anchordns | hxxps://github[.]com/MalwareSamples/Malware-Feed/raw/master/2020[.]10[.]29_CISA-Ransomware_Healthcare/0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

Analysis

max time kernel
173s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/MalwareSamples/Malware-Feed/raw/master/2020.10.29_CISA-Ransomware_Healthcare/0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

Score

10^/10

anchordns backdoor

Malware Config

Signatures

AnchorDNS Backdoor
A backdoor which communicates with C2 through DNS, attributed to the creators of Trickbot and Bazar.
backdoor anchordns

Detected AnchorDNS Backdoor 1 IoCs

Sample triggered yara rules associated with the AnchorDNS malware family.

backdoor

resource	yara_rule
behavioral2/files/0x000600000002322c-36.dat	family_anchor_dns

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489487436775718"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1848	chrome.exe
1848	chrome.exe
5024	chrome.exe
5024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1848	chrome.exe
1848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1460	1848	chrome.exe	58
PID 1848 wrote to memory of 1460	1848	chrome.exe	58
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 2464	1848	chrome.exe	90
PID 1848 wrote to memory of 4076	1848	chrome.exe	91
PID 1848 wrote to memory of 4076	1848	chrome.exe	91
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92
PID 1848 wrote to memory of 4668	1848	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareSamples/Malware-Feed/raw/master/2020.10.29_CISA-Ransomware_Healthcare/0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6c829758,0x7ffd6c829768,0x7ffd6c829778
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 --field-trial-handle=1728,i,10715158000505478825,14820052195059229772,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\475dabfe-5348-4e1a-bd7a-8dcd3f0f89b1.tmp

Filesize
6KB

MD5
3924584cb0aa1ec307dc37c5f9c1d0f8

SHA1
9984cf2b32399377122c102c7c981ae0e7a517e0

SHA256
f9ed7c20ea1bae5122732a5f6388cfff947f30934bd3f849da17cdeba6933b45

SHA512
c5b59ff30c701e2f15f1bf7a7f97c9a6d669d084158bd669aefaf91fcefe55d8ac219c4e30e84e999dc47627286687c9bf134c06c58498acbb38241ef88565d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
711d8d43c50993bc76b8107c6f84e4c0

SHA1
9a95dd9bdb8f05110aedb97085e79900508cddc7

SHA256
890694608123a35c9aa553d5fa1d02c6954ca1597fa6f8d4f3780a2d2acfd8de

SHA512
09674c517b2752a0eb72108acc2a599aa3b834710a7becdf9a86296a82a150cc4b7fd59e5cd8bf95cb081cab30ac8b1d6afc27816c6a18cd5703539b86a52130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7538d4e645eab4ba542f6b7e1f025c2e

SHA1
a45164229e49d821e01d8a338ab379ea39b58ce4

SHA256
8c579d865ef1f48327be06ebd914f19465d9b48b2d14d144e13c9d52cc54d83a

SHA512
9c39907e2c0e707c9ed4951836a28ce39f27ec63c52a7e1be01d85eb1e72c82d73ce870fbac8dddb7e5a037325e20532310c05913de1af4c6d4c74e5b5c62d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
efbfb93758c3f6576e0e4b718b13b336

SHA1
dcabb304bb9f0dbcc64db4523525d37f110abc3a

SHA256
ac450b720fd72b11195d31a7611c4cedfcbe008205740cf69048f3a8a3591d8d

SHA512
d67fc2b597ee54d28ea4a93342a02293bcc1f54b9f1e8d38b30d033e9d96c7c8bf0783148aaccdb6c7e3d0b91a84bf2b12e2c65263b4efef01e161cabef2e4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
49aa8ebdfb896d00c6838b49687a765e

SHA1
a940a6ca333c3e4e99d9028d25619ae5947766e5

SHA256
55b83547b378877963dbb587f2b79556c8f3c26e663174cd2d3073e73eaf36c7

SHA512
00c3bfc983bd6420d33a3af821cf2edd8bca4a3f39c4e18690aebbf3572de7d79b0010fec5102e28ef9a60a025c6858abb52288cd291fed60110ff057fb5ac5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ed5f91e519a37b16dd2989a3c7712886

SHA1
dd11bf3d1fca4a12c5c8e3802dd6fde2c9926090

SHA256
e5901c03dfdfa8196d288829e31c56b6c3ec76ce9a9c96806a84c009c1dac865

SHA512
1cd46ccbc0f81efcaadf6c8d26f0e51e911398e3230243f0babea1179c170f8df26517b6c063ddabfeb832555c8fd5379b1a9bdde6c0288bd17a3c08c021bc43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

Filesize
666KB

MD5
754b79913fde2de487e9fc2826b65d57

SHA1
c8299aadf886da55cb47e5cbafe8c5a482b47fc8

SHA256
0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a

SHA512
4a2420e2e89757cab2376932ce548f9b31b845f8c99dfd1cdd9a3b53dabed9e3cb11ecf514edeaccd932f277f65397c126ecaf42831f016554d2001034a25a1d

Download Submit