hxxps://drive[.]google[.]com/file/d/1K0MKoShIUCPYLiAjSuTULSDWj7H2Va_e/view?usp=drive_link

Analysis

max time kernel
298s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1K0MKoShIUCPYLiAjSuTULSDWj7H2Va_e/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
3080	msedge.exe
3080	msedge.exe
388	identity_helper.exe
388	identity_helper.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 3060	3080	msedge.exe	83
PID 3080 wrote to memory of 3060	3080	msedge.exe	83
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 1144	3080	msedge.exe	84
PID 3080 wrote to memory of 4704	3080	msedge.exe	85
PID 3080 wrote to memory of 4704	3080	msedge.exe	85
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86
PID 3080 wrote to memory of 4988	3080	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1K0MKoShIUCPYLiAjSuTULSDWj7H2Va_e/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1251491073636808638,9809850584115955695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6839c5bc019d5f21cfc99683482fd790

SHA1
b565af201ff9a3056e1bae3e854d3a71a7d43b25

SHA256
5163ae01c3012beb019f78bf804ed2f4fc751695c94f04bba9d97dfbbb05e1c8

SHA512
75e8eaaa8eeeb89e4fa8d7652705c842be44c581cc897caddbe860985970cd71be910e134e3180d739b997165709e96fbf47fd8d5a3187d43511a63a2bfaca9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4a839dbe7ffaced7da64fec5d9ba286d

SHA1
017d6ebe6d32f8b285e81c89b6c701cd7aa5ce9d

SHA256
0cd8001ca12c52e09594a6c6a09f3799ada75d89d7987e0dd060edf20e50bfba

SHA512
890d1f317bc6f5e8b8ef7a6a143285651047c00e5714b7ed339635e96ad6d280f3d2b538843da2ba4ad0a612cb3ecc5977596765abf2f6fe688781d23ae79a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f7d595b946f86acf028ffece6b54fa66

SHA1
d7196e48d3783ef87f56b3ff8b54716448e6ee4d

SHA256
95be8b944043a7098d022ee9342e3a056d0a8d657c1bbf1f05dc01135611e3f2

SHA512
834e810c0d8955ae802898e290e77b6e18fdf472d644c473b5494ae71a3553535c58359057031dc9543a45774da67599d7b483506da8d53162ecbab9c267ed1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
48b7898757d74b11eefb46398796061b

SHA1
d2074afcb722b3df2eead414b52e1320a767dfa2

SHA256
e8fd9804614563aed0d9d88cf83682f33d8b5bf4db4757d7bc26ab89349f3b54

SHA512
f5d03715421943fafb8b16360696eb65e7a47f4e1b1ecd15e187aa0fac2d285e33e443e013e38a380f33daee9fc2f669614845186f5270c53a4514f125f19f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
244e9506c6af8248cc927314747b860d

SHA1
eae6e6a87ef3ff987a6360cf0b740472a76d01ef

SHA256
c3c30b7a23d4a3cc7a6921af21728507009c894e720b163de379695606988814

SHA512
13ba77cf5a1609966933bdfa7569cbdbbe8c1df11bce81ccb2587f8d1bebb9bf3ef867ef3f2e3e1e02bbed93d191c9ad4b21a3431c67034c05cd7c89ce14409c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb6d2d56f1b35cdee8082e287ab72fd5

SHA1
f8b320826223bb30240cbcea79d1f5e73fb1249f

SHA256
b1c01533d93234aa88998f2fba17392bea8876291c7ba023d0eac1eb0bc3a530

SHA512
498d033c6d8f29a83b72ae873ba825d1f8ef4f1527fcdf572e797ddacb97cd7f3c3edc59a370aa1d938a7537aed6347d97a1e6104de99cc90f0cbc4d335da4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
324be9b561e4454915c889628b9a958a

SHA1
ef21da9ad812eb2387ebc1dc29c8ca62065028f9

SHA256
aa7e0e09cdaaaa665c342eb628499635331012ca1c2a64074db92d7a5a594221

SHA512
c4c8d93394092c6de5fa338aeaf58af37659e9da8771fc3fcbf9093fafe765c66217f6c919d41c972b736a34f1300964b6648cf7c489cf3f4b124782b17a390f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7e5919dec11a030506b90d3349f0de2

SHA1
e0389249d3362e4c5e382174e6b06eca43e03ef8

SHA256
645c6dd4cec1189c5b7f35cf7f951aa1a4f3873d1b392a13f014c79528238f29

SHA512
11b504cfd28a9fc69b6c2eaf159ea6d51e82481ec390f3b6d8c4b079a7c05034b1cbf07cf0332973983b20fd180a14681852603c5ef9f21f22c7da8ec3f1e668

Download Submit