hxxps://jtexpres[.]vip/gob

Resubmissions

29/08/2024, 09:21

240829-lba4rawenp 1

29/08/2024, 09:17

240829-k9bmhawdnq 1

29/08/2024, 09:15

240829-k75skawdkn 5

Analysis

max time kernel
63s
max time network
64s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/08/2024, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jtexpres.vip/gob

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693965717450574"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2420	4892	chrome.exe	73
PID 4892 wrote to memory of 2420	4892	chrome.exe	73
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 216	4892	chrome.exe	75
PID 4892 wrote to memory of 2152	4892	chrome.exe	76
PID 4892 wrote to memory of 2152	4892	chrome.exe	76
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77
PID 4892 wrote to memory of 5092	4892	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jtexpres.vip/gob
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff87d0c9758,0x7ff87d0c9768,0x7ff87d0c9778
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4844 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5116 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5024 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5096 --field-trial-handle=2148,i,17880893276019368836,2839061112451278029,131072 /prefetch:1
  2⤵
  PID:4080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
83e4b66ad875179bb3e2782b286b828c

SHA1
d9489835f79da5c7ff1704ebf1b157e1fc60545b

SHA256
48029d436a83dacf12af8530d000791d1c8b6f3de85f4f9ac91d437ef685bb50

SHA512
6fc7c49d8fb483ec12c3149623aff0c2779e64af4076919e510ac6c0658a2cf39809e3d8ba1880dcd3258fd9429fac0e9810060d3e86475007deb5fde3a40814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
35a6a5698f6b61c5c7cc02a918b1ccf7

SHA1
e4bd24e17bccf7aea6522c96a3f9f40400c7cd8d

SHA256
f98b5fa357dfa2c39551b8908781a4a994d443c54fc5c413f71a192558244451

SHA512
fca37bae964e65053ee03b2ce772c3a8b4815a5a1fc233fa50362879e4f80005ac3d3f2acc8d0d738ba15395f27063d5952739bce6a0e45fbedb58486fce300e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4e412ec504d7b8d2a2dd04a120f9cc0b

SHA1
a573345a45877b9c322d5ac74f8d25c6dc82ef3d

SHA256
3b51919221edea0e64dfab8d171c8e1467e581deff8ea9901a642177e2bd04a7

SHA512
3d8f5e199498215caf018cbf547cf041afe2cb02005460ca4e8d3514a288adaed4877da456c8f7735b296caecbd9054d02383ece5148459c036cb38d0cf88641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
54739e90f42b2a14e446075b68cb6657

SHA1
352b6a6c2b33d70e56ecdaab1cd23545da0ab2c9

SHA256
3c3561d7d4c553954aa89d7fea83df40d05bf912987dfb74e053f45a0cd41bf3

SHA512
5163ad030d34163e45573ffba63e3efe458a69429e1252efc4ed096662f1d4e330d52fc23bb9211c8e08cf1bd2bb2ea969d267fab99e22a523308fcd6c00fda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
12dd80119ab19476ff9b4896140e922a

SHA1
40bf9ce7c278975387b9d543e4cda760dd5a320e

SHA256
a5ef9926b019d9c06388183def13fedb2a22dfc6166eebbdd4baf76311dd1cf7

SHA512
14f062533ec3a35056b2ff7a978b3afa0c5424b76fcf7003092a1eb19b7478ccfa9487bbb6441f4a5daabac39a9fad0cb74b23866b20e866c9578d2d83a09424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
20df6ece9252190147832d7f4e5e9d38

SHA1
b1a35e55addbf4569b27fb8cd76ea5dd507c5fe4

SHA256
d7a4dccfc35c2fdcc96138f589a14f794456e689a67940c004022aed7454db79

SHA512
1527b5cd59d53aa19a9ec4781f5b3b8264119ad8ce1e36f2d7c45a56ffb97fe670f8dca26eb6f4dcf533ad21673b362c182213647b5d9916897efb662e29e8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
050d0f24442e253aad89e8e755d4f070

SHA1
421177c892e1c76cb320eb9c07363946f74d5f3f

SHA256
ea254f92b6956ff251054642a00182bf757015df45c0316c55dab0df6d81cfe4

SHA512
af95ebbb118a81109ab06238c4e5fd64916105b7b225da02793b1ca7e032f1d274ba54b300cd80c180fa7634fa3a5dc9461b4e6039edf602d98c267417a41f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8da672f1e506e4455cf9b39025a01b0e

SHA1
ca0bd3bb8367b9a571681b48c00123bb9ae4b241

SHA256
e8636a285a00d703ac76b2c6eee9f2719171060f9cc6449b343e64e7ba443e92

SHA512
9be74f2cb9b6fd03b0a68acb64cd58c4582eff660cd39bcce7ceb4396d895daddbde26558249d43e2e374ef19719a2819a67936383f7756bd2229ec8a9d86a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit