13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033

Resubmissions

11-06-2024 14:52

240611-r82wma1fmr 10

02-03-2022 18:01

220302-wlw43sfgh8 10

Analysis

max time kernel
31s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033.dll
Size

219KB
MD5

ecce8845921a91854ab34bff2623151e
SHA1

736a4cfad1ed83a6a0b75b0474d5e01a3a36f950
SHA256

13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033
SHA512

36fda34df70629d054a55823a3cc83f9599446b36576fbc86a6aac6564460789e8b141eeb168d3e4578f28182da874dd840e57b642af1a1a315dfe08a17b53e0
SSDEEP

6144:pjU6yx1p7lvER8SPD/xzL0ruSSbAOfyV:Ju1pZvPuDF0ruSSbkV

Score

6^/10

bootkit persistence

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	rundll32.exe
File opened (read-only)	\??\F:	rundll32.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 1908 wrote to memory of 1740	1908	rundll32.exe	28
PID 2104 wrote to memory of 2476	2104	chrome.exe	30
PID 2104 wrote to memory of 2476	2104	chrome.exe	30
PID 2104 wrote to memory of 2476	2104	chrome.exe	30
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2592	2104	chrome.exe	32
PID 2104 wrote to memory of 2416	2104	chrome.exe	33
PID 2104 wrote to memory of 2416	2104	chrome.exe	33
PID 2104 wrote to memory of 2416	2104	chrome.exe	33
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34
PID 2104 wrote to memory of 2568	2104	chrome.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033.dll,#1
  2⤵
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7aa9758,0x7fef7aa9768,0x7fef7aa9778
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1652 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1440 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1208 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1184 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1324,i,12211654143604568359,11462981377343906441,131072 /prefetch:8
  2⤵
  PID:1688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ae70642-75ea-46c8-a5c5-8cad2d6054dd.tmp

Filesize
274KB

MD5
345d48171eae3e42534ef3b40c5eb675

SHA1
85c623547f211f13be43b971f5a86c5ea17cc1ee

SHA256
1bed7624a792b2559a95993c27dd8015057329fdd397ee44cc64f362a06f16cf

SHA512
cf62d8e4a527011a15002c8e7bc51621bcb6004fa658efbdb509f0acbce90fe8bcee8f48337cde8dd682f598e5dcd0c5b671b83a949cb57fe62879c709a34c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2c76ab72f9ccb455de5f8e5fec21fa7e

SHA1
dffe843a5d9d0ecfb083f99adb27413b4090a46a

SHA256
0e197762bfeee5ec8146f3b9e373f8b89e189cc12288f0eb9bcbe9522e63d89b

SHA512
a0c7f75482377da18fef7a26a3f7cc66bc5b6dfe51ae4ab42c167f9befc13d6efee1cf4eb3e3bcf554b4a2d6481afe2a6bf6821a1f4324958ea1b0f9032a1388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
820509a42ff095e52b0a9ff7506dde9f

SHA1
0ed9f66add019759b0dc3d593a24c88b3e4e8dd2

SHA256
6578678ee7fee046d9fd091ba6f8ce2167b60ba3a1839448067e4dcfae53df24

SHA512
5e2033f0e41220da56fc34e9af1c01cf33e435627e4fea871505bf09ad42cc12989ea2221a5d2a95e5cc9c677285038462cbbba08069e8f723268f381e1941f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d4b4d1a9-8a33-4f28-8df5-3a3d02de9d49.tmp

Filesize
4KB

MD5
35471fdd9514cc13a36ad89a1b598fcf

SHA1
8c385a3a939af057a0c447e5af820522759c6be7

SHA256
ba18226741b5219e1637d1efada5c1cbd7f94960e0087bf5505c63d77c4266ef

SHA512
cba0c3529a92ab2ac9d24dfab6dc218332009e08cd135afb6d389dc238c4d748a739ba1cd5af1b9cb99396079e8bc6e293430d357732f5e4877ea201e48e6573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
5ac9e3ceb41360118c3cd455335c622b

SHA1
a542d9a75fa480a008f86b80ca9e91c46c1ec5b0

SHA256
186b322e971a042ba2a285e75397fba62ee8229bb82e8008b49253ac902e8651

SHA512
ad5b3ecb93a0328345b60dc4aa97262d59a31376cee1d83030f93bd0ea8d2314522ec3bcf292bbeada0fa31d7363ddc8bd041834e892b4fe56d7f7db9df8c682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit