194001c1ca66f4c

SHA1
134b519d011973d550aa39c26a288a2d2402f026

SHA256
6dff8be3aae3ddbba5012f4fd96f5e7f704e82ce9f702e19e0a67b9ed5054cff

SHA512
bb32b1aaccf92089899de07021c7641655f0c54651c7844e355d1e5a923ec3d163f8470808869259f57e4f1093ad697d2b4255af7dd00e638300bceb800d0b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b45b5897229d9cadab5a785850f4730b

SHA1
1afcb12d936ed56a0e1301872c2534c493cc4987

SHA256
fb91ec100d8952513ed141217db4de641ef56da437d4722c10c5b82048467d1c

SHA512
39ce0f7a41c1a416158a10c5ebce9ad2c19ee1dca9591c25ea32d9b83bc38dc61982f626a36d30d4edff40a8feb34e988c4b5dbb84583451bd819c2ec6b466e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1357d7e5ca33b0a048f72e1a1f46055

SHA1
74fd22e8449211cb57ddc6e0186ab1df95bec44e

SHA256
a9f881a4513ff316edae1ad62da6f7d258721e50618b9bf77e75dcd891ea9f79

SHA512
0d674b233183b9604db6dbbefd40513fc8851a176b229d8de72ac29fd15d36210eccb9868059b6f035e61adaaece91d7d024540ad057b1ed6b97f428e0401621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5d2e49e62826b24925d711a68a33367

SHA1
864db4e653cb5a797e3e1733d256c65ed4f86968

SHA256
040f3167079104989261b5947ecdcb8facf5e3952a7db468370b3565fd5f9a06

SHA512
6d5c163b0f50ce160f344fe4d76e6ee0883b26b499d23abe29eff311ab9e655a24076b3ce3a1f44ef38a1d742a9a187526bf690d4755d39567eb6df74ef992b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
65f0064126bd89d82ed493138abb74dc

SHA1
ea88f0f46582e769cf58ff18ffecd3a9b7a26344

SHA256
ff1d8f75f787818b10795dc6959d682f7f344b228ecf18a383406d176e423b42

SHA512
579e11f3ed0a19324b7776e6535bc649f75a78ff370e8ac86fbeed36e1e700661f9785b02e880e40021d8874d53a3e49c90a27c2c4c60bd8f444956f6db1907c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
029dad7453461f5939c786378069affc

SHA1
5f6a42730e0eb77f4e7c6c3f5e9e6092a53a61cc

SHA256
bd15a5a2a03878784cb4986049e243642c0b85296809ba19995d57b69f9921a3

SHA512
842b877613696454ef2bbe178108e0701883dd3c7e6b36df2de54a276ba57ef37504d1c66931b7303f8a4a827a789599e542d497f30e4b3730814d1434afd2a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4152_QIVEAOWPXNRBFGTI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit