hxxps://aimware[.]pl

Resubmissions

30/10/2023, 14:47

231030-r5ypssfe77 1

30/10/2023, 14:45

231030-r42easfe63 1

30/10/2023, 14:44

231030-r4ewasdf4y 1

Analysis

max time kernel
69s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aimware.pl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4996	msedge.exe
4996	msedge.exe
2124	identity_helper.exe
2124	identity_helper.exe
2408	msedge.exe
2408	msedge.exe
4016	devldr.exe
4016	devldr.exe
4016	devldr.exe
4016	devldr.exe
4016	devldr.exe
4016	devldr.exe
4016	devldr.exe
4016	devldr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4016	devldr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4016	devldr.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 3680	4996	msedge.exe	88
PID 4996 wrote to memory of 3680	4996	msedge.exe	88
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 2036	4996	msedge.exe	89
PID 4996 wrote to memory of 4480	4996	msedge.exe	90
PID 4996 wrote to memory of 4480	4996	msedge.exe	90
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91
PID 4996 wrote to memory of 4308	4996	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aimware.pl
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff976a546f8,0x7ff976a54708,0x7ff976a54718
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,13504900830242647589,14619262187535378645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1248

C:\Users\Admin\Downloads\aw-v5.1.13\devldr.exe
"C:\Users\Admin\Downloads\aw-v5.1.13\devldr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
ca56252bd33414857ddc872e312d2d74

SHA1
d7124ae1c54830d80dc6a9beced9becc3e11350f

SHA256
2a03dd8b8f9e680bf48534f4770feca8de38bc3cc658cb330cee6676e4925419

SHA512
c0139488b2fe0e91d8127786834cde71a7276137bf66991f40a8e824bc54f4ecb2ae808cdd9896ba5b5fb720340f097cc05d80ad2fa807646177afb0e70e0622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
823bd8d8423008ac526d78098f9b3fed

SHA1
de812cacbb69d58e3287b0e60bfd6b7e084ba532

SHA256
51575fc06f4e24892ce825b9866b4a1ca88eddddfdf77c5408dc513831ebb2fe

SHA512
6fd2132fc15e7f9e4f09e7a451b72fe73137f860e415b2bc3ce697d1f413adb4512d371b520359c6cfa0b308530f131eff76b294f2e995cdc8342287923332e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db2ec556817b55f763f65c21e0fda14b

SHA1
2a23f7e4448600f9114717b74775516a3dbfaaa7

SHA256
0725ec0672887ce93a5778992243405d07ef9b5c4f5b359a074ec91fca97f1ac

SHA512
a6a356d199820bc7678397f0628335d4b70483bc6cc9cdf276d1e8157ebbf2b01e231eaa86efa0e47ae7fc4b8f181b8e1a8d5e24857e358563b8b9170d915b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06305e1b5a208fd984e377facbbbb158

SHA1
e095de3d18a07f27f91bb4a11b9e6e337baaff66

SHA256
8079a14d39f79e0e5ff65e40d929cee9b4befeedd0ef1ba35fc8a84cb6c138da

SHA512
590099f0b4678a70db24ca8184159c100d8cdb223a0c65f2e4cf9993eba777ae2b42ac2db67787d9873e32ef3c8f9d8b9a8e052368e1bd3f31ba6892e66954ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
253b435b1e9f3d1bab58d9065366aca8

SHA1
0583ff759f4986781e17cc647d763ab7c0489189

SHA256
cc06a6e10765154fba647502c8f072b6cd8b63dd9f2a4e9641ec7a8beab869f0

SHA512
d2e186497c9ec17bb46c87017be32bb1e0a32939bfbf68841e6023eb94c44f3c6a7c763c75099654004d936bcf0f36d29eec28630ac0ab4c07b5c4c6135287bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39f18601cd8cbc1351c708dda67e8c82

SHA1
75a7d75a0445c53cffb188c43d5a62ca21e06fa4

SHA256
58c32bcc2ef0c51710a0153093aed6f27b142aa889fba52deaf4342a0c5c76f6

SHA512
cae878318ed6c88f0d6c3a676ce69068bf11b8c9c8247070070c4aa7e0052db87cdf9f40294ea92650c1d8b109c9536e9219f6a9c73881c3bdaf5e4ee497ee1c

Download Submit
C:\Users\Admin\Downloads\aw-v5.1.13.zip

Filesize
3.2MB

MD5
dabc264b1369b180503547a10929e254

SHA1
64e9a7f6bf6a0f9c00a97f622ede0ce84195ebda

SHA256
af86006262e394a832aa6d8ee25aa34215fbedda54ccac04da3b5406c772c5cd

SHA512
f80e16b632705fa7be49f2a0e91533921d6d21999c9ca870930729e246c061cd9b42265b5342848afd99c276bcfa871fa146624c5c38d490940217e12decc0fd

Download Submit