hxxps://hitachienergy[.]service-now[.]com/sp?id=public_survey&instance_id=27e61b698769a510c84384480cbb35b5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17/03/2023, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hitachienergy.service-now.com/sp?id=public_survey&instance_id=27e61b698769a510c84384480cbb35b5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234953319214481"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe
Token: SeShutdownPrivilege	4744	chrome.exe
Token: SeCreatePagefilePrivilege	4744	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 5012	4744	chrome.exe	66
PID 4744 wrote to memory of 5012	4744	chrome.exe	66
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4468	4744	chrome.exe	69
PID 4744 wrote to memory of 4436	4744	chrome.exe	68
PID 4744 wrote to memory of 4436	4744	chrome.exe	68
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70
PID 4744 wrote to memory of 4460	4744	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://hitachienergy.service-now.com/sp?id=public_survey&instance_id=27e61b698769a510c84384480cbb35b5
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffbbcf9758,0x7fffbbcf9768,0x7fffbbcf9778
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 --field-trial-handle=1796,i,12011147614157243896,2585791187280850284,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8f4595dcd122b3130e38d58eead85df8

SHA1
06423b7dbe9755c8c08c6f295d2aa62ab66dd94c

SHA256
1cc52766058c369050692d49e537a12a9ff1543777a672a13ee513821bba773f

SHA512
e5be1ac0476bd90f7e6b6feefcf9d65ff013831406386f914b4a3c5249cc434ff05d5e370215316efb78f13cb77066ee3b39f874f8033ab641a4af34131ed666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e6793198f023f09cb470dc201d9d931b

SHA1
47b6e4dc563bfd49e89c24c3df3f13ec09ed3f5d

SHA256
5fb49ea9721e15f52b17d478da733a7a4c60d4cdd5badfcc40c715e18e912003

SHA512
b527cecc1bab3d6b3d54656db286a20f90d24bece86f6b85bfb3364658203e3463d3a054b426eb898c16460eebc93dde5340baf93d075fd3cb7b72e36ccd96bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
078b756e4330b50189fd12132b3cc47e

SHA1
c1fd2a473a870d9bd4d075ef6cd08890a42c9e6a

SHA256
e74220c42f16993da1395a5956c2ffbba835e8389f48b772d259154518583ff3

SHA512
8e08764ef3a981543cc2b94bedfd833ca5b9ff1f50f1e193067b3000bd769ccd3d2e23c27e859ff591c7c326151330ffbafbe16a11e78b5b68b46babf42e76e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
ce355ac75c0f47c6900b57054d583a35

SHA1
3b4b7245e171f0b7be51cfbe6841039b3fded0bf

SHA256
bcd76ac7a9b18c8cb6af41fa9b84376dc860ad5721274bee1cdf76a9159cefdf

SHA512
15788abd50689c3fa7e73d8e09328667b6c8a035c47917b86ba9f6761c0c8af13b46d04c367afce9140e278ccf33aa97203a5bc563028b2aacf22ef222b7e433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bebf463f2a37014dab3af3f02db83ef1

SHA1
01dfee8a20d4b7324d89268cb1b0c6d4e3add89d

SHA256
e476d0d2967833bdbf2f225b625e8ff6c570dad1a6504747d79ea45436be96f6

SHA512
3449330f78f6063d9990967217367e2255ecab29368feb09b978091621638b43713fd106be033553c6eee355912aa326bd14c316aa234600d25f3a8e48e1e5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f6e2517c976a9cce5d49e1c83724527d

SHA1
baa412ea84041d6eaf5089b0c4785b8b92b80eff

SHA256
081a8129eab94c543c2b5565924d05adb426e36a178c57f88befd054c9c4323b

SHA512
a6dae8398095f51b84e19f4079f9c2ada607414f7b92b2f49c2c04f7220c0f4c95f06f008f042251024f54d913959cf05df8bec4ae43ad8d90588517679f6b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b772fcd3f4e371eab1563801f189cf9c

SHA1
de67de07374d2069c36bb3d8d3e786907547cb22

SHA256
122f78f39a786f04021d2cba6637752da78adc4785d14c021ddc2bf5acb5ebef

SHA512
fad56d88347b654b2f28d68a3ac8eac132049ab6639099dbf6c132905e8f9bac438b018d13a668ce27c062ac312c23885ef5a51680f0baa8ddf6ee7fee062833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
e0968f4b07d6ca75ac4e75a089a9a50f

SHA1
b5092427d41f299cfced5e9aab309ed564cfae34

SHA256
0bffa3f54de253ff60045dd9335e66f98a5a3139f223226e324e7bd0790acb8e

SHA512
e009661607f72485143319d0ea1a85ad6f4d0b7f6ae0b1945894320f2161089d5f5d152b5ef9492ca8f5c3432b7122147190546f2c15a11557b170d8a8a7ed11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
7f7f36b2e4c79aea90a94e985c2e8177

SHA1
f55a2acf76114b5bc06037a71d3a32bb14ae065c

SHA256
bc3b140f7dc9061c88d210217022f41ec360d1d57c6905c2222071624db2b52d

SHA512
7dd1e476a3944c2a88dd4b7bf46d10cd5172085445a029fbbe43bfcc8caa1e1bb197d05620699edad32a88eebdecf2c8357053dbc8e3fa7b4741e6461ec0026b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit