hxxps://groups[.]google[.]com/d/msgid/araa98725/CAA_UObTnd683T528EQnqyVWRaUU+nu2_FggWEHUgaJzdBEJ+vA@mail[.]gmail[.]com?utm_medium\=email&utm_source\=footer

Analysis

max time kernel
300s
max time network
304s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
12/03/2024, 22:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://groups.google.com/d/msgid/araa98725/CAA_UObTnd683T528EQnqyVWRaUU+nu2_FggWEHUgaJzdBEJ+[email protected]?utm_medium\=email&utm_source\=footer

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547571071019770"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 1104	4536	chrome.exe	72
PID 4536 wrote to memory of 1104	4536	chrome.exe	72
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 4800	4536	chrome.exe	74
PID 4536 wrote to memory of 3424	4536	chrome.exe	75
PID 4536 wrote to memory of 3424	4536	chrome.exe	75
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76
PID 4536 wrote to memory of 3296	4536	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://groups.google.com/d/msgid/araa98725/CAA_UObTnd683T528EQnqyVWRaUU+nu2_FggWEHUgaJzdBEJ+[email protected]?utm_medium\=email&utm_source\=footer
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe1fdd9758,0x7ffe1fdd9768,0x7ffe1fdd9778
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3860 --field-trial-handle=1816,i,5568581018469366523,14971905542390257977,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
fe243e7ea237b6d229f94348938bd24a

SHA1
d5d58a24a73177cdb54831b20fac0aa90c977f87

SHA256
a3bcc73dabf1e642503016901b719e13d49f7c741c2b6fd8a516a3c231cb9030

SHA512
67f8fe94527d5c74d16a5f7170e4319e7c03820d85123d79237eeaa345362be8589ac16af8b425e823db656bc0e12e62a6d894b39ebf878a03ac932404abad1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1c661bd6072ebd35e2fcf615211b0c21

SHA1
5e2b3e3d52157669b7be21bcb6336c0bdf2b6b3c

SHA256
23e5cd6ec90f78235d371cb837e2c55d9b9321e5b2a8f8e13d42fdefa73dda06

SHA512
4249f430fa0f835d75bb552f0978c08fb81580e1311fed4f9626f80da7941ff08df27789e7542b856b0a6200e40c655f2782fe5bc73bca92f4aebe0d2e5558ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a84551d88c8b003b91ece8b75708a2cb

SHA1
0c2f9df1516fcf461eb73ec76effd2f28632340e

SHA256
203a8f275c47793601e9af9ff37b83768b14afc4111070209ca921441be595d4

SHA512
d538a412146fea82c36c1a30c7a2af8a3511b6250667b5b308d7bd327a224e74fa6c35fc8fe2dbc8f154b4e698cbf58914fd40fdb2d494d5a5b0722082776ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6e61a4421d16d1945ba6ba59fc77eff1

SHA1
17a215a8829f8f93c63a3baaec35c96aeb852788

SHA256
aa5743ed602a1f96f7388fd5127a68d2d2c0ade548082606be37f899b4e5542c

SHA512
aa9c4525695563a821fec02761439eaa295f47be19b41ca53b037ab30046179e31ca1ea594c4efa7cb224edf9bfea5faca27228da018a20273cfb3f297f77ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b20f16873bc1983e0a82e7e03b7280d4

SHA1
aa33ee6ac601f5a59a7f3a401e868553a77beced

SHA256
87f926ad408ab29037e86e8aca064ef58bfa5f4021491bff78cc5630f0c832ab

SHA512
eed9da132189fec69e1ab859eab9b57f97a7eb2d82c81c0866c7aebc064a8bb43917052cd2dec2bc6946712d9382b866d81275cb429d65f01ee7e5f20ec25a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a48b548d6ff790a93d202321f3a08bc4

SHA1
e8637b52b1d2424fde21fe6bdae594bf0f36966d

SHA256
afc333aca438af6ac9111559d6fe32271d6c56cafe4b26e3b8adf51421369e80

SHA512
7699084b8ecfa5fb825a0e1b16ca13a613a71123e464efd714c663c6e6ef7e2ff264026fb1333066b36bbdd2102cd858e6d2adf63357fb2aa7ebbba72686fa53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a5b78298d38db9f0115baac0d377e9d

SHA1
a3c45bad08d2918d80e14724ebac25ac8933e286

SHA256
8743fd83fe071574cbc89d5b081b25519c1f58efb5e094ae24c53cf6a2c44895

SHA512
f81e034dfc1cd5d13a497b9934bad9ce6d8a5c1642f6116f2b0e4e37e510edf9e122b7c2ca05c6f64eb9212c3121a57b826bef53ad0fe2f4a43bf9d18f564924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ce621d074c98a7a323af84e744328dbc

SHA1
8dbfad0c37b911d92dd831322df01b96584281d9

SHA256
5754b1a636b73eb2d79df64d2cb03d87032d384baa1174f1fc159a8e1492c969

SHA512
45abfd351271dfa380c73d64a48c17bcd7f5df86b6b20e9aa3adbcdf0263137574e101859b15a61bbdcbffc8807e5a1d84dc96e0605bf9192abcb6235c7e3116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit