e0dd1d8da3af51763c580eeb11d7d9676edb0b679dea4cfa122e256368c038f8

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk.exe
Size

2.6MB
MD5

aef2e19e4c51a0167888fea7f9e06b29
SHA1

33eeda6a7afa1850ecf257b7bf2908b6ddc560bb
SHA256

e0dd1d8da3af51763c580eeb11d7d9676edb0b679dea4cfa122e256368c038f8
SHA512

b8aca3ff50ad12fd9a62914f1738a83a22d36e6060cb3bd9248e895abce8fd93ef75c3704e5b67e4225b9ecbedd6821e3ba7e776a649e2707ba6e54a8c929f5c
SSDEEP

49152:6b2PWsZakRRcvUuZPfrAuux+0iwIks5sckCjD0xvrw+0eeLzA:+2+EcJhAp+H5sdCn0ZCfLU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3984	msedge.exe
3984	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 3984	2592	2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk.exe	85
PID 2592 wrote to memory of 3984	2592	2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk.exe	85
PID 3984 wrote to memory of 2416	3984	msedge.exe	86
PID 3984 wrote to memory of 2416	3984	msedge.exe	86
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 4028	3984	msedge.exe	87
PID 3984 wrote to memory of 3108	3984	msedge.exe	88
PID 3984 wrote to memory of 3108	3984	msedge.exe	88
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89
PID 3984 wrote to memory of 5036	3984	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ni.com/rteFinder?dest=lvrte&version=21.0&platform=Win7_64&lang=en
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc8746f8,0x7ff9cc874708,0x7ff9cc874718
    3⤵
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:1472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
    3⤵
    PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1178042649405935158,2951361389917594237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
4d3141de424fb4be56256cd05cd4dff9

SHA1
942907c58854a2895836091a0195f4b9f51c2162

SHA256
3dd42bc7c4d9f290c803055361182f61c91a5fc349161156f2bc5c611c864e7a

SHA512
880ef8fe04bb253fc9a50b15d90f23d5bff2b0839360bb426be758dfe6db62fb9a7f1a8fca12334c05beea56c4a5e5ca4c93aa626d2bd9cd0d960462088da004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d93a50ebec7c8de3e281f7f965419b7

SHA1
b3eb4f4a1561ef82d112bb8b2eec9aa656609155

SHA256
a6086356a2fff6b8152e5a1b92cbe17d2c74f344603962ff62b8b911156ad87b

SHA512
a7838576cd2b1556dabd7587ff8e4c4e60512e20f2982c16b721f9b1f9e7933b85c3810b41c15bb76d1e8115e160515b3d58bc2bb0c9df79e3d7e6a5731b86e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb899f1fd7a921f49482811ba071a251

SHA1
d1e0d4e6bd0795d9588cd1b01627001f975f3f9f

SHA256
fa14effcc642935d2f0d7375a38046fd640d0006f329a1aa6be6394399c22b45

SHA512
168324b79c27d36c52803a3191ee109683c1bc2dd33ad9934dd8a7ed3210c9f251a8a4b85a2ba26d05459daa65f663d982907f5e88d9a6e6872fd2fbfc97a728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad0ab944ba4ded4c08d2ca5c868acc12

SHA1
3a917669f436f8800d9299427e2c647d09e1c0a4

SHA256
fce7816547de704b24ee38994d0146b0c2d8e6b53fa8861cb155db4ab46e6af4

SHA512
d817807058634893e409bf458aba2a5b4069ba6e2b6ddc2c7ef086d25921e29318635c38503024f54520f545b03b90476836bba78792eb67ed9c06b66b0407ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76297f06d23626461c0fb90b75b99c3e

SHA1
4f09fcb0f0eb84666b8c83e758c127a5c44b73fe

SHA256
3666d0e4b5f90b26fd18b221d952bcd2ae3803fc002dc2073842ea6837b2e975

SHA512
7afd87c5c1f1f7b0ce51378621bfd154d1c761710f26828bb115b2fa820c54aca900fd3ba5531d908bcf6e903d266bb9b01af8e7a3110680a6054fb65aa9b81c

Download Submit