15cedc598ad33b6c8590b08a86e02215e840e200ba646812f6d8875889909e70

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 13:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Nebraska Furniture Mart.htm
Size

11KB
MD5

f44be1e9fe732c99689ebbc407ca356b
SHA1

b4d1278f83e546eee44653a39841fd1f20267b1f
SHA256

15cedc598ad33b6c8590b08a86e02215e840e200ba646812f6d8875889909e70
SHA512

36d3db4a077291a50896f5c982a0f563425445011de65a008ffe29eddd209c10158c6ba369542e0e5c4ec96e21086b378e781340df743b60926d8880e6f89b18
SSDEEP

96:Ftg4qI5xlbx9+j5vK5ffPa//yXAUvRynM3mrbAAFt3tm88pn2dg/BYegFK:FtzqIbv9+j5vKpPsyXc2xZ6ABYeiK

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661283175964323"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 3844	4820	chrome.exe	84
PID 4820 wrote to memory of 3844	4820	chrome.exe	84
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 3432	4820	chrome.exe	85
PID 4820 wrote to memory of 1576	4820	chrome.exe	86
PID 4820 wrote to memory of 1576	4820	chrome.exe	86
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87
PID 4820 wrote to memory of 3968	4820	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Nebraska Furniture Mart.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffadc5bcc40,0x7ffadc5bcc4c,0x7ffadc5bcc58
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4584,i,16875559655678636289,11188030131931375674,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4736

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
239ab1e91bb7039ba6f239241009b458

SHA1
4931d53d13f98520be9e11a8f0b9ea5b5918fd1f

SHA256
599ac271fc4ea7d8ad2865a66184ad58bd9b88f7df6785adddca154ee56b06fd

SHA512
73e15a42fd707779e55c2032e0a1d84be66f3a23d76c175940e4e29e57ca88b7485783ccdb00321d922f0d6100a3928884b18aba82fa7b76a09da6b2f32f73f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
96ec44a591d5819a2a0f56a30da735b2

SHA1
6535e2151fe2e4fc32bd5da428c090dfd10b6b21

SHA256
af4adf5b87c58aa447c286c96f38d081f381b86c677e3550e8ea9ff1a7c45a71

SHA512
a03e1434e1a3a818af493bbc56fea8fad95956c0714c4efacc9c19a97fd8a2795353f5a8fbbe71023fe73a45bb2d55b5d40b0deebcaac02f0ae2859834a8a38c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02aa5c3c682f6bac51f55338b542e3fb

SHA1
0a1da43a9d9e01dcfd26b030998b63b07bffad91

SHA256
d68652f0b6f31392755b37854d75ba52a82df96f0923d31ab7c9dedc3f282536

SHA512
964661153a5aa40e8c3ffc48ea63dcd6394443ab2a1acfb47009a7b396a0aacdeade4abde4ba949bfe6369c662c30d8d9a09b1db3fe3d16b803a9a1293957f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70ffecdbeb18eef08fdf7fe5e0b001a5

SHA1
710c4760ed27df1ad040ff3b7876e00ded10b3e3

SHA256
b0151612c9671de605f9033127d91cb065a977f4e5e8b93c770c766547073378

SHA512
7701aacacf5cab56c69b3b3dad0eda55f2e5c4a277c824ad9adea5f0ab2a83f6b26ecc68aad6c4307add39b5289ba6e45c25cc21d6ba399dd641d169f3b40f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c24b25ed2a679c805c278acfa1e95ee0

SHA1
e05e897d6146107402f7211f326b59ee83d414ee

SHA256
93142f7235b28fca5cfaae8101f880ebe9c33af017c847736047f74a71f769f4

SHA512
fe48303dd29c63a4a8b8a0b56a75df96faaa604b4ba10c86c6de5532f260dbf43d818922e9e7846e2430de794b926f5fbcd5415e81a0c9a50252cb598152bfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f15c13cb8333fbb71c34b7fbe2ae5c0f

SHA1
a43387a24301da0c104119b9ef412558b7ea4884

SHA256
e5a095d43af637f5ebb8594fa56ec37ef32f20020645c941f2a3e41efe166211

SHA512
34928a7e50ec7e3c50babdecac2fb1df3fe17aeadf4db39c93e7e4c1a3d597543cfb536763f583559a31d2195d1a534e958aa9a22270fb75d5749ec87fd608c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
9425b9e4ba209c8546a2b53afa9422e9

SHA1
ad9562b023f0e0dca6a7f1ff59130f559a70cad7

SHA256
488ecf46a56b0dc3588d35f4b3069d57d6b3e1b80b4dfb2372839bffb19c7d80

SHA512
9b413314a960eef97ba3dab6b0c315cd9cfe40e0d6751175c90cb4eb3c9d2d31b0dd6ec9996e32c3f4d1e5cfec0929b094ee2acb4e013b5541a8b00d0e7df612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
75cfd6a111f5141cad7db2f40e89472d

SHA1
defe7063d2049bedb4d86be8b39681ce772c1a35

SHA256
161eebd23f483a83c0ce3f075c0d12fac04e7d3c0697a85d53351afa7c3cbe1d

SHA512
e92b9f686d6a5f837cae193e7c7c6850c053ecdfa4ba1c149a3702b3311bd5834576b208f0c4cfca6ac233eaf4c80aa5625afaa4bf5e292bab27b076efdeeb27

Download Submit