hxxp://www[.]ricoh-usa[.]com/

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ricoh-usa.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495783661299251"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 532	1532	chrome.exe	87
PID 1532 wrote to memory of 532	1532	chrome.exe	87
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 4952	1532	chrome.exe	90
PID 1532 wrote to memory of 3280	1532	chrome.exe	91
PID 1532 wrote to memory of 3280	1532	chrome.exe	91
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93
PID 1532 wrote to memory of 976	1532	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.ricoh-usa.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8209758,0x7ffbb8209768,0x7ffbb8209778
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5012 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4068 --field-trial-handle=1872,i,8105082129647625459,13859563993288489475,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
04f5a59adb4fbf22f67be2f4b90b0b6a

SHA1
bee5c22f66259e67cf61d2b36cfd1cc6199cac2d

SHA256
0d59e87f55e1ae75949cc383e6c98aceb988e602d0c5d9e2bcd9ef7713495484

SHA512
178cdf3a5b025868653a16a4913704bb30e3733c160ca59f27958ea174f6e3871631db2cc626d743dff01494e36d2984fbbec5306f392d8f65acc4344e38cc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
21KB

MD5
24207e5ae1f42614d83ce3d74fb63d8e

SHA1
bfb0d03614adf4d1137814b9c768af2cda6646aa

SHA256
ea9e4a555a04c5c0a3efa94061347aa5f24f37098b5b8cba97a2b0605ef466c5

SHA512
73589ce593389eaf76fe9a0d69d3da9768da7b91e38418ae12bccd4eec634247a81db31cd191cc54044d0dc23ba98c87fefe414d6023ce2cbde3c13980f504b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
829a35a036c8a893cb9dbbf47aaca102

SHA1
85e2a69b88d20e2c62570860516d7f371b498bc5

SHA256
5f2a364cf322db4ffe02f3e473027426283a82b897aeb7ef8cb766d34e23437b

SHA512
995ce33210ff9886bf222e6702b2dda4ff6939837064da9d369eaade37f7e7f60e4fbad7d49ed7f275e5137f1f000ad6f156fde79a7791e0d48199eae982f0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\81fd2b61-9490-4242-89bf-e8b4cae0ed0b.tmp

Filesize
3KB

MD5
4df65f03ec6b07e563ac3a34bd068296

SHA1
259e47884ae64374f920e15e598106e083ff7c11

SHA256
c58b1c16a646529b7a2fc01214843a6bf045945fce7a34f89c28d2681c06061b

SHA512
cc4ee9d34be5655273870a28d8b32ddbe7cea9bfbdfed608689bb992eb9648776b159620438aa4698b991b8cb9e19748df2b5782599f74252c5f43562be48ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb015beea69a16b4b83eca8482caee68

SHA1
327f36707389c2db2d3db4511806bed92675a55c

SHA256
016b3554267237fca05a2f9ef970f8024a3242f10ff1b0387b0ea2a1b2f40d95

SHA512
ee3273ce5e46fe38cfb30eebd4e3e0a9c07536b5fe834d0dc2b0d5c65163380e56bd35b780745811b186aa66058f1294a9edc627e02d00353738ef775903cebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c43626d8edfaa1400e55b1a9fbafcaa1

SHA1
f75b4cf542e5f10dca08091f895a0b1873393710

SHA256
cf21848615414b8617e42694475b7ed2b202a41b38890f014a3178bad2a98fe1

SHA512
a5dbb9beaef840b86d62b7dbb95ad68aef5da0cec60d884570b3d11315008b7a82419990f2a66d846f799e363d8264f9eaf4ec696f71096497703a51f32294a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7269d0fae14cb4e9f4336fd35ad3777c

SHA1
2f059ddbc0bfbcb7668f1b34bfe44c2301c620c8

SHA256
379837b1c7e11ae13f353c836fef2a111355a489cab55cb1aa9cf08ae26f87ff

SHA512
1ae077d5b6b1ac55b8955dbd31ffe828dd12d9f0af5df2c1f4db7eca4ee80a01072cca55ad14ae348eb0ae0757846b893e979752e002304d6543eb31e3d30c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
40da783ae81b97cedf3fa6d1ef1cdce2

SHA1
96f759638469090c99998f7ceebb8c201addbfd7

SHA256
f9be9a592027e3bf4f91f754f48e6e9811d2bc3c144f41f88783f98d17e35dba

SHA512
dcdd2f348e2a3ed2cbb422c8f04c00878886273cbdaaa679b241b029644268038c05d4ad379282a4bf3e14931e5b19a3832d7928cbd6e8d26384487c0882de79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit