hxxps://suite[.]targetx[.]com/suite4sf/email/bin/redir[.]php?id=34044042-a071G000004aVasQAE&link=https%3A%2F%2Fbotanicalbrotherscraftdrinks[.]com%2Fnew%2Fauth%2F/s2v1u3%2F%2F%2F%2Fdeandre[.]b[.]young@kp[.]org

Analysis

max time kernel
120s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://suite.targetx.com/suite4sf/email/bin/redir.php?id=34044042-a071G000004aVasQAE&link=https%3A%2F%2Fbotanicalbrotherscraftdrinks.com%2Fnew%2Fauth%2F/s2v1u3%2F%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234156043209101"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 1680	1432	chrome.exe	86
PID 1432 wrote to memory of 1680	1432	chrome.exe	86
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 3192	1432	chrome.exe	87
PID 1432 wrote to memory of 2364	1432	chrome.exe	88
PID 1432 wrote to memory of 2364	1432	chrome.exe	88
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89
PID 1432 wrote to memory of 228	1432	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://suite.targetx.com/suite4sf/email/bin/redir.php?id=34044042-a071G000004aVasQAE&link=https%3A%2F%2Fbotanicalbrotherscraftdrinks.com%2Fnew%2Fauth%2F/s2v1u3%2F%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab5ca9758,0x7ffab5ca9768,0x7ffab5ca9778
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4864 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4840 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3392 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1792,i,3616266714387384633,3528134699131465316,131072 /prefetch:8
  2⤵
  PID:4724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
e1053be58e3b7468c0f559cd201eff27

SHA1
540db6ee1b20d080717c53a2e119fe6a7dfcc896

SHA256
212c99551d41bfd99565e8edcff7751eba5baffb7fa6c7f67578f76144365cd5

SHA512
4bc670d8b0d6a4299277e6efb6b2cf7fccd24fe9565aa13bce0d7ea6d5824fa69d34c12ec3a90b72c78ea03eac25e310ff34a4a09b1eca8353be4a2fa1ea3347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c4c29bc8576d01ab5b94e7149b9f58f

SHA1
8c9c59ee8a11ecf5e9ac234068a9c0948f448a37

SHA256
33d9d5adb43d0ab67099fd9b0469c99c8d0e5f8418439c1d963ac8bdc3f73df0

SHA512
e055e5b15ff4b22cb78b43e0e402826f0906a717d89b4e99dd25a3db6c12e413532dd21efa4a797af45c048d9ac6c23ced24b2ff7636d1bddef5a0a75739d535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2cd159de9900c9c4aa2d0e7635bf45f0

SHA1
80b88568628bd32a84811726241acce5b30c399a

SHA256
7607327f43fdc1bb5b385fb00ec5cf0cb13aa3696d1f2bc6ccf27d7b28c611e5

SHA512
97e30f1144273d75f46b2823186a97a565b45afb293c94b532be8f7cd6df48504302f2e41f6f61608fdec49e37cd999e1a57c683c4d63704f4e12665649626fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
987c329c227d5ea0777e4f1a07e85e69

SHA1
c3cee09bff6532dabf049e9d2687cacaf5f97cb4

SHA256
8ddfe8f3406aed128d74ce2e6bd82e3518cf56aa05bc5cba58dff1e93d6a0d88

SHA512
cffd7acedb1eddce79f9987c8f03ee9301c8770ee15742a3596132e63ce8fd21931c79f66086e6cfd12f97d154dcef6ba7e169c868c7bec6e9b5dee27d6161ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
62619fd2fabd209765b1f7ad57d65f01

SHA1
f0e3e4ff515b3996f5f51cc72b59b140ef0144ac

SHA256
1ee945a12eb06a62c5d64bc7e55a51375b9c85afa47350a2cc9f28239f351507

SHA512
b6ba5c6fcda871b85cc4d7b7b763c4ea9a5b6f34e461a53013a9269850b19e61700365df0f8d3dfa31df2c3db8277fd8de7b0545672805fceef372c6427d1888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
086712f0ddeeca6fc3efbd2749987cb6

SHA1
2eb76edf1e930cbbc7ea876a2967abf32087dfc2

SHA256
62b3e4f2f5375091a387ba6a04a1d629ec1c8d76f01dc71ae9863cdb4d40a6c5

SHA512
456f5488ac9ba1788ca5d584591e25fef054da5cc97d4a2d7db71dbf5717c1e9dc2cb3f23c3cb4a295588dc635591ecaacc4fd6bad122a6d45d012fe9f5d0f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit