c5ee58a10549dc30073f82adadd858974b0ed8cc23e9e31806cab005691a5644

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

639042362012a88882bdf297090dfacd_JaffaCakes118.html
Size

906KB
MD5

639042362012a88882bdf297090dfacd
SHA1

514af8fd684eff2127860c5a925c168d11551cea
SHA256

c5ee58a10549dc30073f82adadd858974b0ed8cc23e9e31806cab005691a5644
SHA512

687cc921d428fa925c7756fe4e7426382e98692e6afd42a837e8fb84bed27cb719c43ecfa293bb6002ab1b556030705872d3603e737a03737cba8f7eadc5a5e0
SSDEEP

3072:2pTGf2szA0N/Gd7ZXtjgrJ9dYyVeef0xOMQfw/df2szA0N/Gd7ZXtjgrJ9dYyVeq:asM29dYyYQM0sM29dYyYQMpg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4092	msedge.exe
4092	msedge.exe
920	msedge.exe
920	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

920 msedge.exe
920 msedge.exe
920 msedge.exe
920 msedge.exe
920 msedge.exe
920 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 920 wrote to memory of 3612	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3612	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2656	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 4092	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 4092	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 3580	920	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\639042362012a88882bdf297090dfacd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8498611443645631862,17285616995676442520,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
512B

MD5
0ced51c185aa2131b6ab3199bafdce07

SHA1
b0acae9b4316193630208666631dbb84212fae23

SHA256
a50e9e84f1817d77481fa48fe87ff905e4cc39629accdf666e9fc1c5f4fbe951

SHA512
fa3ef02cf72584e95ef0e1dd7036d338783597a83430fc83903f9464da3267d38744b4cdb03ea5a7f7240049d2ad7a2f89c799a2adc061b5e7fcf1ef17788450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d095eb442544e3a45fa39de0fcf94466

SHA1
438ca1988082a8b209365975a5a3cae6ba901007

SHA256
5819258df7b389234cecb18f22af709de3cbca5c6f5dae637a33ca0a1059555c

SHA512
11d3adca3c55962788d95bb4822000e8939f05c60ca2222de200090700da1d96d3fa30089ad0daa3fdfa03fd54f8771642e9c886fa706c0ea8163d0a2d3d3dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dead1ff11f903db291185c437e95b263

SHA1
80941e163c08ff702cb049e789e9d8c1774a16f9

SHA256
e1b4e69e8a54676998ebfd647b6a3dc44101979f406162c6142fe15c2c8e99eb

SHA512
a35c1506479d6b7fe41c07c8b9e43276676ae7cce4158d150309f57a5435792cdf9cb77fdf15a95bc99d8201a6eddad3817030a850315996a4254a636e740108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0fccd762d4336975eecbeb659f0589ed

SHA1
09107a874734e85c773fc17c0bbf0eee588bc4ad

SHA256
d067dfac94736b657658a439f7cd9aeb8dd84c75746be95a927ef212f574f85e

SHA512
e449366333c6643a06d9f883868896a93dea7a0e205345235d34f02027a70f7f36a84d3144f3d433dfa96992dbfbe2c83bdfbf28e6eba7764aef9b32e28df436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ff46cf90c618a34dba31b0306b77c39c

SHA1
4010ca1dd7669a3edd39f16ee44d70e8dd4fe5e5

SHA256
be0392082036ece0798799c1faf5ad2435cfc3e584b68d0400f8f669427a7ee6

SHA512
c7ac71a04e3b3c751530a3c01c9d1447fb289b30872bba2b64ccbfbfe01c978f19482c7457f7817318324b2a96687d70fc458bbbd1b84be877ab288352657251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c709.TMP

Filesize
204B

MD5
650042f338e236230548c062fd4299ef

SHA1
f7db01ef421ce79f6fbd8b9131880bcc1c6f9ca1

SHA256
ad59e0b24706127fc9f935cbeb06f71386e06087f8fa3c4ad10fd5b9b751cc2f

SHA512
0e7fb51458ada0dc129de73753c888b884c7415272875b22c614fbe22f27d013f87afd819e7e678b8e630ff83ad6534003cb9259a114047b3fa09093bbacff18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a830c0f890a12310b9d9d437872225a0

SHA1
cff6eb86a4e4ac51a5a912d24de6e6f5b99f90bb

SHA256
ca10448e6a660e67bac3e3db6e05daa6a3a57bfe95dde5fd6840556aa461f7c1

SHA512
cf674d325e675ed02b94cd70d3ec8321b524337e64e95db3024b158a9c07a7b637ff1c508e13a87ef1f4f9b1609f4c1e60078937683b45df4e77ae8bc2d2642c

Download Submit
\??\pipe\LOCAL\crashpad_920_QHGDEHEEMHWXHRME

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit