hxxps://protect-us[.]mimecast[.]com/s/rsOuCKrRDJi2B889IGTNqA?domain=support[.]docusign[.]com

Analysis

max time kernel
156s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://protect-us.mimecast.com/s/rsOuCKrRDJi2B889IGTNqA?domain=support.docusign.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133433494916063845"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe
1616	chrome.exe
1616	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe
Token: SeShutdownPrivilege	2960	chrome.exe
Token: SeCreatePagefilePrivilege	2960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 3992	2960	chrome.exe	88
PID 2960 wrote to memory of 3992	2960	chrome.exe	88
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 4544	2960	chrome.exe	90
PID 2960 wrote to memory of 3368	2960	chrome.exe	91
PID 2960 wrote to memory of 3368	2960	chrome.exe	91
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93
PID 2960 wrote to memory of 2528	2960	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://protect-us.mimecast.com/s/rsOuCKrRDJi2B889IGTNqA?domain=support.docusign.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe556e9758,0x7ffe556e9768,0x7ffe556e9778
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1708 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4612 --field-trial-handle=1872,i,15571004703844618593,3045072528690278298,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9cd0ec0b-252a-4f3d-a3ae-7ef0d5e547c6.tmp

Filesize
6KB

MD5
afab0033046b3a8bf9aba8182fb4be40

SHA1
57a8672200948898d54e3bc59cf2108d0c939908

SHA256
8072f678000c3cf2bbfac8b7ab3312944723bdca891541c75e3b80b8f860f7b3

SHA512
33848096d76e6a7076c232aa12f5dfcecfac8454defe93db8a7d4c9c57e6594b9b2cd203401ed8a9461af7ac76c470de83d1902009b9fcb0b5b26e7a0845aa22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9dd75541f7f6dbdfcc6197e78dad3099

SHA1
42ca20400b7790ead49792d0263456882980ee1e

SHA256
7a553b59af86ecf90cf3391a3d6d7bb5806cac8d567e44229bc5d854d0a832f7

SHA512
d7198ab04d60c4f560a94c98570855545ff19bab7b2fd1451df3f29d208d84da019578f82c76f76f26f95a3f3790a43ae5d48c54ef05de74b025b32272d16129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
232a54553d9ac6660b8fa97d501857e6

SHA1
75b857e653cbdce6eec766b1f66f854afd910d1c

SHA256
daf734a85d754ed96153c7ec2fb96cce2b76df89ff4d302ed1a1cf921d35fe8c

SHA512
811e34057ec2ab7835f9456601102d73214890189cf541b752be505fa23af54ebc7af7c9bb4dece16f810aa95f81842151948b02bbb564444c0f731ca98b44c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
6b1a73a944ed2a17bf88e0d56719b508

SHA1
2a1ed01cee592e13ccb9fb6d09218091c68a28bc

SHA256
3e1d6ff70e4397aa852011cf34dee899c670b482f574d43091afd5186ff210a2

SHA512
1179eb7d1ae4462061d69052d719b481985b2011170e0a8242ddf3a02c383d6c280c234474bcb4cf5cc6d4ebfd3dafbf6d7795b4c402989e0ff274b209acf45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
89f260ac24a68e931973d3fd8e9b46d5

SHA1
d1a40f7e2c58757046a0265d21e8c2bb4cbeaee7

SHA256
745c3ed99245180fbedca8de75f779a2fbe92ce29a24e27af917bb18d8a6e4a7

SHA512
6011a8d1b7e8b613f46fb220771c41f620534cab358eb3039d5fbe1e826b7bb0b8c71125311ee9533a111d04af0332f13f5a4f2ef65225d8c65cbe416acf4e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad6158779b06802d1f3e8564bd2069c7

SHA1
4e7ee8800b567a2f50ff9f8fdca278f9a68c1c1b

SHA256
4e06cb0f99e63328426cf7f5a569a0fbfe214151ab80ccd4dd4b75cac4a9e116

SHA512
c0af8f482bffdde324926083cda25c4872fbdf81c836592c55d65c27317ee1ba3bbb86106c26b42155728ab322767366263b0b8ad250c41133ada8799e0eddb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b0b3f576841c72445900c0d34e6b416d

SHA1
6c6bd7485e08047b6c776e3935dc4ac597ebfeb6

SHA256
a503388fa67ef01a0614ce6e9f7c6f8720f7f9dc06c56114ee3223efa5f2eb14

SHA512
d60435b2d6df27ffb424c94ec9618e4862a736a5d5e2770216ed818b0242340718dd9206468494fe7cb6b6fc93ac264da92862ca3ec3c3c1ec863330790de8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
28e3ce0d34170d774efc7209cea5ed0d

SHA1
3d1d2a188a6f955e4eb638955e4e050023f57d06

SHA256
7eca08d0b93894a2e38c046c196385076d272f0247ea6b7934403a4fcd14dde3

SHA512
204d2a02564dac29989453b3fd1d647aef2803a403d6e80093ac3183ea1e41d89f68ec5dfb0a59978bc74b1fe6581a8ee3deaeaaa6319e711fe945dda231ebf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit