hxxp://undercoverdwell[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://undercoverdwell.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397900873511339"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
3060	chrome.exe
3060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1716	1460	chrome.exe	32
PID 1460 wrote to memory of 1716	1460	chrome.exe	32
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4660	1460	chrome.exe	86
PID 1460 wrote to memory of 4396	1460	chrome.exe	87
PID 1460 wrote to memory of 4396	1460	chrome.exe	87
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90
PID 1460 wrote to memory of 4976	1460	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://undercoverdwell.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaab439758,0x7ffaab439768,0x7ffaab439778
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2796 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5064 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4928 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 --field-trial-handle=1868,i,7005878189491938129,5946950966714241731,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
9fa1aef02cfe3ab2d5ecdc224a4e8eab

SHA1
f7456e453d53b2d43b6e2a5b3ec3c570e6327bbf

SHA256
0aa83b600e18748996f3becf63682199d3b9d2c02dfced806e8bec76b1a9a0cf

SHA512
2d217b7601ef77cecdd46935b2a46ae7400e6f317a49387a2e1c483250dfb0d5892b8ec440e082bb483338d1eeb0e7cafc85555ceab6cba2f00c35d27b341474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
34b57203513ba6acbd78620780fce0a5

SHA1
cba59251d37f5649cd9283380e620fb85419ad48

SHA256
21b0f367c6432d83411cd1bbcd4e9621100dac57c27c206ef16fa58db8647ded

SHA512
c527b1d164a3ab1cee5c700f310c2e0f17f383cbb51a314c2d5d79f179336752c1e7fb4fa1aad3724bceea9d0a224655622ae550bf56da4c7720b8e5f7d343f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ddc873d4b08bba8fb786588dc5f6b495

SHA1
f359d5e37dd1c88ccb64a281cdf2954a48e850a5

SHA256
ca6f97d3f00127c96e72eda120e184ae67e6af89ff51368d0c1cd6a9d6e296a3

SHA512
c1c6f850044cf2eef246dfcfdbaff8ac6b83c691f07127a5d5b36db657b8585899b6ea9c35d9cf2bd99e55e9c0905adccfc5ce0f182a94b165272a98cb784bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ef65b9a57bd44b405834aac0ba40af10

SHA1
05b7cee1bc7565ff8e24c058fc9daf99de9c594c

SHA256
283e3e71f54e4f628f7ea7b12ecc1ff1b4289b49ea04d6ee043ddadae9762909

SHA512
05b6a60f3c0f438930e3142fb1b2e15dee5fccc385454614de34b8695e356f5448c16e78e3f40879a6f361eed3f187d97d996bfb7d1b15c0e0e39e3940460a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b0b06a1ad929af364e3ec4d3a76042f

SHA1
621ca30aed1e6320cf501ce77d84bbb234e8843c

SHA256
fb6c7be68941ea8d4f1c0a30674fa96a0052df92ac607e0b40afc1484a5e7f7f

SHA512
4226feaaf6125838190905b557ab600181bd513af8deba69bb4986ecaab025c70bada533509139631cfc1d250ecbedbd9af012d3e330ed290fb0c895af4c4c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef72d1864f12f782c46f8d51ee0ff682

SHA1
5d3e65ac936b7eeb9ec6b86d68427803f10d0758

SHA256
5ddc5daec3ecc2fd877e1befdc6cf6a4c2bc1ac1e3f8f5770aaacdefcf304b9c

SHA512
62159cb1956366e4d629c8fa5b0109a12a45399f755f46b9d0c930b804860d79d985dce2d248eec9734a458adaa89597dc0ef856d20ba8954ce7fbeba5860632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
4345ee5acb46818e4bf3243aa8bfcae2

SHA1
0575013cd6e5b3234c5332a4bcea912e6983187d

SHA256
bcdd8b3bf40c77619ac39fb115b9e49554b7a779a4e2592fe741a9b97e4ccc10

SHA512
ba4a368ef43cc5cace9211b329f949dce0e2d4087b8c44ba7a5950cb94b472f74ade98ea3228f585a83c14b5b04e03155608e93368449ef4b57ff9715b6291aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit