hxxps://groups[.]google[.]com/d/optout

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://groups.google.com/d/optout

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409450226856813"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045988481-1457812719-2617974652-1000\{186EE295-870B-443C-8D84-5973BEAE514D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
64	chrome.exe
64	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe
Token: SeShutdownPrivilege	64	chrome.exe
Token: SeCreatePagefilePrivilege	64	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe
64	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 1144	64	chrome.exe	34
PID 64 wrote to memory of 1144	64	chrome.exe	34
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 1360	64	chrome.exe	88
PID 64 wrote to memory of 4976	64	chrome.exe	90
PID 64 wrote to memory of 4976	64	chrome.exe	90
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89
PID 64 wrote to memory of 4956	64	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://groups.google.com/d/optout
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccd379758,0x7ffccd379768,0x7ffccd379778
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:2
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4684 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4892 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3928 --field-trial-handle=1872,i,16733083585270247546,15341927847443596676,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
fa601d01798ef36ff77c3c4061eac15b

SHA1
20f8f6be59b0ea10c64541683032e5ab996eeb98

SHA256
969370821db48f03c4e48c6a9a7c1b5c7323976c175906ba87aaab178599cec3

SHA512
53411fce505531af4200cab0ed36b19b5c527e22b755540ecaff32572f4adacb0370d4f18be3f8ab6dd81abc512558c57c64d34d13c947d3eba8ed13521b2e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e12be11df107ffab35ee6487c50a3046

SHA1
5dcd9059a176915cbb8665edd147889fd271888b

SHA256
d6029317065e0786c096a30f75a71c109e77b0f566eefb94cfb59c51afc57891

SHA512
6494d2d7f20f63909a255217845751a18ee4ded898c85bd4bdbff681984a932ae3e1e49928e66a9bdbe2523da843c04ce5e0e654aa836cace50a45b84be81fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b3464fc866fdadfda27f76fe3d4cdcd9

SHA1
323af19e915ca9bee8054502e750ceafaf741760

SHA256
fb15cbe97469992630615902602499058e96877b5c1d0f72a476928d1396ebcb

SHA512
b9bad678497c817c0aba26efc9551b9540764230ae356ad4fe45be2192c3bdf6806f0d24902a8642288bd1122811c1c54e7758d791ab377fc9660db862067ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
32cc216d34d6dfa0d89c2f9c35200af9

SHA1
accf1a80e57c42701838c37d9629c655d4f23561

SHA256
1b29c2351b8a484f359b20ce1853445e2b8fad5d460c98969b195bc60d3ba778

SHA512
1c4e2c2b7a8cd7bc1635065dc82bc3338a7ae1d6ea8ea009a2c09f96ed051253a97fca1d8c938e295d1102b0ef7ec34db811b452e9296527a456fb3c183c3a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
2353c06d09d0172526300a2a73d52843

SHA1
c8d8e7a3d41ffc7608ed644085af2eddcddc8c52

SHA256
5558855917e3583c671df82c1b416159dea059022ceed6d7e5fd509f40f4807e

SHA512
8d688e493db61deb9a1ffbf81e5041ec6a549217cda8b2cd3c65c335e07a712fc07a2c69384bf4ff2cbe1bfb7c217a569cd958411d2e8dd31a4b65af5105e674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b3c46447d2adf96c533bd009bba8dc1

SHA1
d855bcda98d56ad354c3083475b1a68cc2d74bc9

SHA256
b8e62fb23fe98eb28ea83e72babf06f9df886d2e69b061c6dd61f2f06e93f3dc

SHA512
3336395a514f99ded3947d3fbcf39571cd8128368316325a0d89dd5ebbbdee3fb357176755ba9858b0003179075498671b228d8d0eb4008b2ada8cfdaf10629b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9279a0a8efcc9b626917c0e8ac74da7c

SHA1
45b46bc85ce80222d2e353f023465e35bde81b98

SHA256
9739961701ac9aa41a0c80bd7ffd0a0f0a2491d5be5a8b2d2dbe8842d6dad673

SHA512
8b927b0ee071564e7e033e6170f9fb366bd1d445108d75c0d8b5c4544cd363a81cf26c8f2ab2fadfa310cae6ae67515b22c3027ee131ec477ec9a4d3af7a6dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit