2c0ec03da69bfc798db411be15c80a2370760675adf9d2b7a648ff0eaadba4b1

Analysis

max time kernel
142s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Size

212KB
MD5

091089f839a396d7712ba3fed484387e
SHA1

8a95e455951615fe3a5f5c5ee6da72340347c5f4
SHA256

2c0ec03da69bfc798db411be15c80a2370760675adf9d2b7a648ff0eaadba4b1
SHA512

c8814963c05e482aeac65b53e632299e3f4d9a863e0d549c70890d42c9adacf2ea843741ca84a173bd247d2a8025feb8ce48aa355577ad9ea1bf05a87b7371be
SSDEEP

6144:gdWGUhLim42UdKT0UbaUeUxP0Us+LneUHWqnwcIAKcEBRMjsf+cDXQDm4:goxm5qaZqwcIAN1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4548	WScript.Exe

Executes dropped EXE 1 IoCs

pid	Process
4968	Program Files11L7F3.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\d.ico	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
File opened for modification	\??\c:\Program Files\Common Files\t.ico	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60cbed1e43c6da01	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425401277"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002322fad14fdb874f8edc4f7e0cc1913e00000000020000000000106600000001000020000000c7e24785d36639d59c1ec1f837d2806ffc7a7a17bcea9add2fa8fce2ebbd70a1000000000e8000000002000020000000e20010a24412ef21b0e62b2e81470b73f0329d67db4a62699309f0eb82d8e6022000000056c56d5dc83ac6e251bbd54b4e3cb8e25a8b9013be22b4d964bb9645ff64a04f4000000075e637e07c1ea092468ccb6525d2ce16e551ca71c79f013b2f8e174fc4ac8b831f67d1626f829939358e9dd03b588e6eacc911f2bcced98f3773d15c6c68415c	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7010e91e43c6da01	IEXPLORE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002322fad14fdb874f8edc4f7e0cc1913e00000000020000000000106600000001000020000000aef465936f514122f76e9226ef5704d19385bab96a405afd10f32dce2fd76e60000000000e8000000002000020000000d8a928981632a0b087fc2891aad3c34ea0c7a3edc8b35f1511c597e9818b71a6200000001204a40453405c1df5f7e2cd185ae730a580bd03d6b3ffe911844b0c005ce1104000000090f11b0b68264b54e6e4bece550d90bf045ac47fce4cc759cf490e37b2b4a4c3c6b70148b38c8fde65d295c0910f9a4a8320c11ff659a3a2ced055c35495a9cf	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3C25806D-3236-11EF-BA70-CEC6030110C3} = "0"	IEXPLORE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.exe

Modifies registry class 60 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\DefaultIcon	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htb	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\shell\open\command	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\shell\open\command	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.hli	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.hdh\ = "hdh"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\DefaultIcon\ = "c:\\Program Files\\Common Files\\t.ico"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\shell\open\command\ = "IEXPLORE.EXE http://taobao.loliso.com/?2012"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\shell\open	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\DefaultIcon	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\DefaultIcon\ = "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE,0"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.hyx	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\DefaultIcon\ = "%SystemRoot%\\SysWow64\\SHELL32.dll,139"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\shell\open\command	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\shell	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.hli\ = "hli"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\shell\open\command\ = "IEXPLORE.EXE http://www.henbucuo.com/?2012"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\shell\open\command	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\shell	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.hyx\ = "hyx"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\shell	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\shell\open\command\ = "IEXPLORE.EXE http://www.d91d.com/?2012"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\shell\open	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.hpf\ = "hpf"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htb\ = "htb"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hli	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\DefaultIcon	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\shell\open\command\ = "IEXPLORE.EXE http://www.5ijunshi.com/?2012"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.hdh	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\shell\open	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htb	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\DefaultIcon	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\shell	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\shell\open\command\ = "IEXPLORE.EXE http://www.loliso.com/?2012"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\shell\open\command	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.hpf	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\DefaultIcon	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\shell	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\shell	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htb\	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\shell\open\command	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\DefaultIcon\ = "%SystemRoot%\\SysWow64\\SHELL32.dll,41"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.h35	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\DefaultIcon\ = "%SystemRoot%\\SysWow64\\SHELL32.dll,130"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\shell\open	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\h35\DefaultIcon\ = "c:\\Program Files\\Common Files\\d.ico"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.h35\ = "h35"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hpf\shell\open\command\ = "IEXPLORE.EXE http://www.piaofang.net/?2012"	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\h35	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hli\	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hdh\shell\open	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\DefaultIcon	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hyx\shell\open	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4996	IEXPLORE.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
4968	Program Files11L7F3.exe
4996	IEXPLORE.exe
4996	IEXPLORE.exe
3540	IEXPLORE.EXE
3540	IEXPLORE.EXE
3540	IEXPLORE.EXE
3540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4968	5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe	80
PID 5104 wrote to memory of 4968	5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe	80
PID 5104 wrote to memory of 4968	5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe	80
PID 4968 wrote to memory of 4996	4968	Program Files11L7F3.exe	82
PID 4968 wrote to memory of 4996	4968	Program Files11L7F3.exe	82
PID 4996 wrote to memory of 3540	4996	IEXPLORE.exe	83
PID 4996 wrote to memory of 3540	4996	IEXPLORE.exe	83
PID 4996 wrote to memory of 3540	4996	IEXPLORE.exe	83
PID 4968 wrote to memory of 4908	4968	Program Files11L7F3.exe	84
PID 4968 wrote to memory of 4908	4968	Program Files11L7F3.exe	84
PID 5104 wrote to memory of 4548	5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe	86
PID 5104 wrote to memory of 4548	5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe	86
PID 5104 wrote to memory of 4548	5104	091089f839a396d7712ba3fed484387e_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\091089f839a396d7712ba3fed484387e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\091089f839a396d7712ba3fed484387e_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5104
- \??\c:\Program Files11L7F3.exe
  "c:\Program Files11L7F3.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Program Files\Internet Explorer\IEXPLORE.exe
    "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4996 CREDAT:17410 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3540
- - C:\Program Files\Internet Explorer\IEXPLORE.exe
    "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
    3⤵
    - Modifies Internet Explorer settings
    PID:4908
- C:\Windows\SysWOW64\WScript.Exe
  WScript.Exe jies.bak.vbs
  2⤵
  - Deletes itself
  PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files11L7F3.exe

Filesize
36KB

MD5
60ac0226a5380b9d0dc251213a910163

SHA1
fb016f26651b54377599a3317f29538523c8b59e

SHA256
f19835b38f2c6c7e7dbee3922683cd3039e9c3075594eb4ae9b6d4ad235214d6

SHA512
db2c54f5fdae9fccebcc2e56f25c8f915917b1a34ad74d1daa4bf4c0ad42be19820e7c9c02fd9b76687dd8099a659cff54722d9e87c74e5fdbfe5cf01f52a6d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\jies.bak.vbs

Filesize
450B

MD5
a15881240abbb19107af44ace3c96d1d

SHA1
b0a315512a843b412329e305e7a93650ab5af491

SHA256
6a78a1bbc0599c1871f5d7b96ce8c3dd40ab49d540de77432f514f6c61393902

SHA512
d7b2b62bf441350d5c97d2a7a46679f1b450cb92e3abd2b3b0ea8a9f4134b387f64e6ef93e176898588aa068f7e3f61a86b00c1a8197e05c04f8dad4322536ec

Download Submit