Overview

overview

10

Static

static

1

Mountain D...10.exe

windows11-21h2-x64

Analysis

  • max time kernel
    19s
  • max time network
    24s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/09/2024, 21:27

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Mountain Duck Installer-4.16.2.22310.exe

  • Size

    71.1MB

  • MD5

    84d55a450fa2926bb79e60ff58c40928

  • SHA1

    5d03e8437a01a75ba1275705e738a8d1fdc3ef41

  • SHA256

    9bac3f08cf1bb979dd74cc37c89e7a16facb87fab60d5a6bcfb2d39478342b41

  • SHA512

    741f1050f2f697beeec8bc9833ff69fa315ce0e2f4ed615259454d9a7f8c5eafa0df88551dc0df29adeb3429d600deef1a3c84861a3e15554a4719f9b2e1494d

  • SSDEEP

    1572864:cnSaNVpwDBChonYKHRngFHwW8WXZROXhqw7b9XlEbdJhLpIaxhO0jqeQbb4D7xRv:qFwDUoNaZ2hqANlEvnHO347fMGCO

Score
10/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Modifies Shared Task Scheduler registry keys 2 TTPs 4 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Blocklisted process makes network request 3 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 3 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 32 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Mountain Duck Installer-4.16.2.22310.exe
    "C:\Users\Admin\AppData\Local\Temp\Mountain Duck Installer-4.16.2.22310.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3704
    • C:\Windows\Temp\{42099E7D-86D1-43E5-8AB0-5879CBFAEC1C}\.cr\Mountain Duck Installer-4.16.2.22310.exe
      "C:\Windows\Temp\{42099E7D-86D1-43E5-8AB0-5879CBFAEC1C}\.cr\Mountain Duck Installer-4.16.2.22310.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Mountain Duck Installer-4.16.2.22310.exe" -burn.filehandle.attached=728 -burn.filehandle.self=564
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\.be\Mountain Duck Installer-4.16.2.22310.exe
        "C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\.be\Mountain Duck Installer-4.16.2.22310.exe" -q -burn.elevated BurnPipe.{BD24A2C3-1FC2-4809-BDFC-FB1ED868E764} {2EC90B59-6711-48E5-959C-B097677600BD} 3004
        3⤵
        • Adds Run key to start application
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:1952
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:4920
  • C:\Windows\system32\srtasks.exe
    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3476
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Adds Run key to start application
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1533250ED38989B8564EC70F2D252D4D
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2964
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding B576890CADCFD666E690D63D49B967D3 E Global\MSI0000
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Drops file in Drivers directory
      • Modifies Shared Task Scheduler registry keys
      • Drops desktop.ini file(s)
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\SysWOW64\regsvr32.exe" /n /s /i:"cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F" "C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\i386\cbfsShellHelper20.dll"
        3⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Modifies Shared Task Scheduler registry keys
        • Installs/modifies Browser Helper Object
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:2260
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa3a0f055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e57f1a6.rbs
    Filesize

    39KB

    MD5

    f2ae7434cd34c62e2f9896d1a42250f5

    SHA1

    e2572ff1419a67a9b6f866ac7411305a475d5e60

    SHA256

    70eebd543e907ddbd229fdc545cfc65a6fb20d5a62c413d0079ff105e49d30a6

    SHA512

    cce7a637a8e452d67f35230e8b56320072d364195e25e39255a62fbee7d5a05318bc9c1224e664c2b773f1d181563aab9f233a18961f892161d72dbe1a5c275a

    Download Submit

  • C:\Config.Msi\e57f1ab.rbs
    Filesize

    24KB

    MD5

    b6af0de1c12162f5ccf5510649bdd005

    SHA1

    9cc1748a2c603f600e605b5ca7d9d7c54122097b

    SHA256

    a0f17ce4fcf5a134fee5c0a33f6142071cf92e050a7f66a3d66734c2f8598950

    SHA512

    eed86cf88685ecb9c5b75597b9451625c132c9bdcfca89c3e5dab06e2457beac018361019f756bebd342a41da3ee6ac9b27e905f4cb4b9040dd84791af2871a3

    Download Submit

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mountain Duck\Mountain Duck.lnk
    Filesize

    1KB

    MD5

    bbc0ba1b9ec8cea29dd25f59f61adcb1

    SHA1

    1e127079d412cb5ae0cf287bc06b06c34a52c1df

    SHA256

    df5759d5a238bb0326c3d845bf3978478a19b4ba56eaf410a2bab8537839f904

    SHA512

    fe5959e414f89dc161513d3888341ee816e508cc1ae81a0aed6ede4b539302021468a507e4e15844706640646724f1d5faa5ab510abdc70f7c6dee5b607e0d09

    Download Submit

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mountain Duck\Mountain Duck.lnk~RFe57fef1.TMP
    Filesize

    1KB

    MD5

    d7d3e2e6e8c04bb90ada930efa88ad21

    SHA1

    b41bebed3387f85de1d1e983c7533992db124aa9

    SHA256

    1302dfeec87d297f5a0b50df29bcfbaa3ca0a3e437997558ae0ffe01b13f03c5

    SHA512

    55ddb83c64691cf668b395229b03f5f3a2e0c58ecbc228f1bf5db0c9986b135f81a475902c6ec5e4c9747bfd69fb5ea52010d7dea12110d691a878563a6d23c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Mountain_Duck_20240902212950_000_Setup.log
    Filesize

    2KB

    MD5

    6b01b9b380016879ffc82e79c2f404ca

    SHA1

    a06308da9eeac6d594a87513be08a21a9938a121

    SHA256

    6c14d81eaa7a9ca28d54e0df870245d539a9740e14c1c25997f04d12f9f41792

    SHA512

    f4f9d4f8ff719546d4ef081bef4d061828e7c7da3b911fa54f8e189bc0b79fc90f53182465af3e4204ea620d73545d963d4f10cf91b80e62485d0333292970eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Mountain_Duck_20240902212950_001_Mountain_Duck_Shell_Extension_Installer_1.0.35.msi.log
    Filesize

    4KB

    MD5

    733e37ed11f0211dcb1939c214c16baf

    SHA1

    479d99f016de0201b9096bbd49022306a209b7ef

    SHA256

    c2200f0e758b3837c4375d3f3492137bc89aeced0f0cfbb05023b5d0cc741f1c

    SHA512

    08c49495c269ea8a8376017f4fe27ee38f940fc624901b63791d4b2fb8a0e5cb57d82940eef53f391f727325eb824e8df862898ac78526aa71858dd8c1265aa3

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\Ext28F.tmp
    Filesize

    1.8MB

    MD5

    883782085fb08b988c7fcca98c79e6ec

    SHA1

    60d69afc2a4cae97626e9f55e8fc07176038f26f

    SHA256

    4824d6aab604f77d9c7316e90b17b9f9aa3ca1c010e33049073e776d56132f12

    SHA512

    cebc1af39fbab516d6e39ad93708e3a704445854e812f37208a0be9d719267be67f6d8b14e72d334698aa5ec8966c89e947084adf1b66ed24b6a62a964f63819

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\arm64\cbfspnpbus.inf
    Filesize

    3KB

    MD5

    bc2d54e7497adfed516338a21ef85ba2

    SHA1

    ae8d1646725972e233cd8faa759876228ef7a822

    SHA256

    65b033d1adce1b018bf1fbe79ef09bc6e4228cb27a463d34f38af65b516e864d

    SHA512

    3c9fa29a3c57f37348ba58592dc899374671b6dcbc589ed0d95c733ed1e03058ee4c3ec7d0690e1b98175565de5158c71c5ab7f64654fe490d665c730307dfe4

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\i386\SHA1\cbfs20.sys
    Filesize

    353KB

    MD5

    0e6ac83a34e3765ae6451b496563cc56

    SHA1

    0323babdcb89e5ded493105aac305dc79a469e8a

    SHA256

    fadb0842f930ed95a6be2633551b66629f5a5b3a1ffdccb2d773c2a15507d80f

    SHA512

    3853cab4dfb8ed3db3edbaf2ddf6050f9358f78775d680e4bf06aeb29d0ff32ecb287615f8c0cb2f68af6606ea52072a1208450be4301212951d02ed591ec1e0

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\i386\SHA1\cbfspnpbus.inf
    Filesize

    3KB

    MD5

    11e4acc1768e00c5eb7c2af487d046ec

    SHA1

    638fe0fee068ebf893852b5c9cf0471a55a0c2ec

    SHA256

    4860bb7ffe23fdd8ac7c0e2a40f078929bfe20ea20ede2b709741cee1e9eae12

    SHA512

    06105370412723aadcb195770671d0f6a8a36bb597768df8c798c5c206cde11bffc6137a8e50c0711dacaebf139fee6c26357024eda5c881b340c63d9a77f0e1

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\x64\SHA1\cbfs20.sys
    Filesize

    447KB

    MD5

    4280cd106a03bbf956066a03758edf70

    SHA1

    ed48bbb9287fd479413e205c085cf2e3330ec83e

    SHA256

    09f491b016bfab7241be2370d5837a6dcb9f5203cdc19155727346843c2a3e20

    SHA512

    8f8dcf01d63bf1033735eabe0ebb7c56925b16e3e1d3cc754c9f7cd36c46ef260452dd3e5b396bada10b98b7d523e54cb044b1f23de4a603adbda93e40541bf6

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfs20-15139B6C-4B6C-49C4-A3D8-12712767F13F\x64\cbfsShellHelper20.dll
    Filesize

    277KB

    MD5

    90cc91099b32c3e1e712f325d02b25a6

    SHA1

    3650ba2e8ab165693afdf06b254c5728a85d2be0

    SHA256

    ef430cd70cd564af7d88e964e73e7e16ed3969b320f63b1ffe64b2516fc39a51

    SHA512

    4f61d746daa385c53d0ca2c19a2602d16f8465eccf56fe6829dc5dcc99c5527bd73d0a03c01c0cdb6cc6e68814bb6c995531debb132103b4c6d77e5ccf119d85

    Download Submit

  • C:\Windows\Installer\CBFFFFB.tmp\cbfsconnect2017-Mountain Duck\ia64\SHA1\vpnpbus.inf
    Filesize

    3KB

    MD5

    1d992ea7dd85d14453fce31efccd880b

    SHA1

    158f0140bb1511d22845177f7995cc2a153be819

    SHA256

    586cc28d61aed1819c321014fa757623693d49b327ecbae3bd77d288850de84f

    SHA512

    435b5a496c452082ba8782c4d299e8d0d262b28c98356170f5eba5db0d6bdef79037781a9d862d0dad5620deb3310d96f9f4ce62feff705985abf1f6715e5215

    Download Submit

  • C:\Windows\Installer\Ext28E.tmp
    Filesize

    188KB

    MD5

    873fd0ba5db50aabcb44b6b6528a5c8a

    SHA1

    c696fd2bc8f81b796936cba5082a6f331352ebff

    SHA256

    c45fdc4445389289627621895c919d40f5107656b2ec8be6ea138f0193d8f158

    SHA512

    d869af4bf41c0cb89bf7bf56e98a80c28b494ee9659e90b740ecb8e87fbda2b9e7f99f4280a72a4d7f15782fbfd997ad51694345e0969e52d77a9763893840b3

    Download Submit

  • C:\Windows\Installer\ExtFFFC.tmp
    Filesize

    177KB

    MD5

    08abed40e2d8f1fc527bbbf547517422

    SHA1

    7217941e7344cb4818a579699af2df966f794182

    SHA256

    bd2bc95276795c3381ba99f946da68a0b83c1fcc2073583a50023fcef5debad5

    SHA512

    c3ac77eacdc55e85b9d21bedd3308b5ae56f6e708942f2053b381a7ce5eea6c1ba7b52d392256447c768ad8926590af8a71002e293964d4b978c108e68a7109e

    Download Submit

  • C:\Windows\Installer\MSIF666.tmp
    Filesize

    234KB

    MD5

    ee248d3dd120e7f40d32019514c5fe73

    SHA1

    b6085a4fdd9ce834a7d73b42ce8846a80d0fc21b

    SHA256

    86ada378311714ac96700fa0000bae824342ceae6382ff8bee203b8af8f89b26

    SHA512

    a888b3f9dc63e57a0bc85be60193200d04e89006abf07eac71258a3107f72b13748b6a40c0eb1048dbf7f9179845c0dd4f53fc9786b847428cfd3fb4fe9a93e6

    Download Submit

  • C:\Windows\Installer\MSIFF9F.tmp
    Filesize

    5.4MB

    MD5

    a2042c1e7e717ed460c237442c74b99b

    SHA1

    258bacd2bce955d03274499328d272399a184e43

    SHA256

    e5eb8ff9f5e6ae69f3296ac65cba0e9b37fdb78a35fdff1fe235d8dbded9e76e

    SHA512

    4a24c3cfc7c95173b919ddfb449e65a082bd73b4146d6e218a02f417c9a230ceaaf1012666472c4a973e8a63e693575a23b329edc53bfec4966a864d24d9c6b3

    Download Submit

  • C:\Windows\SysWOW64\cbfsShellHelper20.dll
    Filesize

    222KB

    MD5

    ced5e92b76d4901ba973c637d88968eb

    SHA1

    ec51a22bfa16f8b611affcbad7d4d8e9a9670679

    SHA256

    8f80a5ac0441a362717fec1a8f33346ecabdff2eb115bb9471066946f96085a0

    SHA512

    ab2fccc3e551c5217bc596f3fdd52f3289f08dd19418f56ecd13af22920fe112e971bb118af16c37cc7161defb4eebe231f0aee411fbe867742810497b92895c

    Download Submit

  • C:\Windows\System32\cbfsevtmsg.dll
    Filesize

    13KB

    MD5

    6b9821a194201368bf2e470b5b6b965f

    SHA1

    9154f1a446f4d15788e96e952de26f686c5e938c

    SHA256

    ca29ff3813a3fdbe3afe1e3afe4dd3551182e780b54ad8bb18680d83ec2444cc

    SHA512

    bedf84ba6a0476194db19cf849cf383d0d3b2c6c148b0cd6b7e5aef82d1f00d984ad7f1bf0da35d7bb9765ccee0242582d61c33ac628fd40122f978925d8a550

    Download Submit

  • C:\Windows\Temp\{42099E7D-86D1-43E5-8AB0-5879CBFAEC1C}\.cr\Mountain Duck Installer-4.16.2.22310.exe
    Filesize

    989KB

    MD5

    78298fa6a6adc1f977ecf20e3471532d

    SHA1

    98450f9323099e09e4b70a082f4f0406ea9aa82e

    SHA256

    da43cd2d778e1824b0206c628950bcafa26e2e99ec46b4f9eb55ae10e81bc4b0

    SHA512

    fbe4f045ac42d3fe514d8e0f7a45ea232068d16b81bd033722d92003d0a9da04805afc14ad198508fda0648e5677884b38e97b2c464b24ac9e9afc3ac44ab8f5

    Download Submit

  • C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\.ba\1029\logo.png
    Filesize

    6KB

    MD5

    9993dfa5ceb1cba0076e4c90edcbcbcc

    SHA1

    a41d5e9cf0a443c27bf998045e81269bd94fea41

    SHA256

    6bde0e21b3f61c57ae6c7aba847daa041e155c63e98d76e253ad21b1a6dc376f

    SHA512

    26e87bd15bec1b5f84da5e5a53160393ce08c2849fa4bd2afdab0616fb96992d56e73897e0a548cf176ffd95bbc6521837b97230f9a4a7ec6ec7ad9f1b1f3c60

    Download Submit

  • C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\.ba\1029\logoside.png
    Filesize

    150KB

    MD5

    182e4c893122ce2fb8cdfc3d3b30b288

    SHA1

    a4ced35d92e74e4af61823c23f52c65020e74ad3

    SHA256

    f7534329d166508dc5f7662f32c09ca70cb3d80fdf6c5f5822616f81c390a3a7

    SHA512

    0fe880a8f43c175a531f5abe9b694e8b792f078674661ffa12574b775cd75cd43645168c0cd50b27bb7ed0a06f615163465ad07d181678ee275ca1366e81d83e

    Download Submit

  • C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\.ba\1045\thm.xml
    Filesize

    9KB

    MD5

    8314bce64d120f62cdb003046ec650f8

    SHA1

    d92b50243e23152251a4e9c156d8ac4effaaff2d

    SHA256

    24626aae83b865fd06b479687d939263aec015d53f2b1cc0db7d3705dc58ff5d

    SHA512

    bcba80ab4bcacdf4c374fbfcc161465fa45018e883d5ed1c7bfd2d04169ab42e1638d53f096138af72aa1ebe89308cf8deb1471a2c244e9261ffd29080657642

    Download Submit

  • C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\.ba\wixstdba.dll
    Filesize

    205KB

    MD5

    30803bdcda5083de8bb9fb5cca486412

    SHA1

    65bcf49bc81595c57b769c11f7097b9bf2968fb6

    SHA256

    aa1dd28cc0450dcf38761e4e63bd029c46c66a9dc907e5a2a4d1b2e4261c2dcd

    SHA512

    6eb3895f137ce51f480a7eed90a79beb354b1cd4ec708194398ac787f99462c92f8798b7c5762dda8ea6a66dfe184031a2593a257a5b243a17f78dac4289276e

    Download Submit

  • C:\Windows\Temp\{DE60234A-B487-465A-A87B-61AE99162DCB}\Mountain_Duck_Shell_Extension_Installer_1.0.35.msi
    Filesize

    1.9MB

    MD5

    0df79281f0b2cda2653e74dc1bbb122e

    SHA1

    6e2bce363cfbf257b362edac66a54ed3931418d2

    SHA256

    ed58bde723c0f4b64686d295c13f0dbc2b813db0868b58279e22456f2db4bc51

    SHA512

    04dd4b80ad498c6f2f777e84af439833260157ee8949e098b46f17149931b73bbc63a8bcdb94764f3bdc5f570517df1e7db3aed62595417212cba13ea6251d37

    Download Submit