3ca1157009c67f25f4fc8f01c995080146df3693a66fca4c218593249dd9d800

Resubmissions

22-01-2025 16:46

250122-t94gyswqcl 10

22-01-2025 16:21

250122-ttnrkawjfm 10

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New v[2.4.0].exe
Size

1.1MB
MD5

9a8c9182a0859c832937ead264bbdccc
SHA1

1befbfb0934c63bbae334474bf07ed659729205b
SHA256

3ca1157009c67f25f4fc8f01c995080146df3693a66fca4c218593249dd9d800
SHA512

528598b359040f0d265854071f64d5574b1d231cf1d542baabf3391aaca2df49b99dfe262f0800d7878da922c99d0c26a81d1f9f01ac6b317ccae554df03905c
SSDEEP

24576:MlNRzJv8ylX2/5VBCPdFFXru+5t4qpM/vc3b7Tb7j:OHJv8ylOC3Y+z4qSc/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1336	Unavailable.com

Loads dropped DLL 1 IoCs

pid	Process
3028	cmd.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2908	tasklist.exe
2940	tasklist.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\UnfortunatelyStevens	New v[2.4.0].exe
File opened for modification	C:\Windows\MurphyTf	New v[2.4.0].exe
File opened for modification	C:\Windows\MillionsPowerpoint	New v[2.4.0].exe
File opened for modification	C:\Windows\FtpBible	New v[2.4.0].exe
File opened for modification	C:\Windows\PtEyed	New v[2.4.0].exe
File opened for modification	C:\Windows\TowardsRail	New v[2.4.0].exe
File opened for modification	C:\Windows\OughtEncyclopedia	New v[2.4.0].exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unavailable.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New v[2.4.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1336	Unavailable.com
1336	Unavailable.com
1336	Unavailable.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2908	tasklist.exe
Token: SeDebugPrivilege	2940	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1336	Unavailable.com
1336	Unavailable.com
1336	Unavailable.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1336	Unavailable.com
1336	Unavailable.com
1336	Unavailable.com

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 3028	2268	New v[2.4.0].exe	30
PID 2268 wrote to memory of 3028	2268	New v[2.4.0].exe	30
PID 2268 wrote to memory of 3028	2268	New v[2.4.0].exe	30
PID 2268 wrote to memory of 3028	2268	New v[2.4.0].exe	30
PID 3028 wrote to memory of 2908	3028	cmd.exe	32
PID 3028 wrote to memory of 2908	3028	cmd.exe	32
PID 3028 wrote to memory of 2908	3028	cmd.exe	32
PID 3028 wrote to memory of 2908	3028	cmd.exe	32
PID 3028 wrote to memory of 2868	3028	cmd.exe	33
PID 3028 wrote to memory of 2868	3028	cmd.exe	33
PID 3028 wrote to memory of 2868	3028	cmd.exe	33
PID 3028 wrote to memory of 2868	3028	cmd.exe	33
PID 3028 wrote to memory of 2940	3028	cmd.exe	35
PID 3028 wrote to memory of 2940	3028	cmd.exe	35
PID 3028 wrote to memory of 2940	3028	cmd.exe	35
PID 3028 wrote to memory of 2940	3028	cmd.exe	35
PID 3028 wrote to memory of 2792	3028	cmd.exe	36
PID 3028 wrote to memory of 2792	3028	cmd.exe	36
PID 3028 wrote to memory of 2792	3028	cmd.exe	36
PID 3028 wrote to memory of 2792	3028	cmd.exe	36
PID 3028 wrote to memory of 2768	3028	cmd.exe	37
PID 3028 wrote to memory of 2768	3028	cmd.exe	37
PID 3028 wrote to memory of 2768	3028	cmd.exe	37
PID 3028 wrote to memory of 2768	3028	cmd.exe	37
PID 3028 wrote to memory of 2064	3028	cmd.exe	38
PID 3028 wrote to memory of 2064	3028	cmd.exe	38
PID 3028 wrote to memory of 2064	3028	cmd.exe	38
PID 3028 wrote to memory of 2064	3028	cmd.exe	38
PID 3028 wrote to memory of 892	3028	cmd.exe	39
PID 3028 wrote to memory of 892	3028	cmd.exe	39
PID 3028 wrote to memory of 892	3028	cmd.exe	39
PID 3028 wrote to memory of 892	3028	cmd.exe	39
PID 3028 wrote to memory of 2280	3028	cmd.exe	40
PID 3028 wrote to memory of 2280	3028	cmd.exe	40
PID 3028 wrote to memory of 2280	3028	cmd.exe	40
PID 3028 wrote to memory of 2280	3028	cmd.exe	40
PID 3028 wrote to memory of 1652	3028	cmd.exe	41
PID 3028 wrote to memory of 1652	3028	cmd.exe	41
PID 3028 wrote to memory of 1652	3028	cmd.exe	41
PID 3028 wrote to memory of 1652	3028	cmd.exe	41
PID 3028 wrote to memory of 1336	3028	cmd.exe	42
PID 3028 wrote to memory of 1336	3028	cmd.exe	42
PID 3028 wrote to memory of 1336	3028	cmd.exe	42
PID 3028 wrote to memory of 1336	3028	cmd.exe	42
PID 3028 wrote to memory of 2180	3028	cmd.exe	43
PID 3028 wrote to memory of 2180	3028	cmd.exe	43
PID 3028 wrote to memory of 2180	3028	cmd.exe	43
PID 3028 wrote to memory of 2180	3028	cmd.exe	43

C:\Users\Admin\AppData\Local\Temp\New v[2.4.0].exe
"C:\Users\Admin\AppData\Local\Temp\New v[2.4.0].exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy Lounge Lounge.cmd & Lounge.cmd
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2908
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2868
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2940
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2792
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 83613
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2768
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Jobs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2064
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "Fighting" Versions
    3⤵
    - System Location Discovery: System Language Discovery
    PID:892
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 83613\Unavailable.com + Minnesota + Wayne + Postcard + Physician + Printed + Absorption + Carefully + Tribute + Degrees + Bonus 83613\Unavailable.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2280
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Mozilla + ..\Must + ..\Chester + ..\Stroke + ..\Pty + ..\Bibliographic + ..\Consumption U
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\83613\Unavailable.com
    Unavailable.com U
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1336
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\83613\U

Filesize
495KB

MD5
f75828fbea8d7f9ee96ff9bb6f44b11a

SHA1
4f628546321c74f0e8b902d7a856dcf44d7a8bd8

SHA256
664f3b97bbae2c0bb8ad3b279e6ba100606df4001d26b0f7cfbc66987fa2573c

SHA512
19861457945f33f0d30ef7a52607fe72edf89e39e3fd14b43d53651c1aef370f60c9520c06c2c2ae59dc20c05188f74aa3ca70ea2617522b8df6c46a8411033d

Download Submit
C:\Users\Admin\AppData\Local\Temp\83613\Unavailable.com

Filesize
1KB

MD5
8f38662b9243143892941aa8c8fe240d

SHA1
1cbf119800c9bf620d650cc3a9be1b58a062dcdd

SHA256
aa1a9e6eaf9286e683f2a47679cc7decddff6855d9c0642ef9bc6f00e00122f9

SHA512
c30e7ce39dc80622d607220f225c39d21777241d249839c5f19e56f36f100392a5800bd6f4da1d31dd70faf3b882f765715d479d16986bee3604cb99f6596f02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Absorption

Filesize
105KB

MD5
a4ff480dc521cbe2c5303d2a75b0c4f8

SHA1
8e3b37993a29f7f2495f1e33fae2946181fca60b

SHA256
d27172de727eae0550882c9d09c123679b16c0b579497e71213c473daed602cd

SHA512
907a2018c19bbf93d40f825d915b2ec3b4f7f6cc402a63af741d3a871d243e4ff097727d1f3c6d10e0a1a0e69b7be8334622a00196a822a178ff899eae861eee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bibliographic

Filesize
55KB

MD5
280bdc4be58eaa596e1ec62ae235f22f

SHA1
fec17450e06dd925d8518a99badd71f37a52bc05

SHA256
7de19915e5cc8829aceb364472aede850331594ed63424eb0afeafa2222e6cb3

SHA512
f7dd0a9ff2d10a2775fdaf1a69a09a1a206720ba70dda14756da8ba74b5b6b1a154a2448a2e7c93c8824e0afd32a37e79241c754795fd989c10366bdf831814d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bonus

Filesize
17KB

MD5
8347978dbfde43a95954878c8156d261

SHA1
4b7155589fce91fdeca5af5276aedaad873c8465

SHA256
02e7fc76c0cbbb131335a1ae5279e7d39dfdf49cfe24a0ec5dd3711954e1a8b9

SHA512
9d1fdb47e5fb56a294235c22587965d5e510069a4ae1fbccb0007bb97e891b6357b3942b591cfbd8f392481f96ce62a69c7180a2069ff39ed0b9924193590e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Carefully

Filesize
145KB

MD5
f11ac72a65beff74ce058b08760c5918

SHA1
738f5c21aefbaf41ac82878e8aa080f1293c863f

SHA256
90f2a9cdc6ea437315fbf4a25625353e1d05261d3244be0a7b3ce61537d3e35a

SHA512
94bf6336710fe4aac45054e0d59c3b334d3d0eeb1c078c9e81f571cdd72f3210e6482f70a854864367b62bbb4a50293f270f88fd04b2b21bd4c7a0e4c66fb332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Chester

Filesize
79KB

MD5
904b699f5ca62fdacf3846c6b284f72f

SHA1
c0feaa1fc7d25719d1fb0c90c54e342ab2e89630

SHA256
b72d39f30afd14049bd6e24f9aa9dad1853cfa8b33cf6f45aad8a1572a7e13d7

SHA512
fd064cf924ba69d86f2f5b6471115f6d4621fc5ea8db710848fb419c1ef9caf6c259643ed9e098a3fbf548d280758be3a538fe8f0a06f11bd81febbc3db72f00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Consumption

Filesize
29KB

MD5
1552834983944f62a4093e29efff780e

SHA1
66f57f48d033b9882ccf9cb9d3f27259f679df50

SHA256
fda6bf070a97ace4804364f687dd5b7ab956d7224cefa15ac4d0bff322cac8c1

SHA512
e44c7e9f7a074638d86e1776554ac674ee56276f21216332edfa10c759d83ab1d5ed7c3a8f64a1f8c436df5bee4f05a700bb8c8af17684263391448f87df4cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Degrees

Filesize
67KB

MD5
d9f233e220d96e0f59801baef6b60b0a

SHA1
908c77dc92680cbb25e37bff0410cf83bb212297

SHA256
cb3609f8b2f03d46f93a31dd0934f7248f7de5c2143a3a4442dda08c4bc22dae

SHA512
7c66e302f9a66c14bf8a7f3f0c7e73a19c7dac41152971930cf8e4b1b0d70cd1d696ae74c40b06ed6b72a21f9cea04a9a4559d8182b1d752e4cef56a6db02361

Download Submit
C:\Users\Admin\AppData\Local\Temp\Jobs

Filesize
477KB

MD5
db99d509eea8e74016a859e962284bd4

SHA1
9ac1705e3390a39f2b3fed4bbfdf5d039d379bce

SHA256
4fab93edc91df9eceb230f5fbe9d8814906fa4df13fb12b07d9aa58525c0623d

SHA512
262e5ce2aec3d07a33e41e4136f7f13802b5f6e348c73ca4b7f4e82a6ba603711939f6123021c1e19f638bf64b98ce9ad35c3b10ea5752c3d5789edc75a4384e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Lounge

Filesize
20KB

MD5
a1fb8fa6d04e195c4ea27bf10438ed12

SHA1
319ab320811479cd466bd9396a0ec66c3ec29024

SHA256
1985c2710bd03de194ec61946407309fb6bc30e3f5b96b2af2f6887318508eb9

SHA512
aa69921acb0626427b6bf1889ecbd0fd5c3acdfc4def50b4cd39c3e994f7d3c2dff73fc2c3282967ecd0c92c6589da9a2c0e33f33ba8fdfa42cdaac066eedc23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minnesota

Filesize
80KB

MD5
1a7c08fe259b01f6b5157eff4a799c57

SHA1
a3fddbedd188db445fdb949991ec68e764d50ea3

SHA256
1a632c6db3b1b5c55d70117068aa553a55551b8b977f0a8fa3af780ab344ff11

SHA512
cd2d0155db904d94c84e8a6fd315974dfe32f7dfa9fe7f9e9eb8ac2336e3cd67e1f05d17ed62a775fbdb86eab239e400c2d7c4a6dc939ed0a9992b4b3f15865f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mozilla

Filesize
86KB

MD5
a9ab6e9df2586c721e64b9c991718d4d

SHA1
2d4908bcbb2109ef3da56a038bd0e92785363287

SHA256
9c5ca9aab888e8507dac381b7243b8f970e5654e844c3f50012ed4bc4ce5cba8

SHA512
dfd807f68c96a486741afea740cd87920bd53c5308e0fc88fb08ccec9fc84dad4bc87c2d3a998de87eaa4a7cd7dc4831f0eaa3decbd2ed32f16335a1e801ff47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Must

Filesize
87KB

MD5
4c3dc83f44c327803e4a2b9b40756df6

SHA1
8da0a3e0abf742e7aa38d9f6e159ef0c6ac3f6ba

SHA256
0624460f0ee79ef5266c2011fff27cc0b701a57eef5c67f4d66afa50b48e6390

SHA512
12695201ef80bda44d2ec4a2bb57d63bd764455dd48a472c8aadcb47bd117118a0eb899e14c8ea5e39314745cdbb9ccd4299547ab543716c953097e3e9c100ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Physician

Filesize
116KB

MD5
11802058b36e883192010392113a7be0

SHA1
99ddd20efc61a04a47456bd02ba25e64a91f7326

SHA256
c4c65f1c1a2a2853203b8ce41b82d8872b05b5f0d7e45fdeaeee17d22ffeceb5

SHA512
5cb6fe3ef779a8a333d0c5c5a5a3fdbde0475812613f8e18d700c9eedc12e2063cdf769c434c81026854177c720921661305cf1ae713d1ec5b9e1081f1ca57c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Postcard

Filesize
77KB

MD5
61d04b2f6df79b47d60a0356c2bee770

SHA1
500ea5ed75e0387cfd427e0e9cc3798bb027315a

SHA256
7443e5fd09c2c710bc4cdc07186133d9ae4b4f6425bad3028c878251feea2fdc

SHA512
77b0398aa5962932c7fb8e325f6eb0e3796d6adc12a85e15938b9a65b37e8a98a839ed5971e0aadfcc48f139192750e1639b898cb641cc82a500a93386779716

Download Submit
C:\Users\Admin\AppData\Local\Temp\Printed

Filesize
104KB

MD5
e4a398fbbb5f4c6416522392f2e81721

SHA1
ae26032aaace2fb65793aaa7effbb2b4d14bef13

SHA256
47eef8c60010563d740aa63397fb8124c4fa9d0ca66f4c331643b53cdb54f9eb

SHA512
04075e3e2f1528d8127fd29d8ec5af7ce477fa3551948319b16bb36b05074930fe63d56cee172ca87ef93e147a3cedc8cff4f4bd8a72888dcb2f7cec8131a7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pty

Filesize
96KB

MD5
0aeaf7a47e2f901985fd29749c000421

SHA1
4c0a3222915a9c3d6b8893b1da62e39aaa603be7

SHA256
f3f8b0a519e6bb8d5954bb59c26d8057e6ee6f0cccf9f875a6e88b377f69e1b1

SHA512
6cce566f5ddeaf02370f182dda3540b73266db2b410e01c0c12490891edc8deafdeee0244e19ebc913bef941ba2086708e97d64c4af2ebe5e3696ffe633d31ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stroke

Filesize
63KB

MD5
6c41ea70b1466889bba04febbc0b27f2

SHA1
9cf9a749bd136e8d31f625bd7bc610d42950a63a

SHA256
34408dd775b23e619e05ac53f375ff709fcba73faf7e56e05b623f3b6c1e9082

SHA512
99192cfd9dcbe3a91a7fd52dda3e20537758b1ad2884d12bf461c5290cece21168adf4a16a85974efab8d604291aa097d11868a99e1e15ea990e010feaeb63a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tribute

Filesize
94KB

MD5
ce0606a8f25e49d256b0cdf63929137f

SHA1
c9ef166d0858192d96a144da9fdc131abd6069d9

SHA256
428bd09ec20502dbf0075d3052efff338ca1666926c6de4d158d75167cf536b1

SHA512
0ab81b51b7ec9207bc9563dd4207f7112ca728fc5a2e02a9413d89e2be4d63ab5d971a7da418882d5c3c44faa910e3487d582d27fd58cb80d64a818f5935d262

Download Submit
C:\Users\Admin\AppData\Local\Temp\Versions

Filesize
1KB

MD5
704084bf6904a02c9ac57f1bc4bc42f4

SHA1
1c765c1c10281d71d915a576123dad4983c72a10

SHA256
9f72e1b1139270a5260a4b1aad9ca4dc622f5287ad147931c970c532e4f007d5

SHA512
0a11faac2ab39243f1ed75f44bb5bf86afb8281ed391a3f21bbb93904ced7b519532a9f108212482e16be83915879c98fabfdc73f9d8e8361a1d560c637361de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wayne

Filesize
118KB

MD5
d71579214c1a64c258c4f5b2097bc6e5

SHA1
0f39b1b3573a96afadfb3b24c8d91534e17f1250

SHA256
7dff2051f95eb96c6c29787842809378d3fce74440bd34fdab453477c5398968

SHA512
78c8914216456192fc703be3a9e0b86154eca504af7ab4f6b34d18a1ab4f70484b8a5e6f8647dcc499b1ea2fd4fa48d10ee821e229c0e7ec4386b2c06bd003d1

Download Submit
\Users\Admin\AppData\Local\Temp\83613\Unavailable.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit