b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4

Analysis

max time kernel
91s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7z2201-x64.exe
Size

1.5MB
MD5

a6a0f7c173094f8dafef996157751ecf
SHA1

c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256

b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512

965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94
SSDEEP

24576:mGIyixBMj+/A2d+UKnvT+LwZWj7iDDVVYrz0rbzGTw3DoA/sk6smE:mGbj+/BpKnvyIxVV/XDoAfmE

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

83 wtfismyip.com
86 wtfismyip.com
87 wtfismyip.com
88 wtfismyip.com

flow	ioc
83	wtfismyip.com
86	wtfismyip.com
87	wtfismyip.com
88	wtfismyip.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 968 firefox.exe
Token: SeDebugPrivilege 968 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

968 firefox.exe
968 firefox.exe
968 firefox.exe
968 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

968 firefox.exe
968 firefox.exe
968 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

968 firefox.exe
968 firefox.exe
968 firefox.exe
968 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe

pid	process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

pid	process
968	firefox.exe
968	firefox.exe
968	firefox.exe

pid	process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 1300 wrote to memory of 968	1300	firefox.exe	firefox.exe
PID 968 wrote to memory of 2296	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 2296	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 228	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 2584	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 2584	968	firefox.exe	firefox.exe
PID 968 wrote to memory of 2584	968	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\7z2201-x64.exe
"C:\Users\Admin\AppData\Local\Temp\7z2201-x64.exe"
1⤵
PID:4384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.0.563219038\358003856" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79c2fc11-4f71-45e0-905e-75eb05e009fe} 968 "\\.\pipe\gecko-crash-server-pipe.968" 1924 14331b25258 gpu
3⤵
PID:2296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.1.982332936\526306809" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1246b98b-1344-4e1b-a3c5-464f3007aea5} 968 "\\.\pipe\gecko-crash-server-pipe.968" 2316 14323b71358 socket
3⤵
PID:228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.2.2073006565\1834256444" -childID 1 -isForBrowser -prefsHandle 3272 -prefMapHandle 3112 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b60c667-e484-4dc8-9883-77b7be62f19a} 968 "\\.\pipe\gecko-crash-server-pipe.968" 3200 14334834758 tab
3⤵
PID:2584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.3.834258149\693771299" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f468fc20-dbab-4c50-a223-66047aef07e5} 968 "\\.\pipe\gecko-crash-server-pipe.968" 1440 14330a2a658 tab
3⤵
PID:548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.4.1100093274\224222518" -childID 3 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {971f408b-fed9-4cb4-8e14-c387708ed0a4} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4136 14323b6e258 tab
3⤵
PID:2844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.5.1084786758\1915966623" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 5000 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d99278d3-b3a8-4e1c-905e-ea3f00973af0} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4964 14323b68a58 tab
3⤵
PID:2928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.6.1523727621\939652180" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e134c3db-3ad5-4371-a48a-9ed03478a29b} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5136 14336d88458 tab
3⤵
PID:1548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.7.1389772366\809103265" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {488cf5a7-e2f8-4e0c-b153-e50600d1ff60} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5328 14337655158 tab
3⤵
PID:2344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.8.1373170178\1062234205" -childID 7 -isForBrowser -prefsHandle 4144 -prefMapHandle 1276 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b4acdfc-bd38-4732-a748-e23c16da5c55} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4844 14323b5c458 tab
3⤵
PID:3300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.9.827154630\599806680" -childID 8 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 27426 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9ad5c5-6d4d-4675-8667-366508fa0cda} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5876 14323b5f858 tab
3⤵
PID:4848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
166KB

MD5
210f13aef9d2559fbda7f2496d4bd0ba

SHA1
0d6fd7267fa0230e778bea653af1d78c18f41601

SHA256
e9dcb42d3257e018c358509336b3d6aed599fc65d452ec9f4b0eec5dc1714710

SHA512
b74d25d58ccb95e1a4d9c5b6f63621826aa8771993ab03309544d6716e01944327503ddc183ec587277175ca947a2e95417eef18d59f761341cf044ea3061ddf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\thumbnails\feb34ef782e3972ff52dd0df5a8d7acf.png

Filesize
1KB

MD5
999062acb40f7def791a661676b2a424

SHA1
8857fef2f3699254bb6952d0d25ea3f5ddd437fb

SHA256
660a5f332eba2dafd0fc20097c3d9d84a531a7e42a39fc75c9e329707c2428bc

SHA512
3c52d0906e794d75db6a487c867c5bc444d7c087c8ef4783c8db7777756d236dc2b9c4acd37ae2d2a2019da0d82b0d547d9c719977fdeed89c8785d1ebf40ca8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\thumbnails\feb34ef782e3972ff52dd0df5a8d7acf.png

Filesize
2KB

MD5
f71dbad02ac14eb87e7f34e330baa07c

SHA1
abe794d656110f225ce4ab80251b74b85bb09e0d

SHA256
3b0ea01a33d18c8e658563e6c5c5e392490e3dc0b290a01d6bf7386e7508395a

SHA512
fc1981ee37b67231cc36d7fda9bb08a5e05676abc7961216a1f879f5ebd452c06fd017ba7b745ea5af8ef0a7b915c84f32eec7be648347a30492f49d261abffc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
a4f9a8e6e49e29504b29484452f72a69

SHA1
d6df39a228c067d476e51125138da820595b41c2

SHA256
d77fbbfc4c21a9fe5ece31aa81fa7fda6e0aea4111c0e37b6a5145d4eac6d928

SHA512
084e11379cd79701249bb3329747e941639a4b87ec38310ab248214e02f0b98f2b1454a6f183eef25f959b023cbab7b9860594b3a988f02e2ace2c969024b5f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
787908516416216e14ca735672dee9b9

SHA1
21401461a9a06908c5bcbd4f8789c7b7772c5edb

SHA256
5b5b395071df81d751043a0c7948c66bbad9d6f30737f50976d33abbce62ba66

SHA512
5d0ee99c06314ae330a37674cffca31a0af28829c6ebd19fadb76e7990dc212f5fd9e2928e3ca4c8d4bed43311f54ce89df1dd57ebbf37ca36f27d753bbf9f93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
16b992bf911a876e235033e6b061148a

SHA1
ac0b23be0c1b0ef419a632ac7c815f8b7f8f3f95

SHA256
00d731878c6f925fbe96d14e0d13c4fa60eeea55a64b64f742732c6c9aa63cc9

SHA512
bef824a0bdd88b2d9bb4c19fe5b9aa8062f53f1057f75eaa01e26a7f557f1fa56f7841ad3e84bdbafe693009bc2156e648e9cc68e90e6d63fea36160fb705036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
5e6225aa6a06d647a283c9b5fe47ca05

SHA1
fc15899646eb7acfe8b12d446bf24ea0f5534776

SHA256
6f97f80eff5ee86a886bb3d5c602618762948280b6e8beebcf4b5423fd71070b

SHA512
6e8225c96eb079f904240790938d727ede7b79267a952da8c8576429248baf5a03412c939448a11bf0d69302542e1f9518ba38685a2aae5462d64d6284ed9d35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
7a9ba4ef602aa3133c5bc69e7e4370ca

SHA1
96cc072d5ce81b4891e6c5eaac59ef114867cc5d

SHA256
d2dd31cf0de205e721e31fd0107023e993d0c7d6df9f6a604a08834a32793b4b

SHA512
9b8c927f6b2fa77f03b073ed7eb8ffa8352e291f113525a845947d1808ec9f4be297b8aef5aa91255fdfdf0a0ea47db6d95df3ee9edcab9d3acd2497675bc2c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
e92ab0678dfc295fe9fb284907a49517

SHA1
782de969aeed7de36f7b9bedf0653ee6bbe06b0a

SHA256
28221ea673094db4361f55ccf40a44cea98923b691bc7f9ac2f62596fcf6d272

SHA512
122030ae807afdc481c1ba7e8d8521e7235f4d407f861c1e56b4650f69a607ab7a4cd0a6d2a51b67122512214d66afa5d988009aad89ba2d69787a440743b26e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
cff076b7f1c364c3363f4824a883525e

SHA1
a74fa2a8771705a53c15a7ea90007420e18eb0ed

SHA256
870f79637b75051c83983bac5b1c4652e9a3fc063f920899a00fb70878a6e0e0

SHA512
46ac2e7089ea4c7dcb409e8b38af4b4511eeb12fe3d6a7a7ab9cc6cb27a8efdf37b8c634c4ac1986b3c2358985dcea269152bd7b57210b39710adbcc03a3e5c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f10b6e8aea42980e6a96d96013f0088a

SHA1
ade8fc293bf897a6413e364647b4c7f701208996

SHA256
63a4f04d37d71799e3d74f59bb7d978a07345d15298b8e4879ed6746cb519b84

SHA512
6b26f3ff89b48bba87c3833f758f8bc17138cca1fa6e045ddd504998f2e27110376d4dc5440d222ba3d5d7a8f88a4e9adf2dcf1a1ebf1ee0ff5522cbdd85e7df

Download Submit