479f8ddff1392fb73409730f0c5cdc2d3e133b60c515af94ba9a653e8cef7764 | Triage

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 20:43 UTC

Sharing

Report Analysis Logs

General

Target

2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe
Size

5.8MB
MD5

0f0110d252b12d284ca10bb52a23185c
SHA1

077128158af2c55d1574d20a0c8b6aa1a60fa086
SHA256

479f8ddff1392fb73409730f0c5cdc2d3e133b60c515af94ba9a653e8cef7764
SHA512

fa85f91e3ea1174511a2f6490250c4a38d1e4685a87f4342011bbcc1900abf3dfb6b5aac517091d1e0929fdb33cc7576d5f79f9967f6c64709cac31d4c7a4096
SSDEEP

49152:vzlnEcO3Cgrb/TbvO90d7HjmAFd4A64nsfJa/pJMBMvDF/4q4auspdkgKKhdvZfN:63CE/Xx4LKhdkdESp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2092	ChromeUpdateTaskMachinCore.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\ChromeUpdateTaskMachinCore\ChromeUpdateTaskMachinCore.exe	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	ChromeUpdateTaskMachinCore.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	ChromeUpdateTaskMachinCore.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	ChromeUpdateTaskMachinCore.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

pid	Process
3056	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2024	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe
2024	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3056	2024	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe	82
PID 2024 wrote to memory of 3056	2024	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe	82
PID 2024 wrote to memory of 3016	2024	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe	84
PID 2024 wrote to memory of 3016	2024	2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe	84
PID 3016 wrote to memory of 2092	3016	cmd.exe	86
PID 3016 wrote to memory of 2092	3016	cmd.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\schtasks.exe
  C:\Windows\system32\schtasks.exe /CREATE /XML C:\Users\Admin\AppData\Local\Temp\fWZykz /F /TN ChromeUpdateTaskMachinCore
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3056
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c "C:\Program Files\ChromeUpdateTaskMachinCore\ChromeUpdateTaskMachinCore.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Program Files\ChromeUpdateTaskMachinCore\ChromeUpdateTaskMachinCore.exe
    "C:\Program Files\ChromeUpdateTaskMachinCore\ChromeUpdateTaskMachinCore.exe"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:2092

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

88.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.210.23.2.in-addr.arpa

IN PTR

Response

88.210.23.2.in-addr.arpa

IN PTR

a2-23-210-88deploystaticakamaitechnologiescom
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

dist.torproject.org

ChromeUpdateTaskMachinCore.exe

Remote address:

8.8.8.8:53

Request

dist.torproject.org

IN A

Response

dist.torproject.org

IN A

116.202.120.165

dist.torproject.org

IN A

116.202.120.166

dist.torproject.org

IN A

204.8.99.146

dist.torproject.org

IN A

204.8.99.144
DNS

165.120.202.116.in-addr.arpa

Remote address:

8.8.8.8:53

Request

165.120.202.116.in-addr.arpa

IN PTR

Response

165.120.202.116.in-addr.arpa

IN PTR

web-fsn-01 torprojectorg
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

200.163.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

dist.torproject.org

ChromeUpdateTaskMachinCore.exe

Remote address:

8.8.8.8:53

Request

dist.torproject.org

IN A

Response

dist.torproject.org

IN A

204.8.99.144

dist.torproject.org

IN A

204.8.99.146

dist.torproject.org

IN A

116.202.120.165

dist.torproject.org

IN A

116.202.120.166
DNS

144.99.8.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.99.8.204.in-addr.arpa

IN PTR

Response

144.99.8.204.in-addr.arpa

IN PTR

web-dal-07 torprojectorg

127.0.0.1:1337

2024-10-04_0f0110d252b12d284ca10bb52a23185c_poet-rat_snatch.exe
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.9kB
85.3kB
113
113
127.0.0.1:1337

ChromeUpdateTaskMachinCore.exe
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.9kB
85.3kB
113
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.2kB
85.5kB
114
116
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.0kB
85.4kB
113
113
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.8kB
85.3kB
111
112
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.2kB
87.7kB
114
117
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.5kB
86.3kB
116
117
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.2kB
85.5kB
114
115
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.2kB
86.1kB
115
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

26.8kB
92.5kB
131
124
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

25.1kB
88.5kB
121
117
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

26.1kB
90.3kB
127
122
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

25.6kB
90.1kB
125
120
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.1kB
86.0kB
114
113
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.9kB
85.3kB
112
113
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.0kB
85.4kB
113
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.0kB
85.4kB
113
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.8kB
85.3kB
111
113
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.9kB
85.3kB
113
113
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.0kB
85.4kB
113
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.0kB
85.4kB
113
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.6kB
86.3kB
117
118
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.9kB
85.3kB
113
114
116.202.120.165:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.8kB
87.0kB
117
116
204.8.99.144:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

24.0kB
85.4kB
113
114
204.8.99.144:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

23.9kB
85.3kB
113
113
204.8.99.144:443

dist.torproject.org

tls

ChromeUpdateTaskMachinCore.exe

19.3kB
69.3kB
89
91

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

88.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

88.210.23.2.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

dist.torproject.org

dns

ChromeUpdateTaskMachinCore.exe

65 B
129 B
1
1

DNS Request

dist.torproject.org

DNS Response

116.202.120.165

116.202.120.166

204.8.99.146

204.8.99.144
8.8.8.8:53

165.120.202.116.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

165.120.202.116.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

200.163.202.172.in-addr.arpa

dns

74 B
160 B
1
1

DNS Request

200.163.202.172.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

dist.torproject.org

dns

ChromeUpdateTaskMachinCore.exe

65 B
129 B
1
1

DNS Request

dist.torproject.org

DNS Response

204.8.99.144

204.8.99.146

116.202.120.165

116.202.120.166
8.8.8.8:53

144.99.8.204.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

144.99.8.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ChromeUpdateTaskMachinCore\ChromeUpdateTaskMachinCore.exe

Filesize
5.8MB

MD5
864832a4770cc37e472be3cdd7de0c2f

SHA1
1d953626c915d83069d84852bf6445fcc727a931

SHA256
39ab365f806043a9307e3a85266d88885c3125e4a18df8112f0a99aa1e93000d

SHA512
1f8b477b061de2b79bb4dc708e0041e45d6f1b480ba25acbd9cf81c236ba80d56c37f44d6b38243953078edec063f29c5fb58181df545405da4e011036479754

Download Submit
C:\Users\Admin\AppData\Local\Temp\fWZykz

Filesize
1KB

MD5
f7a3acf8a6d1ddbbe32c20c2a5186b57

SHA1
562f99982f12cbb01b1442eb6ddd77be5f7d0fe8

SHA256
91758ef395487a82d863fcac3f3c38d55664791ddde6bceaf1f851e49caf5576

SHA512
22e21088d51819915932690740451c1d56f5cf6a5bd33e29644510612a4112c091649b80e718522abaa58f19279481b4fbc3ba1a3ca2e2f370eca39f4607744d

Download Submit