43f40c70bee3af8015d2c61cbb7b24342915db3c6b89a80624e2f296e54d06fe

Analysis

max time kernel
144s
max time network
176s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/07/2023, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GD/Resources/DungeonSheet.xml
Size

2KB
MD5

6da5108211a576bbbc0ca0b926b94706
SHA1

e989deba30cbe58700b5744de53a641cf15ce695
SHA256

c0806b2c8446156cfd84cf8951dee85d3feb36e0d873c882edd2310a0746a888
SHA512

eef1a546a616b61d7c9d444af06bc8f8547c9914ad6901ea8444f15541f3971aab6cb720956f06df2bd8370f053666fcc4eeecd467a699d7867dabe38a379634

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0129257dfbcd901	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396824483"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{82849BE1-28D2-11EE-B6C5-CEADDBC12225} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000fffb4638a80741f8d1218a390927b2ca1a93949318b27d3d4d42c37880a1e05a000000000e80000000020000200000004a625bc465880ee42af26cfc2a605bc896173562827c48803cc257396e85bc7920000000e0888593147b6ea9b54af4e69d753b4a1e53d10ec5db7f920fa8836c6349658e40000000bb26f1bfda1b1a5705708b6f558b2d7b8eef78117c058be741961d026d5bcdbebd21ffd1bb19d6010824c88b130fdda3507bfc9edd57b1b8e238968d05c6ee24	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd82794000000000200000000001066000000010000200000005d703c2589a8101f78012e953e02f8d9329996f9e79bb283d149b5ded886d336000000000e800000000200002000000079ca26c55baa24ed6cd851d582ae79418e4d5ff0e60ce5fbb8405e79c0f8eb9590000000916a6a422b662a4061bc743a5620a6f58cb093bcb0614796cf7ffe0c9b7714964c7e047b21f29e954aa396bfccb268a329c70938afff8e895265567ecf8df268be30a8f2f599b0493b2de38d5f3a281627bc2eabe48482547eb32daa8cfa692d38c1fd38b2e44a6e36ee28d9fbb99701419b880b16ddc84fceaa8dc56c00be9bd5d5ca46f07e85c688d0b2a86294a0a840000000f42a391a51183c18c953042db1e66f2e8fe75597e02ec91035e754674923b3ec5986fa14600f7e1ab3781cf5963b9a511adaa9481f06c010e104a0524efa635c	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2964	2996	MSOXMLED.EXE	30
PID 2996 wrote to memory of 2964	2996	MSOXMLED.EXE	30
PID 2996 wrote to memory of 2964	2996	MSOXMLED.EXE	30
PID 2996 wrote to memory of 2964	2996	MSOXMLED.EXE	30
PID 2964 wrote to memory of 2840	2964	iexplore.exe	31
PID 2964 wrote to memory of 2840	2964	iexplore.exe	31
PID 2964 wrote to memory of 2840	2964	iexplore.exe	31
PID 2964 wrote to memory of 2840	2964	iexplore.exe	31
PID 2840 wrote to memory of 2740	2840	IEXPLORE.EXE	32
PID 2840 wrote to memory of 2740	2840	IEXPLORE.EXE	32
PID 2840 wrote to memory of 2740	2840	IEXPLORE.EXE	32
PID 2840 wrote to memory of 2740	2840	IEXPLORE.EXE	32

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\GD\Resources\DungeonSheet.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c626826f8c5a70b4cd57f4ed85eb7b7

SHA1
408e71d3810a51468461918bb54581d3ee1190ba

SHA256
10cfec19df5c82422d1d8aac239c1e6ea1f06140e6f54b0c1eccc64b72d142e4

SHA512
5ac9d991a0f61e679539f5809ec185a3151f9bc4908adf3e01a089f23fad2cc7a31a565e33cf2b36147fa322bf2b17e450439f8ef620c2557180c0b54e09f06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91f51347c81a908bb6b5412b52893b24

SHA1
f99cbf6579b04526f777168f20b2b948749700ba

SHA256
ffabd0c836dcece536efbfb1a6e094a7cb5275f3502d641f77e28309178eaeea

SHA512
0e8ffe5326db0a4e05731f24e0431e613d1c96bbc2065d41ded3430df7b73c7782c19ae34ac21a39b7ea5cd689c816bf41430b8b43c19fca1988f25923e83a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c23a632e86dbb3544ecd79b89c767af6

SHA1
91f7c13ac5d1b6020c748d26cb35729263fe973b

SHA256
7c7c8f47de6a5a5d82f011c2c7b7d65a6be77ee2367d03e36531a7b4527d6344

SHA512
303042f6fb5d2fd91126f9397e86069314d01022efff10448cf385c888ae35913e60cf325a4e352f63097ebe2339532a0cfe61f4f57defa0fb83b6ce1de1af39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2423db0e445ba7725054fe4cbe9cfba

SHA1
1315fe66fcb83999cb90127c4c11fd6bea4a9e08

SHA256
58e1d5e16d35c1d8204b8802cffc8d31015db0ddae5c3671773a76aada8d63f5

SHA512
e864df5e93c368d50928c0cafa90f57a433d89fdfad04cb521013b7ca94a15b326e1dbdd141eddc93f7a69ac47d734431b2015a309200862dd1cec4ca741c7f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2818ea4d9c90b1d1f94346665427ce5e

SHA1
df5b17c6933f1eb71a56c99f6033cac6a0951ad3

SHA256
f5c96631fe1c95a38e77243490eb00dc1d5d49f021dbb52356d1783111f1662f

SHA512
706f1930dbee957f7696499e9601f0be9e68e429b1916b7939239438a525f68dc23005710b168959957f8c43927f672fa2307a61f9b28e8f28783f4cbae9e188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db2b50f8d17e2262f19df7fc6893d640

SHA1
65a1583dfa3a849ea839182eeced9035f32ccacd

SHA256
2ff90550620ad425d1171b19496d263d2fcd70a557c4900a7dcb01c5df9854f4

SHA512
e1d25917c8184d2bbc53c548dfdc34a3760f8db9c7fe9f7c17579c4ca167d8f14fbf41211ebf6ea84fcb2c4593b78ba05d1a243b8a95c538cce6aed2151baec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08a1e988b42e2a244d40da42644d52d0

SHA1
5641a2ec80b51439d700f7f1f205e4ac98018649

SHA256
08f86107f810e369c969a1b3dc340cadc2669e2dc6b1536f5e30e2c80df32ed5

SHA512
bc8d1831028067ea6ff69ed069505ea991fc85d1c43ce63a86cd3f2f4e84f866763d7e9a19f851b8a499b383a4584cb595572f68cc800d9da4129ce862a52917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cab1fc58ab7b6b52e303355efcb8b1da

SHA1
5d96046e7dedb3800d94cf18c77aea7073062ada

SHA256
c8559590dd83fca11ed1f8e40a4a75637d3a66f678da0274c265e6736ccb93de

SHA512
b45f6f64010757033d27061ad116a757035f2a05cd41d8f75fc916d7834e0644fd3435625c4e0cc770222be71aeafb3d32a8d4b12fcc7c1958021c3bb190d068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25a69123896a3f1cb6d9ccbe562b7f7d

SHA1
b847d453d193b8e2230c033e01c64572faf972af

SHA256
3057cb317219f8b7fb2f285152f71d07d7d269535d7b06ad230d1093a82a7123

SHA512
185ab08f3d51c55c2ceccf4c33e5784a7605020eba50076b3ef7961ca9df3ae858efee6a4eda1281de2f1cca28ad82bfb2088c63d9392c4726ed7b29b90a3873

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d85648bf15a651be8a72ed2a47c8257

SHA1
cb436c8f8bdb33823b75b0a9b027fc430d72bb1f

SHA256
c451b1d0adbdb0e05a2da20987528118f092cea1af6ee6d69a7a7835e729b744

SHA512
b95ebac638465904ccb2e046c7438d1f3e62f06dc33772b2cb2d9328c064fc9972dad1a74497edde86f0aa1b4bc01b35a5790cdf3254fcecfac0045178594c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5e4d459c8d95ab81cb5bec0022edd0f

SHA1
5ce4e778764ec3df1724ac840aef1f2a9bcc2113

SHA256
95e092022f1074c9195ddcd9c6332228593fb2214b6a6744e5b525f2b0844120

SHA512
996763bd7746d6abef0f271eb441b99740dacae3e4fef0bfdc8cf19953f24dfa0786b611917e1c051ea059ed1cc4fc6f5fa8594ef27dbb197a8c3eae51bcc226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10b5a0d73980c2bb6451e4f4270142cd

SHA1
91d6a0fa30d0eed2b58bab20b6c14e0a577a9d2d

SHA256
719e29c83ec62c6a3493f0779b3867c0db79ec6386defb0a547cd209e4713657

SHA512
90d39b693c031b5a3022d405e81813b5aabb1aecc00e667a363a7fd921a32591b5d0713fc0f4a78174042c77d5fecf460689d674ec03ed4311d6ead470a878e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2056277523525b269cf1c260774c9610

SHA1
b9a839b82d7b7da1f3564546f95a74a443f9159c

SHA256
6fe532d7363ac16756e8ab3c0abf6a88446203cedfa37df8e6ee969d18ef4a94

SHA512
07c9ec71528d6e6c1630d79e9b424907af52fbc40be105041d886a06c7bac14f2ae2bca105784a562ca752b3ee71277b0b8f6ffafcf1a738d79290f7b13d9806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12APMO2Y\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3324.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3394.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZH1UFTPQ.txt

Filesize
601B

MD5
5439f42e5ed54079d30a7b3b5c3fbb77

SHA1
b78ee548575d3d2ad5bdc73206a52bda7f572eb1

SHA256
48b6c002501d24f37a5659316d12f920a519d02ae99fe786ff612e6558c3f95a

SHA512
74943f190349c4c58f360293a7613c2bc01c99a2bedd20b71b9810a51795697bc1d0cda1ba199eb58a48c526da6a79ec6954e6c9aaf46b312b4b2992f27a8b6e

Download Submit