hxxps://www[.]filecrypt[.]cc/Container/B6714BA457[.]html

Analysis

max time kernel
50s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.filecrypt.cc/Container/B6714BA457.html

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
4480	msedge.exe
4480	msedge.exe
4444	identity_helper.exe
4444	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 5108	4480	msedge.exe	83
PID 4480 wrote to memory of 5108	4480	msedge.exe	83
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 1768	4480	msedge.exe	84
PID 4480 wrote to memory of 3912	4480	msedge.exe	85
PID 4480 wrote to memory of 3912	4480	msedge.exe	85
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86
PID 4480 wrote to memory of 5064	4480	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.filecrypt.cc/Container/B6714BA457.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9958646f8,0x7ff995864708,0x7ff995864718
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9219135277557683022,12294204340651891014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\031bafdc-7c7a-43c3-b021-29d49054e041.tmp

Filesize
10KB

MD5
6637e69967292dbb6c00f41dde082805

SHA1
ac5e1541b4f98ea0e20feef9ded600448043ff20

SHA256
b09e98414963ccc8ea0e0eb72d9a5be41d05997671066ef3b203f43a90562ce7

SHA512
0013b1896228e0360ebf8d18bfcc2ba91775299b6be30677809051a88f85c7352998e5e1d54d561fab286f57091cdf136825ac17f8793f4161e8c2505db987d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16d2cc2d8a8347e405d36323b4e6ea99

SHA1
ea695aa245d20b1e1141f4c18ee5e56f810614b4

SHA256
5455c3741232efafea8e3b155a0fecb660800e2e0f19cd2d720281f7cdcbbc23

SHA512
85d9d1319d4b4f8442e2fbd22951d7a2836f6456f18062508a5d22031d829a23a1a4453283f2194312ec444eef57fe09ca393c5c1536efabb7495fd301433343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee3b30a1359db628dcaf6b053a049740

SHA1
35bb7a4d99bce5d4ff9e080b6078dd8d9ca9cb1d

SHA256
3d145dcba409bab26909c6090fe80bb55a0c030d226f26bb4e04b1bd495f5212

SHA512
6825eef8c8fc940d1e21c31e8643f969386fc5c5f467b6ae4a6709dd09f35632bfa2b87f3bc828a8dc6d70533dc7fbfcef6772e2b73586286680f4b567d92c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
4d80a633bab2715ba6266b912e5b051b

SHA1
0a64547c1aef17dd3ed4fadab074459582d3e95b

SHA256
a5b466c813ebec98c63a5d27a290255a34fa94c03272c422b56ec9ec107104eb

SHA512
1cc754bc6fac452bdccdb5fe84a1e23097db37cc963cab6ab98708366bf52a2f665d2a2eb3e4891927a6105afa73937a444fa31fec15fa0ffedb40ea68416532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
56b395383d3abb47d4569f4716302ad0

SHA1
381c1393d9e13e137ac8ad1c12fa75a34fee5566

SHA256
f8d9f002830c3f68e918fd1621a7e5bc93ce8fea38813db5606de3ed393b72e8

SHA512
8f24c0bb7ddae1e090601e3a8cc13828db42f0e394100066f12a67fc84467f91ef936520cc57a07dde8939ce865a218eadfaae36dd96351714f646fe0910e6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7525d6dfaaa22dbc1164e5e02700b24f

SHA1
9f1c6847ed63d0ed6761a2bca69024cca3bbc475

SHA256
4fbc6bca5bd32d26995379e927b455054ddcfef9bc0faf4205be42528cf13f71

SHA512
b015708da26d3668928747b731a5606196c6b7c8932d99b6bf96d87e28b5fcbeb928c4fa9e35f143133b19d6acfb550aa506eadf2b41b27038f70543d2342d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18ca5d40277446645695cf0a2098d5e3

SHA1
407acc7478e4e963084a97fc6e10be8fce7b53e8

SHA256
c67c7d1242380a0bc0af492ed84379455219cbce76d57717393f2052c98788b1

SHA512
7f3a7cadfa79c15f7068ce7aa6970392fb579d3d5b42f13221dead418fff087245d6007e2528faa28c757c5514b28626331f85055ba3a28f1aa343bab9486e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
718be6012b9ee5ba21fbc0790dc48189

SHA1
672ce28039a3ecd14348277453ff4b3ed9d13afc

SHA256
ba1a69ff8fe1150241b9dd351af7ac1bb9a527f7a1f2e1bd1dccc49c4ea94af1

SHA512
3303d66b1c1598bb673628693429b09b760141322a5e08a65788f06b0d08aab47f8350a870624086adabd72e9dc841b088ef9b497e1a57a130445000e124a023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580961.TMP

Filesize
204B

MD5
6188a1800564e3ce248ef692d98d89a8

SHA1
fbe949814ccc6f0e91271ed47343444690b5e181

SHA256
27ae7ac20c2e063204fd6d239286ac3887ee1d2690a08eedf4c101cc4b5a93b1

SHA512
67ba91f844a4eac7bab7658cdd514d18d93bc75b8478033dee807dcb8cedeae243cb06ca91ed6e11228b2291204bd867fa5726d9fc3b0a455a99542e8cf64782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit