hxxps://hs-19915834[.]s[.]hubspotemail[.]net/hs/manage-preferences/unsubscribe-all?languagePreference=en&d=VnfP427l4P7jVWbg0641ppSVW49JGxH3K78gNW3P5VwP4cg7sGW3_fMSy8GH28qVmWcNX85VFvqN4MdPWf25z11W6lLH297DMg5FW5pHZgp4HYmhmV1yf0N31sr9_N24FwNrZ4FTvW4YkYBr6v9Ymq2283&v=3&utm_campaign=Procurement-Espresso&utm_source=hs_email&utm_medium=email&utm_content=257563073&_hsenc=p2ANqtz-9SMQqwrGjtH38wF_SKoejq8ZJeeY53UQm4oBxhis5c480wrXOguQ6GP2c8-qA7KHfBs2VJZBofJpBXTlcC9cP90W6ZFg&_hsmi=257563073

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2023, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hs-19915834.s.hubspotemail.net/hs/manage-preferences/unsubscribe-all?languagePreference=en&d=VnfP427l4P7jVWbg0641ppSVW49JGxH3K78gNW3P5VwP4cg7sGW3_fMSy8GH28qVmWcNX85VFvqN4MdPWf25z11W6lLH297DMg5FW5pHZgp4HYmhmV1yf0N31sr9_N24FwNrZ4FTvW4YkYBr6v9Ymq2283&v=3&utm_campaign=Procurement-Espresso&utm_source=hs_email&utm_medium=email&utm_content=257563073&_hsenc=p2ANqtz-9SMQqwrGjtH38wF_SKoejq8ZJeeY53UQm4oBxhis5c480wrXOguQ6GP2c8-qA7KHfBs2VJZBofJpBXTlcC9cP90W6ZFg&_hsmi=257563073

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133281880080089426"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 3200	1392	chrome.exe	83
PID 1392 wrote to memory of 3200	1392	chrome.exe	83
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 4008	1392	chrome.exe	84
PID 1392 wrote to memory of 3884	1392	chrome.exe	85
PID 1392 wrote to memory of 3884	1392	chrome.exe	85
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86
PID 1392 wrote to memory of 2824	1392	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://hs-19915834.s.hubspotemail.net/hs/manage-preferences/unsubscribe-all?languagePreference=en&d=VnfP427l4P7jVWbg0641ppSVW49JGxH3K78gNW3P5VwP4cg7sGW3_fMSy8GH28qVmWcNX85VFvqN4MdPWf25z11W6lLH297DMg5FW5pHZgp4HYmhmV1yf0N31sr9_N24FwNrZ4FTvW4YkYBr6v9Ymq2283&v=3&utm_campaign=Procurement-Espresso&utm_source=hs_email&utm_medium=email&utm_content=257563073&_hsenc=p2ANqtz-9SMQqwrGjtH38wF_SKoejq8ZJeeY53UQm4oBxhis5c480wrXOguQ6GP2c8-qA7KHfBs2VJZBofJpBXTlcC9cP90W6ZFg&_hsmi=257563073
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa91569758,0x7ffa91569768,0x7ffa91569778
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 --field-trial-handle=1812,i,14470555003540823549,896437102262937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2e356d45-348a-421d-81d3-ed7749406b61.tmp

Filesize
4KB

MD5
034245da4e83e4926a3ec522be323119

SHA1
2966fcee9f27e2a6fa068592680ee0a864c542cf

SHA256
d5f0dc950cc55d5cab5d0f957cab25612be78cc7171edffcf8a9fe681da60210

SHA512
776ea0321a746d630d4cebe5388530461e90bf268d933e7331a0aa442aeaf98d999ec169d27cd74c73600948924a3ac0476226d5d7f7f0afb9244b094e9ca35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3fee97cb458dae7176d66b966933af69

SHA1
abc7a63ea7a1676804cc4e3560a7ac187a52d6c2

SHA256
e593f888b22ab9662a4bdf152f8f272dc881f3825f4fbd460f6820e549258ec1

SHA512
29cd51c6364e67c677261fd5c954559456bb3c7fe965bc96604a496b87bdeea5605b3feb05c96c4fcc50067ea6506b509a451202ca06de02c31daed54733f9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
68bc664a8594f7f42943b6af4238bbeb

SHA1
0b24d755a5488d358a5fd222cb9871a7ec7afd3b

SHA256
0ecb4a0ff32795f715c40b18e28d601b8ff20220f8941dc932fd81e3c52e71a1

SHA512
8fa00ebabc087fe4a43f65e4dbb98b29f104fa23b65fc5dd828e5241f4acd77794f0a210e8dc406b16523131104ed1f2ae8daa47950b403157b718f1876086e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16ecc7be2779bd078943de6e007c8430

SHA1
a7f4e4f874d5a3d0e1d31a7aba71102f45a95ef0

SHA256
98db67e9e62eeaefab418539eb3c0f0d8a3a1e7bd5e09a0c5e0e11a633127cac

SHA512
3f1fd0fa098a5256c15b5810f5575f110acbe7e6976a688012b79f64711857f575298b8a7f0daa6e4c9938db1fddbba8666b3432a5fd13d8dae14768217ee655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c3dfa2ac7f553fb873bef92fb695eeae

SHA1
31b4d74c8a9a40f02602dd2c6104ad5d70101804

SHA256
33a6ffc5fad69d296769ca309df25eb2cc4484f8e27549fd234012c79c0af790

SHA512
c4d521ac22ed6b2eabcd1350fd7a16db2842efd9e408614757e7888f51be586945806812a62b92e53c313220503230cdef7408c497cb71f762a78eef5cb94c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
997a1bc7efb25e2ba88b14b9c70253a1

SHA1
714217db5a4097e91209a36f98017ee39fbecc7b

SHA256
cacc385971590666df28fbbb9761d92c51af64f7203079cd40d0c94046600dbd

SHA512
a0d40868d32929743eae43498378dfa248d71fd86ed80d71e910e62f7279dfbc7b292f3fa2ad9aad092b685a03bd5ce23edf3438b8dd2263eab2861790dcc88c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
57b7c006f451b47ed92d0bd7ef03bbc8

SHA1
a88919dadcc6d74700fc64211aa28246e4360f77

SHA256
08f04d3d6d9e5e5ae74ed2b968897450f59ff5c744446a6e89bb3c2a91d68012

SHA512
8fdd75df36cc1ac06585f5a58a5a92cb76a14342275003d4f8cef1d220d326800a7c6823df38c6fac7a68450fafafc0b4c7b90e3ff69f954023ceaaea03a89b9

Download Submit