4cea74d80b0fed024d554aec6391dd7a4cc41abc44584b7b4617785d4842a1b0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yashma-Ransomware-main/Yashma Ransomware/CustomWindowsForm/ButtonZ.vbs
Size

4KB
MD5

102328cc52d3da25173b96e98f2b514d
SHA1

26edec967de2d62d30e426fd6fe71024019ed439
SHA256

d90d5a11a6642c4c8ecde624ae247f5d2aa4d77dd08256b4a58c42e7ae694c03
SHA512

1fc959c0f2780664f0f02a18e25edba053a3302f21622989a01474e6faa83ac7cc45d70ee31c80192ee38683af0b04e38863936714bcb4fe9bac03c3bfb3a9ca
SSDEEP

96:Joz003RPJfvVJn+khJFpHJvFQrnJ12Y8JcW4/MHUVHMHP9Frz6h:4Z3RPJfvVJnfJFlJvSnJ1v8JcWSVHEf4

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3460	firefox.exe
Token: SeDebugPrivilege	3460	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3460	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 2600 wrote to memory of 3460	2600	firefox.exe	110
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 2768	3460	firefox.exe	111
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112
PID 3460 wrote to memory of 3624	3460	firefox.exe	112

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Yashma-Ransomware-main\Yashma Ransomware\CustomWindowsForm\ButtonZ.vbs"
1⤵
PID:1192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5595cf4a-3524-42b3-ad77-4746843a00a9} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" gpu
    3⤵
    PID:2768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0b98392-d01b-4508-ada6-2bc94f65b917} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" socket
    3⤵
    - Checks processor information in registry
    PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 2828 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {820d799a-78bf-4210-a658-d54b84f01c16} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 2 -isForBrowser -prefsHandle 2768 -prefMapHandle 3704 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea927702-7198-4d64-be48-3810faa78746} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5068 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5036 -prefMapHandle 5032 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a76511cf-c831-43d5-8edb-1fdca1f322b3} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" utility
    3⤵
    - Checks processor information in registry
    PID:5176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5200 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd91e618-f060-4d04-950e-10171e1b4d6e} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 4 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50eaca2c-380b-46d0-9ad7-923655e56d19} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5672 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cb56e38-9d8d-4752-9dd4-35a4c815c57b} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6208 -prefMapHandle 6204 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53c373b0-b122-4e6a-8015-d6d9b0bce345} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" tab
    3⤵
    PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
8deb26ee9a496dade4ae20fd4dc02bb3

SHA1
9635a4e0030ab9fe8e9fc02db04c68f8854484a0

SHA256
bbf8e90d2b82898257d88bc8926cb8c2a7aa23a0880afe7d1009171ec694624a

SHA512
a805ae78d2e6207e542e0bb8d6ac5250ce1ab88e80bb936029a72d9a832b74ec578405d9cd1b7a66e0c38b5114679ac1b0951caed5ffa5e334136126e8f28bd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
7KB

MD5
465a7114e3a17267d659845b2803a379

SHA1
3f6dd71607746dcd758c15c16717cd20c6afea0f

SHA256
f90c5780c445a7b0e83fd7575071be4744bf17edb200bfcdc861cf19b31623ed

SHA512
be91c632a5881c33737c29e1a615d8fa512987a8fa27f498d7a268632ed11cb6332284e000de62d362d33e68bb7aec08f5cd7986958cc00fed988c87fa3688fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d1c64a2802b066dcd8bd638bb0f9e845

SHA1
53c2fd488a881b784be84fd00c47f0474c3301e6

SHA256
5e7078080cb8dcf932a93b30dd71ec137408b76a40b9c8f36f22c858780ba6b8

SHA512
5271911f063529cbd7a9d9660a1b78d2e4b908fd9d758b992a93c55a62912d4569d5d106b5e75a0633f8abceb52a21719e1f780e6a5ddb5316a68c1e6a0fa090

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8a6a8e7ff81fff311b3128b7d20539cc

SHA1
69676d431d61c6ee744d64ca02d9878c6001aa91

SHA256
2b9f05800fc2034fca0474759e1699bdde8f4c127bbc59fe4a0cfed8b86bbb30

SHA512
98cd284ecde3df9017fa936481c240ce1ef9b8910e1e69e8291c22468b5f3f703151f0f968dc287792e6c00301ac60dd02701c4fdd39befc9054a405bb2b8400

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\01dee506-66fb-4e57-a4fb-46ea05a2cb5a

Filesize
671B

MD5
8f10d12780c676eb5896262119c343e7

SHA1
a94612c75575fca6cbd975c5d8e7bdbeb4e6fda6

SHA256
29af281700289359aeea9829ae7fc25c53ddf423ec497926a594d1aadf4dd339

SHA512
51d9ba1bf3c7ad04b7f3b7caf8ca518db4fa08b7dca556d534fde803321d7f91d153e77dfdf0c0edf17538ec17e4555dc5b712e1bffd0c6f419230046a638c64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\162c04a8-87c2-4483-a3e7-4a99a568b4a4

Filesize
982B

MD5
a5657d5c28e4120429ff7be8a3c11a8d

SHA1
f64725521c5314c18a69ef7418133a9e15704bf2

SHA256
3fc7752c7266d76c3539561ceb2aa8ad4d4dd500549e4e1a7468f2a6f0ddd18d

SHA512
ec4cd8e05d25144d7c16dbfc8e276f0a9dc1ccc66740dc40fc2b8d2b30eec6d13994d97f877ee8f6bf9f1338580f7ff70a0c3ee244d2b4f33c1e114dec00e04d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\36a7ce5e-b471-43b3-80bf-4a406d286ead

Filesize
24KB

MD5
981c0c64036e3010348e880684ab6c37

SHA1
f4a59ce40d1d68dc8ed82a85c806e2ba7e97b438

SHA256
59d5a99c42add1c95b1762872feca07dbc012289b3f592f50ec5fc93db0a02b3

SHA512
383df2f09da102ddc7f4ad9e979e942444acc0ae27df1fbdde8650991b0dfcc8152a8b8927e5fff953187828c5cf971689afc030a8b328d6af96e62e9bddfc09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\72ab3ed3-b991-4eab-9d7b-601c52945c27

Filesize
4KB

MD5
d25111619386327382c3c7ffd987456d

SHA1
041bc5d028d353a9a19d0f370f6097a146ec4605

SHA256
487973e5ff6c5e66093be444195c63d4f33f1f86379914262e2654c3797cc662

SHA512
f6b670cd21182b9e0684da175c0af401997fd9609f314ad95e721351140d6dfbc4a9b9f07d3cc559a2c705f1205b46588df0df2066c6a268a89542e4c88d98d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
8cebeb82004e2b0ef9567776d2dfb0a6

SHA1
1d812cebfa45aa5e2d8127048c25e806c863fef9

SHA256
1c66bb64cc70d9f4c817e3eadd0076c4ed9ad1761a7da01425bdd42e5e01e867

SHA512
07d6d41b9e59539720e79ac8bf31cc54bba04db6117a42a8c1ee3eb7719090aa6af018cbc6f76bdc21ecab1bde782425e36e17c7c1691046d1dd1c69ce29d240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
5a59c881865abef220e8234342228b29

SHA1
2f8abfab773ebc6b4f3e82f756580d1cca17557f

SHA256
e024d27b11a696ce82872da38dd6ade07be7ef4184f95e2aaedda9769ea75636

SHA512
c5c8ea5d55152cf1ee15045d71232bdac638d8527d403e407fd7e59fb9fe4446c760e590c0cce76f77ffcaa538d15fd89b3954d148511d6a101689debbd772b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
d545a217818e78603d10a0a422649021

SHA1
834cafc804e3666168d2adf199c4824c0b87c505

SHA256
71d02d9b2a26a09d40588c12cfc914105651b5c4adad6db57c83632a2b147763

SHA512
fb86aa19992cb60213c16194a835f0e579eab72de658a75023e12774f4ea410fea655c629655679533c8f361b89a82dbfac73f0b0490b0c2eb229519ac20a56c

Download Submit