hxxps://www[.]verizon[.]com/econtact/ecrm/includes/html/vzfwdNew[.]html?app_nm=MSGCTR&env=PROD&destination=http%3A%2F%2Fswilson[.]bri-shel[.]co[.]za/swilson/swilson@tdecu[.]org/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307

Analysis

max time kernel
37s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.verizon.com/econtact/ecrm/includes/html/vzfwdNew.html?app_nm=MSGCTR&env=PROD&destination=http%3A%2F%2Fswilson.bri-shel.co.za/swilson/[email protected]/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240012855256124"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 920	1808	chrome.exe	77
PID 1808 wrote to memory of 920	1808	chrome.exe	77
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 3788	1808	chrome.exe	79
PID 1808 wrote to memory of 1532	1808	chrome.exe	80
PID 1808 wrote to memory of 1532	1808	chrome.exe	80
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81
PID 1808 wrote to memory of 60	1808	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.verizon.com/econtact/ecrm/includes/html/vzfwdNew.html?app_nm=MSGCTR&env=PROD&destination=http%3A%2F%2Fswilson.bri-shel.co.za/swilson/[email protected]/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee9ad9758,0x7ffee9ad9768,0x7ffee9ad9778
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:2
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4732 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4892 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4504 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5720 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3964 --field-trial-handle=1816,i,17186650771595366058,13771758410430586714,131072 /prefetch:1
  2⤵
  PID:3940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81da45bf-a9fa-4928-89c4-6d3e255c7aa8.tmp

Filesize
15KB

MD5
d07d8d952fd42127f1430dd241d022bd

SHA1
11bdcb10cc0c3b5199ea656cd0de8ff80af9c827

SHA256
60d371405d3bf851ace01a7afeb8b6837c09d1e1bd72f6168b32e7572d23a884

SHA512
e5880ee2ee965f94364c0950eb5803b4d6dc5e138112160a5e2f88fb0b3f876bab4bbf36dbf09cffe248722517b1ce5739b65307ad8320bbb05412759ee33bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
2d43fc7286b87cfb843a087645a31d0b

SHA1
25a1ed809507f050b78de4055bb0b7d114caf748

SHA256
809f03d3df6104a40568f706c87997251fc93231ebd7704fa89dcb73b840b88f

SHA512
5168337e0f7e96d93c5f7c888f0d81a6075c091724bf30790b7eb659c825166dbbe864b7652c621cbf09ddbebb457ae44b72ecfdcac1618715fcfd4a0c8fd411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4994c73068237b83418acca143cbf579

SHA1
4824abc918a64db9cb24a1fb64515d8b0e4513dc

SHA256
c52c5e0d87d61806156cedcc98c24c4bde0922f892548ffdf439d5d022926e45

SHA512
e3bc89f093f34363f2cd2e64498aa39c00683ea6f2a83ab8a92060af0676806e7745b482834cede979db39a611be1fb2e05ad3f0f76fea55850eb978c530b256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
4d5c2da9d419f22466d339c61fe39467

SHA1
d7b31ef857d0a4f77cc74182aff697e97f87e9fd

SHA256
508e4efe4f9c80f741241d2cd3a3bf162332ce175a9ee3781dee6c3c126b00de

SHA512
3f84d06b25ee1a904c658bb772d8decdfdd679e7613884aa8c64d5ce9547389bbaf8cee486a7575051a8993986018de0d1758626114411575ec5b4e1b5e734ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit