hxxps://protect[.]checkpoint[.]com/v2/___hxxps://www[.]theddagroup[.]com/___[.]YzJlOmdsb2JhbGhvc3Rpbmc6YzpvOjQ3ZDllY2MyYTUyMjI2YjI1ZDA5NTMwMTk4NWI5ZDJhOjY6ZWQ3NjphOTQ0NzQ1NTM4NTNhNDc5ZDQ5Y2EzNjdjZjcxNjIwOTUzMmMyNjE0ZWM5ZjE2NzY3NDllYWFhNmEyODk3OWRhOmg6VA

Analysis

max time kernel
149s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/06/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://protect.checkpoint.com/v2/___https://www.theddagroup.com/___.YzJlOmdsb2JhbGhvc3Rpbmc6YzpvOjQ3ZDllY2MyYTUyMjI2YjI1ZDA5NTMwMTk4NWI5ZDJhOjY6ZWQ3NjphOTQ0NzQ1NTM4NTNhNDc5ZDQ5Y2EzNjdjZjcxNjIwOTUzMmMyNjE0ZWM5ZjE2NzY3NDllYWFhNmEyODk3OWRhOmg6VA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629885265723741"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2820	chrome.exe
2820	chrome.exe
2380	chrome.exe
2380	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe
Token: SeShutdownPrivilege	2820	chrome.exe
Token: SeCreatePagefilePrivilege	2820	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe
2820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1860	2820	chrome.exe	74
PID 2820 wrote to memory of 1860	2820	chrome.exe	74
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 5088	2820	chrome.exe	76
PID 2820 wrote to memory of 360	2820	chrome.exe	77
PID 2820 wrote to memory of 360	2820	chrome.exe	77
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78
PID 2820 wrote to memory of 3128	2820	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://protect.checkpoint.com/v2/___https://www.theddagroup.com/___.YzJlOmdsb2JhbGhvc3Rpbmc6YzpvOjQ3ZDllY2MyYTUyMjI2YjI1ZDA5NTMwMTk4NWI5ZDJhOjY6ZWQ3NjphOTQ0NzQ1NTM4NTNhNDc5ZDQ5Y2EzNjdjZjcxNjIwOTUzMmMyNjE0ZWM5ZjE2NzY3NDllYWFhNmEyODk3OWRhOmg6VA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd62259758,0x7ffd62259768,0x7ffd62259778
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:8
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1804 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=864 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3784 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=852 --field-trial-handle=1840,i,14626146985667147462,16487569790823308275,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
564B

MD5
2bf274b4c6004a4e618dc18b2fa653ca

SHA1
88bfa014d87e41c428846c42e1296ab9591b342e

SHA256
1dcf57250fbc618a670e707ad1a556ec9eaa7d1b711cea95bcbac082d7509f52

SHA512
cd48ea9951662ecfe4fea9c8e709222ced62deb82fa519487446b8f008e13522f49d324525dcb831f5dba27b13582540751eb89ea20a8585aea6ee9ea1a87099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3ae97d85ed14e8f2c5926fb201d68d45

SHA1
26ba2785467177fa529dd56cc8efaa0c70f26409

SHA256
0dbca3d08a0db6258323d162b38ed25bb11de6a2de48642fc67c3215840ec51b

SHA512
c223c823ddb776c2dcea4aecf9c637937db9f55435f13d0cde0eb542ed72194f37f17ac33506641c7cf9ce32a943b60ce65475b6feeaa69e5b987453a167b821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f16b134be39e11928cdb3b15acdb21df

SHA1
776c8b63d861c35a7dfdefad07e7db015dd5447d

SHA256
3a3a2d334932c0afe1b39956794e1e38aff883ed545940a75af40164a071591b

SHA512
a35ebf3dbb3d786217bd8c08893658d2c939af63fedb75b4e12150ce56ddf2f66494c50e1e24aa0d74ac616439dd366972913285d402ee103937e358c41bb9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0793082575f754c024c8175010c2790a

SHA1
dfd70df230b137be670d21d96a38cf6f9ecfbf70

SHA256
dc4e0c2ab19c3ff663f062c351545f329994260685ea60eac32e2c80c27d480d

SHA512
cde53b25167f32dbd14a12f412b2224168edc47d62dfa761a3ce3ea86a8c16f6f71198eb4b619915b11d89e472c18a5a0041b1dd3eb4ae18be647254027bd7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2c98b12350074a7cb66259bc2c76b116

SHA1
c4bd4ffdac09200e2a338661e20f6154e4b8e041

SHA256
830d2bde2d90ac14f5cd306392385301e639bfc88b2322eb61993398572bfb34

SHA512
97373264cd55f0b6ec7b7e61a19d6808eb81cfbbde5b73c06eaaee5ba30075bdeba22c7a8bd521111e4f85d471731d89fb372a087176216448275c5f7cca40e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit