hxxps://pheedloop[.]com/mail/c/emreq_UVtaOlCD/

Resubmissions

12/07/2023, 14:39

230712-r1hssadf53 1

12/07/2023, 14:35

230712-rx54xaef4v 1

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2023, 14:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pheedloop.com/mail/c/emreq_UVtaOlCD/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336461410690841"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 3412	3536	chrome.exe	57
PID 3536 wrote to memory of 3412	3536	chrome.exe	57
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 3768	3536	chrome.exe	88
PID 3536 wrote to memory of 2784	3536	chrome.exe	87
PID 3536 wrote to memory of 2784	3536	chrome.exe	87
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89
PID 3536 wrote to memory of 3712	3536	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://pheedloop.com/mail/c/emreq_UVtaOlCD/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9c6039758,0x7ff9c6039768,0x7ff9c6039778
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3872 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3876 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3480 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 --field-trial-handle=1892,i,9197413759428591858,7322437935888699073,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0f7b49295b009b67b2fbd89a0fe3186d

SHA1
4182df6ebaf0db5201426f6c5554cb182078e452

SHA256
9412af37e11e82d27e9a5ae87237c55b4631520b1fae61dccef566f0a3e045cf

SHA512
a714cf3bce4014bbb682bd330c4c58ef479d594e379228a13619824a184cc19a3c96cb816eecd0c0d04c66fc79425ade5a44a05b950ab4f20cf460975231ac9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bb77051950e29c141b87cac85ea4c8f1

SHA1
aa24f06332038b0c6a7ae030269c3fb958dad9b6

SHA256
11fec9cccf1aabbcf8ffb840f0ffb098b234d46776ff4457f90a76f3536e9941

SHA512
a84d05a236fb90261afc16189408987c9fe697ed07d5c6ce5ab2b478afade222fe711bf7e347f6eea0c1322c096e62166642b139affcb92eda28765f075db1b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5fcadd99d294a491bb6938e7b0d4997e

SHA1
19979d07f459c2f046ee12a99bbd41ce82354016

SHA256
bffe5ad6fd5ef8d276623586ebf0b77d09cbbd51bb0c57cdb3a3ad58ed577572

SHA512
85f3b6c587ba73742741b6adc6bcb7b44622235e95acb403e5e64446c2ca1173593127b3f3833ea676bc016e001b70261573c869c15dab0342c625b094708c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e97ac6d72ca8d73352b85c39d50c6ca

SHA1
b503e9d2ea19eed72fedd5e62db2b524e145a642

SHA256
fa1735bb1e5ee38f0b5772dd3bd784a36e43611ab9382cf185c2b954463dca64

SHA512
881ed5396a8e9e38f85ab09ddfe918069956bd902868e5a37f43467ee97d4287f1e11a9d60bc45e759911dd44a0c776afbc8ac222b6ef60ecdde94d54d259369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
20e03a6d38135e4b73726356549377e3

SHA1
36febb362a121cd0e6d3e16a7a79905a24fb9ff4

SHA256
1588432dac691d5693493ffee51313063c0a17dececdf95cfffe810da65e6b7d

SHA512
9c5e7da098be0475eeeb82fab80d0b18d2b1974d0af2365f279c9f17af3eea7133b695e10819b8a20e1e3b1e97961eadd4eb62d5179ddf5cee0b472f81916c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit