hxxps://drive[.]google[.]com/drive/u/0/mobile/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-08-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/u/0/mobile/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
588	msedge.exe
588	msedge.exe
4644	identity_helper.exe
4644	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 1800	588	msedge.exe	81
PID 588 wrote to memory of 1800	588	msedge.exe	81
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 2988	588	msedge.exe	82
PID 588 wrote to memory of 3140	588	msedge.exe	83
PID 588 wrote to memory of 3140	588	msedge.exe	83
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84
PID 588 wrote to memory of 4084	588	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/u/0/mobile/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffa713cb8,0x7ffffa713cc8,0x7ffffa713cd8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,8223083188390642759,8080477607213989641,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ed103a9aa4044308e82ce7fee054359f

SHA1
96649aa541b78422cfd1ea6caabd1a16396bf37b

SHA256
861ded062267315795b695800fb660576ec179aa3beff54c9261c7a3415bf12a

SHA512
a23fb60495ffdcc089f34fbf28176343b0476bfb7603b30bac80558910a8413fc77da52ff3b787a2d51da20591113f25b17108556fcfda0804ae04c10b42cc22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f1bd12f216cf2304f7d6fc799d10742

SHA1
7766d5341ac2f9eb77fd95f1d0afab7231187374

SHA256
1c63f720e84c015bae3457783c18411dad2b0a337af44f330dec88cce04140ca

SHA512
0de08c273cd66fedffd83badabc3a15dec65d1b358b6b8f419900de78e99c760af37457d24021e050d985ba8080cf5b5865f60d2fac825c0ee94903e1400f624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3431c6a85a27e55c6b3e61e6086aefd3

SHA1
ea5e25a29fd4c4b72c72a1db9ed9b17587eb5ab2

SHA256
7806467e8b87005b055184be07f9ea268052715ce487bd761f051be6b7c63e9c

SHA512
c8a59216faefa4c8130e17b176d1b5d28858e3332a4fd9c12dddbbce5d849a1def6801c2f4308fbe08f9452a58991c1f345e457de57d6d112546721868f118d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d6e0c5fe321bcaf0ea548858dd4b29a

SHA1
a1d16216506c4bdc9b4dc68eb3b069412a545082

SHA256
aa2e61d3b2873490283a73ed6e2fd607da79a2042e6a1f9eea15fc49b298e675

SHA512
e4b576000369a6d3358f32cc18cc55cffdeb25da511aeb02438ffdcbda77dc2c14f8c30513b9b0e8d619a77e62f71fc6ab7eea4c50c0c384a7601841c238b7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
effb43f378f7c5aed4394ca5a43f280d

SHA1
17c02777116a383531e2b097845d9e1168b1839d

SHA256
eb1ce5fa8fbb736328128b279b7c0da0db58f6a87eb6e6196c8fcb2d64c937ba

SHA512
b318f7505bd45ac0bbfa4b817046a131c18aca06790ade46171c3c7bf3d8181fae2327aac9e69be472ee909ff18583e17b331f65c80b4b952f1c5166af0ec887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f098c90288c74c55ccf3070e44ff57d

SHA1
e1bce6dd3867d3f0c6eda125f3f05ce9451e7c0f

SHA256
dcaf488a555485b9df2fde80ebde4c838998248a0db4f329e9578a0a1b674f50

SHA512
c71dd85e11d40595e2c15089c16086c1c8a99bf76ca3312ed1bf805084f8b15a245b2efa73c7be4b657ab84a0d05697172b34c8ddf2aae8f5ae052d734a991e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
659bb84d974c4d45be645e8d4e92b087

SHA1
161f45470817dbd64125ef55d504a05a83aebc75

SHA256
ab5952620a68ca5bf59ee7b4ef6316897fd0ceb210e06c4ec96ee6ff2c097e05

SHA512
800d9d59341de8bd4e5c3cec3d0ec6356ed30d811b532bf15ec3f4b7dac43d9110946266017f0eb22ed6095435eac6ae56e5904cfb4d868495ba0750b5a2104e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583738.TMP

Filesize
1KB

MD5
49ab2f9c652f0b7db7a1f8a450d0c11a

SHA1
7e166ee0665f837cc1c6358a4fd661fc5ef1173c

SHA256
8a370408c92a09136daee07613da1cd90b2b7b43246cd235a7ec9a66be497385

SHA512
2376e5a549cf5b31c5c37ab4e4a661a3c7c722606ecff55243691e753da7b36960150549442dab8c8e8babbf1a2ae25d18f5b20019a07c4faeb26d5a5133dada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d9339a525754ff5ff3d5923e7daa811

SHA1
1dc3f193354d8ccabe289e6f9d6a3230c7e9ef58

SHA256
371def7c9e424196ebb7e5bda351378a301b436a5721072d83fc9c20036e6799

SHA512
c118c64730690c5518a77b08f84a8743a65569194cdc4172857e2676ba000f0acbe7f4dab6206fc79393a5ee48f28cba7b1a109bf2e75e9977c19c4414579a07

Download Submit