8a15f942dc320c465a63dd15614dbdb659b267a29539f807c93f2ac66f5f0fe6

Analysis

max time kernel
100s
max time network
136s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
01-07-2023 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bear.xml
Size

2KB
MD5

a3b81d60e065ed84bf23746ff5dd6b39
SHA1

7420fe1744bcc51399be1efc8331d6a808335243
SHA256

7bd2c80b5ed3cbf4a70706e9a07f68eb9be108cfb3046caa02362455d0896096
SHA512

56987ee2776451b55eb99b13fc0981f65e824fcc61852e1a5e481e4e94c4509e058337718960640e6caa52c6a1c5db28b6a14ae5c356abae57689a6b6221f750

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44960371-17DC-11EE-B7C3-52E16B800929} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002ddbc2eb40027547a7b75ae262b677ea000000000200000000001066000000010000200000005e80e372b9f0fa627a19dd84bacb25a0f7e3e964d6c31e4d9bce132e522698d7000000000e80000000020000200000002d54874acdb102c5f6739ec7c13590ef70cfbc425ab11644378afcecea2ff49d20000000a6aff13c5f8a1802852044208163d510d32d9a6c6b2fe547c4d00d0a12f585e7400000003ffa67250bc9aa91f365d947a3fc6004b4e190401d91b458f27aab953a1b0cf2a64e3366d7dcc7e3f11b9cad837254dbbad26db4c32f21afc4a64a9e12507c22	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0233e1ae9abd901	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002ddbc2eb40027547a7b75ae262b677ea00000000020000000000106600000001000020000000ebd47362af26770a5ccea418707756af28d0dae9843c8d5e2f4ea152d021eee8000000000e800000000200002000000051fa0a62a876668591619e6b8f3a9fd05cdc803c73c345a831cf787156fb998690000000c5e675e8458d355af2098cdf87f2a426df859fe3586db2f8eddb09e1a485b5c005055ec706b770be462afe59f88d467d5ea6991de6c4b0bdb29869e282273b691072e2119da8b0c1944dbc0e1cbf9e47334ae205a5bb86509519950d95fe23ac4e2e3f97570f8995c80108deea27031d74b2b0206d65eb0796553f89f44a58622e37f7bd76b028e3c822df2cfcdbd790400000004181338036107e211e4611bcb7e9cf2a7877e5d50f381b497e43a740245756d5e4801967a6f1a95435004d0b53876e5949ad9158aa0539a5d46d0f4622b82565	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "394959505"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid	Process
468	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid	Process
468	IEXPLORE.EXE
468	IEXPLORE.EXE
544	IEXPLORE.EXE
544	IEXPLORE.EXE
544	IEXPLORE.EXE
544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

MSOXMLED.EXEiexplore.exeIEXPLORE.EXE

description	pid	Process	procid_target
PID 1812 wrote to memory of 792	1812	MSOXMLED.EXE	29
PID 1812 wrote to memory of 792	1812	MSOXMLED.EXE	29
PID 1812 wrote to memory of 792	1812	MSOXMLED.EXE	29
PID 1812 wrote to memory of 792	1812	MSOXMLED.EXE	29
PID 792 wrote to memory of 468	792	iexplore.exe	30
PID 792 wrote to memory of 468	792	iexplore.exe	30
PID 792 wrote to memory of 468	792	iexplore.exe	30
PID 792 wrote to memory of 468	792	iexplore.exe	30
PID 468 wrote to memory of 544	468	IEXPLORE.EXE	31
PID 468 wrote to memory of 544	468	IEXPLORE.EXE	31
PID 468 wrote to memory of 544	468	IEXPLORE.EXE	31
PID 468 wrote to memory of 544	468	IEXPLORE.EXE	31

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\bear.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:468 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:544

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d64e0fc741f8df50a0274ba1ec7ca3d9

SHA1
427113b15d0e361972cddbaa8937d1e9c8d4acc0

SHA256
908d769fac244b172305b827917a1f9aaa4b3ae9723b57e89682231faabd60ea

SHA512
86d981e4a61d180bb4d9a513c0b9db67173709770bebfbf765d88e68005f7cfc6d32dc26e350d1888d9027a44b340a7fb598f253ee84775ad32c9f6db89af51a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fa4ed7604604499875031dc153d5dbd

SHA1
fb2726458f9f5494a076c2330cde1d943738e2d9

SHA256
1ee364617a7376d3b26fa7d5282229fd6eb7577b847503bf61f18bbe4d48217d

SHA512
37853933a5714730d86e18204dcd00a31960815b7faf656420d0cfb12ba1e22b497cb9c497103c4a574cbe4954bb52a49675439b994d7fa4c749a33be1f68d54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a9371cdd90fbb16a7ec4d1563f7fc88

SHA1
1fbfd89cf1d7814745a3c52335ac0113e1839ff1

SHA256
80daa0f7f3fe6b2149a801fa4ed8e64f2c2f51a1fdd80a790850d43d695a7676

SHA512
09bf059d02c47452b5c947ae84d19b7e5e7638dcd0d0a7cdf84206d4bb587b0967ca8edf6328830b38f331941f342f016bfc820404811130b28c8b5d71879269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
540022195829b7b63e9bd52e4975f2e1

SHA1
cfeded73026628afa18c032ace918b5abb0f85c5

SHA256
3644cf2d90e58ccface16edfedbe176557ce8567c57015ee2e816cd117e295a4

SHA512
2ff66dce59d6c41da8f0521e15443685a3cb27e766a07619192945819f5e6e7659d8c66f2f6f44125d45e4cf9eb17b313dce7e8e460af9b023fddc67d822b64a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36c8d63316be46c36b930b76a2d02858

SHA1
3fdf79d13c42a9b959b2240233c894c2dcbdaf57

SHA256
25dcd079699b4ad30a73ab37d47d9ac2b81b9b32f3cbaa928438ad443f8db6d4

SHA512
cbad1f574d4ca31a3f9348f456240845ac5aa4360fb2f11a686fabc8d6052919138255a82dbf6bc6d39e2dcd4320d1ef4f80220b904581ff18f4cf08f4998717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e8c3e1769f604dbdc06c1d460e0300d

SHA1
1f10ecf9f59f5a0bae7290c2beb866ee39f97f4c

SHA256
9e60e3559351d3e8ed85773f1cb88ad6fa856318607dff9a50be61c3d9d33277

SHA512
75a362b624df64d7978e1caf0225eca95108af79edd1b106fe299eaafb18397d212883aec6cc0053a286438df752efbbb88e42c2de257f118778b0887302bbb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ea47cbe8b99a42409abe044c911f713

SHA1
e8a76408796f27060d03609c95e528730b5d7420

SHA256
d486d8040e29934dbdf652461ee68902d01dbc6cc171bcb8fef2099f8ee73fc5

SHA512
de1db1304faf63b5ee21fc0d34a27f0517d331946ae05eb36f5d9310e8c4e1de6978fb3aeb75c2b21032b0928ad12af51e2c9817e8d81356f821c55a055eb72f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b435a9cbf625c7c0d290b90c4b612dbd

SHA1
6001501487dede63a6ef052a49dda8830271726c

SHA256
00c2d58eed7e0a82f2a6f3ca490bca03c3692aec9aace247d9c3b512de00a4da

SHA512
6f2d3bf373f661b9fe547a9bcd4baccfd35cd8528b55ceeb40b8e9743c2e27cd34bfb5c14d11a16f3b953e3911f969e5bfcb37374eb94284d843b9c026d4f2cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d36834bd08c3d2deddb0f2b846349d97

SHA1
57d7d44fe68b1e02c2a8a20a859d78a442e81d33

SHA256
71671b39fb8ad0a7e553e298263188d87f34dfd600a0deec65c7afc98cb208b1

SHA512
bd3c65a2337fedb4d8a9d53fb4b208bef5afcb87a1800731ef86614e7640cf46601bdf132a690845cca530b287ea9676a2e88140bd8fa814e8d20d14690fdb49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b2082e9218581b0f076de3080606aaf

SHA1
8a80f386537b969173afc64a7c2f03991af59269

SHA256
333981b3965361331924f2af448a8e5f7d7ceea091b32150ae7d86ebee3d6b52

SHA512
90e348b3348f11bf950ccbb7f0abd6e46df39673cd9b1a3acd38a343d4fd475af0b40afaaf43ddf022bb954b4ba9dac082ded1582980abbc15a69653bd7b8450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32d60a052487046f1912bda27ddfab1e

SHA1
f4dac836c89575181bdb6fc45d7de0446d4c555b

SHA256
d1195fc0b554a2f76f8301c6d483ae2e25eff098b25a67f7f41d95ba0dc0d224

SHA512
227814d9a3eabe72a9754c3487f7b65bbd5eea812d597dea92f839c9dcb437cd73b939d21c583d7fdfb9bf50d3a28a4ffb8f471bd172a9432df0ea2ad9eaac67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb150a2c90a7410f79d14331ebede41f

SHA1
923b81f9a560d91c985b5e80b38fde9dd3bd4018

SHA256
3ea4b0316db0a978aa7ea47a301f97e76054002a6adca79ab26b9f382f0da169

SHA512
77a7abf47f44f9148e460e85e81298fafe550286c27163ec6bb99059c02f36bb36963e9000ceecfba517b7bbbc2823e0b651f2ed396d91359cc6771322780e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42f066a79b12737c5ef0336fef3b5532

SHA1
3544d5c2d04e107de03861b42db500991c429bdb

SHA256
4973f85b74c0ec790863460045f12eba7fa520fbc402c61f279d2fb56fd836d8

SHA512
6df7b84a3bab6f872f04e910fe7c21822e6ba56923e723ffe5b474bf4e90accb029582d168978edc7519f31a4b8f616a635d9a36b1a4d7158006e8c7266b40df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPQI3YTS\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3C78.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D84.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YR0CNMW5.txt

Filesize
601B

MD5
929c9b077bd29fa40e6c020991d1b41d

SHA1
cfb9fa20e4981ee414eeafc421d80230a4444c8b

SHA256
743f95135edeeacd8fa3ca78539c8dd8531abd50100b001b32f40251d413ccd9

SHA512
e72c7d9c742b8fb78eae33a24c96a5e68791ff723640524020e1888ae45525cbc56fdc442631840997378c7d16d9a8f0e0a2342e7e101bbe0765ef6d6e69881e

Download Submit