locky_lukitus | 509b7eacb051087d49d9357c354532cf1561f065f11d0c2b6bc24f53fb255e2e

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe
Size

517KB
MD5

a410188cf459e3beb5be623f1dc1ab75
SHA1

85615da588fe978d82c6bc06e2b0d7db58a4f913
SHA256

509b7eacb051087d49d9357c354532cf1561f065f11d0c2b6bc24f53fb255e2e
SHA512

a28a42ce5ecca6b6be0068083c7fba49c76050a0e6dd92b801a0fed281140679cf0b74353c3de2298dcb2e6bf906492d9ded6be080c7c3a81472d3ee0f0e9347
SSDEEP

12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score

10^/10

locky_lukitus defense_evasion execution impact ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
4636	vssadmin.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\Desktop\WallpaperStyle = "0"	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\Desktop\TileWallpaper = "0"	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1196	msedge.exe
1196	msedge.exe
368	msedge.exe
368	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	2612	vssvc.exe
Token: SeRestorePrivilege	2612	vssvc.exe
Token: SeAuditPrivilege	2612	vssvc.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 368	1496	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe	89
PID 1496 wrote to memory of 368	1496	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe	89
PID 368 wrote to memory of 4564	368	msedge.exe	91
PID 368 wrote to memory of 4564	368	msedge.exe	91
PID 1496 wrote to memory of 4072	1496	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe	90
PID 1496 wrote to memory of 4072	1496	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe	90
PID 1496 wrote to memory of 4072	1496	a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe	90
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 280	368	msedge.exe	93
PID 368 wrote to memory of 1196	368	msedge.exe	94
PID 368 wrote to memory of 1196	368	msedge.exe	94
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95
PID 368 wrote to memory of 732	368	msedge.exe	95

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\lukitus.htm
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcf99746f8,0x7ffcf9974708,0x7ffcf9974718
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:1276
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
    3⤵
    PID:548
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
    3⤵
    PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
    3⤵
    PID:836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7871647918358711264,5698212659052669349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5704 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:760
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118.exe"
  2⤵
  PID:4072

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2612

C:\Windows\system32\vssadmin.exe
C:\Windows\system32\vssadmin.exe Delete Shadows /Quiet /All
1⤵
- Interacts with shadow copies
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5786757eccfc931bce63756325bf616d

SHA1
c01f7549c0300f651907a7de3ab15dc2486462ed

SHA256
af1d810e8b81f8fda58259a56fc6502bda784b76e636b15f559c61b98f321b4a

SHA512
7176d0315a409ad67e4ba02ea45b2c72d7b170317a5c9f2d1d3982e160ed639defb848dd42a1f569c74b9e309aaba9e9785c27e45a2f50baad990b331887c0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23bdb740fab3929892fc13def6c8c0ad

SHA1
95799ecef2c69a395fc8e96b4b5d230866a8eb8e

SHA256
027a575f47c21bbec6d446379168b97d4e17c4eeb1c2350e921d0d195231d3a9

SHA512
242243b0b9d9c689fd521025954769015c5a65d26a3280acc075147a9a97c62580a7fcf4154f58c3d6dde546a50c3df204665a6537d0d7933c2395c71b7e8027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a7f59333d19754660cfc24ceb2671bd

SHA1
6242679b2be44c98889f7bd69fe55266a1d1942c

SHA256
32fc641ec6521e78f0f5be6c4663907483be2bd9c527c61870078310b83b718a

SHA512
beb896215b62bc461d108cd58289e52967d47b9c04b98fc140aca64b42e180f2cf91dd37e94b3d81bcd07aa386d6e19968e03cf826156f7e53210a2a2eec1fc3

Download Submit
C:\lukitus-9066.htm

Filesize
8KB

MD5
e4d06e352caa7f95d41695c326bb3a49

SHA1
94302f31be92526a8f6c01143a781b4e071c9cbe

SHA256
e88bf20c5466dbce946e1e69e951803be6c8dd462a52629f1cc77ec0c68fe1a2

SHA512
4b22a30363bce39fe75dda9f593ef43384e906ef5ec818ea981ca662b5a5edbc498f56145f8cabaad85b904ae92dde45d7e9c6cad70f4d01e04d4819bd638ace

Download Submit