wannacry | 11d1b9e86aa6f141c5e1070e05b961fe50fe889baf4c370607fb218580abff25

Resubmissions

28-09-2024 23:36

240928-3ln7sstfpf 10

28-09-2024 22:58

240928-2xstpazdkr 10

Analysis

max time kernel
31s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd4fff79f429487d143c43502304855a_JaffaCakes118.dll
Size

5.0MB
MD5

fd4fff79f429487d143c43502304855a
SHA1

72b8eaecc118ca21e0adfdfb080ac462558448d5
SHA256

11d1b9e86aa6f141c5e1070e05b961fe50fe889baf4c370607fb218580abff25
SHA512

53ace4673ac8ab17b3aee3360697e4f70296d7c0b951feddb77ccccf41c794fa3045b680eafb076061d7b09b554fc24fe4755041e4112ff7ee43d2bee83b28cd
SSDEEP

49152:RnaMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1aPoBhz1aRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry

Executes dropped EXE 2 IoCs

pid	Process
3560	mssecsvr.exe
4724	mssecsvr.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	mssecsvr.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	mssecsvr.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	mssecsvr.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	mssecsvr.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvr.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvr.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvr.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvr.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	mssecsvr.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	mssecsvr.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	mssecsvr.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	mssecsvr.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History	mssecsvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	mssecsvr.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	mssecsvr.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 3728	1064	rundll32.exe	82
PID 1064 wrote to memory of 3728	1064	rundll32.exe	82
PID 1064 wrote to memory of 3728	1064	rundll32.exe	82
PID 3728 wrote to memory of 3560	3728	rundll32.exe	83
PID 3728 wrote to memory of 3560	3728	rundll32.exe	83
PID 3728 wrote to memory of 3560	3728	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd4fff79f429487d143c43502304855a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd4fff79f429487d143c43502304855a_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3728
- - C:\WINDOWS\mssecsvr.exe
    C:\WINDOWS\mssecsvr.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3560

C:\WINDOWS\mssecsvr.exe
C:\WINDOWS\mssecsvr.exe -m security
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\AddRemove.ini

Filesize
826KB

MD5
8ecc3dd5c41f829a76e736fad4cd5c94

SHA1
2bd55dd63859910e6b8a268a39f24f39f54daf29

SHA256
0a6b7103ff86e6e3201e7d0bbe8a4bd07983f1a6e7b05befcb593703cc4da76d

SHA512
d0ac16defb078b261f46d8bdd3dec8e4f36f012ea2d0e3fd51d8031abaefb4ad39be89c58dfcd258e6d28bdea7dad41d01a216c6ba87565982b906868bb90349

Download Submit
C:\Users\Admin\Desktop\AssertLimit.lnk

Filesize
680KB

MD5
ac2fa72ea21ffd33f3f200a6e23040f9

SHA1
6f7df4372965fae62f9073eea01246c48f11ac91

SHA256
815eb0e5f2b2e2f6f75451f8708d7e206e00001b18eeaf8cc546ebfb0599d43f

SHA512
665c2c2688d9981269c7438efcb9b54f7e72620700d77b75b69cb5a62f9ba96a4d6d87886d627043fd4512a583d7cf18efca44591cba32e88b68432b0443246d

Download Submit
C:\Users\Admin\Desktop\CheckpointDisconnect.bin

Filesize
583KB

MD5
7e38c0d3ecc8ae8834dd020676e2ec62

SHA1
928440b88b679dff1e355b76e2950e59efdb58a8

SHA256
3d5f75de6adda24806d96aab516965ad926bd13aa65a3a5e8b1d1dc2ba90bb43

SHA512
57b166962c5e48ea090fd1da4421c1e5c0dbf162904a5df078ba174d01a0d3d3a98999b1331a45b48d165a1a6a76aa4d3b4976fd86410a61d710b45b6b6a9f83

Download Submit
C:\Users\Admin\Desktop\CheckpointExit.3gpp

Filesize
875KB

MD5
d4d4f39bbc4abcf8ef48d3454eef6025

SHA1
5f1a051e5badf8a4cf87c3c20a5e9d6bdc9066f0

SHA256
e2887b841580535a163f652100350d1e93657dcc92c0e2531ae00d2ecef1850b

SHA512
d75fe05ed23ab0dfa69f02708e8c3668fc156d0bf49e0f2a3a4cfc789cf52851c3644c03106c8b04f02d81a3820635837d32da9613d882a7e1737074978ef805

Download Submit
C:\Users\Admin\Desktop\ConfirmMount.aiff

Filesize
1.2MB

MD5
d10a0fdbd710230c14a043dab6ae6058

SHA1
dd3d8b9fe5c88a55e9ab86ff24097aa4aca804bd

SHA256
9b7ef3e3b41c7a6c32b106ce8a10741f073570b96a01270718202043b8983c57

SHA512
02bcd3c433468ac81c447393b0b82726eb52b50bb09a01ab1e15d834078d67704db843619ade78a89cf98287b5515c28eca1d7bbcb08b86c7934d7305d5e1972

Download Submit
C:\Users\Admin\Desktop\DisableOpen.docx

Filesize
13KB

MD5
4f744ab59b089a52cabdbcae0c2256b3

SHA1
95c83f8c2395f5b7fb7f4ceaaeadf77ebf9b680b

SHA256
612012417115c94d8bdcd0144cf989cde4144141a7d35c5760f453159a9228f4

SHA512
895694f6cc988728d97827c85636e8629a6baadec1dbc2b7812857601e1ad04dba6c61f32ba5432dce5043ef43296bf3182d9c5f9b568cdbbae243aae6063a75

Download Submit
C:\Users\Admin\Desktop\ExitSwitch.tmp

Filesize
1.1MB

MD5
293de03a3a474fca71a53a8ae4a8e565

SHA1
1038e00148a0b900f6bda09d7fc3057967ddfaa0

SHA256
de9d44eec7c7f828d2fa33872128a91af4aa84ec14f177218d403e01ee2d82cf

SHA512
cfc9a75e725b101a2d3d938d3de38135f46c6947f8187054c9cc094f749b6b4c48ff26bddeece50419aa562b8838e17493817b8cdb477c7bc1614d35865c8571

Download Submit
C:\Users\Admin\Desktop\FormatWrite.xht

Filesize
1.9MB

MD5
f96494209911f954c1e39352f9ad25da

SHA1
7f6fcf8e72eeef4b74bd10a75832a0c70fd204d0

SHA256
c86c476732858f8c98baf5a4e3e9193534723305390d72b4acb0847428cfe2e0

SHA512
17252ddecd78b46a4ed2ec1eb763f629b86be6c8d24f0c9fd1a24eb0c58e2bc89a0065fb16e2f85db8764533eba863080e9048255f5b715581dad890b6ad7719

Download Submit
C:\Users\Admin\Desktop\GroupSuspend.png

Filesize
1.2MB

MD5
6734595578d31bbb5e425412cbe4f1ea

SHA1
1692bcf601c45c8d805661046215c5b2fbc7c7a1

SHA256
fedcea664efa686005f435d47bfe73ce293c5b325dff44c210468805ea8f9ae4

SHA512
ab31523231496cd3760444c0c0a5824ec6b86a8c87b321e874dbb04bc311c27da2d9d5ee647738820f04315c43b627712c004b9ecc2f71cc697011e31e0ba9e0

Download Submit
C:\Users\Admin\Desktop\InvokeDeny.odt

Filesize
729KB

MD5
2a31375d86471569f27de4c734aeb1f8

SHA1
d90efebf936b56e8a09c96d045f9079be8fdfbbb

SHA256
1854b4428b083b69c5e4485bad3444bb075db0a2d9e0e43a043340ca50b84927

SHA512
8ee1df1a54d6ed6c14cc72e2d6dc78ec20398b9474189e4681285be8e77195fbb09b69c798a16bb73bb92be87501bb20b2686092d63ff4c140ea3b0d1de6630f

Download Submit
C:\Users\Admin\Desktop\MeasureSplit.cfg

Filesize
1.0MB

MD5
cd786921224a72f4cc46ff3523e03ae0

SHA1
f0e93e04a471939bf60e6020474bf06d3bf49b4b

SHA256
a132dd3826165f68ac8d6a2e7c6a803d06204c9059c56a4795c6cc79cb8a6310

SHA512
5a278fec73484589b8c57d812c81df255b80766d8dc8f57743cb47e3d99fa56550853fcbfd7d6ec39a31b83e8a4ecfa973b0c7cdd98d065907e39a8f497792aa

Download Submit
C:\Users\Admin\Desktop\MergeDeny.css

Filesize
486KB

MD5
5c8f4303681182ca305a26ce5a0df9fe

SHA1
c22dd51e5906eac04ed2b43f39dd39f9b394f949

SHA256
10e4d6f677204311fccf3c90739084b8f33a0b5cb2a32a7b2b94ca9bb02bf8f1

SHA512
0321503bf21257020f15e0ee589558c231f4ee3728c2127b8c1d3a0e1c8d2412af9cdb46277b8c93b127f6569de5b45ac17160e6ddb0362fad5fe53a9a3ed4a5

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
7deb1c5ca7b35696ce4dff97b5bbf1c6

SHA1
6ed83ea50a26071d4d1e52608935d5d04892e8c1

SHA256
7151dc306e0ded55c326d2ca1e86f7097ec665a49ab61fcb8d16fc66db8fcc3d

SHA512
cf385c2c59ecba2e9d7c6484ad941728c91e1a3963612f8374e41d9bb17622945c49e4981b683227dafd388f5d69daaf892e3b7ef4157c0ec7a4b818b91880ae

Download Submit
C:\Users\Admin\Desktop\PingCheckpoint.ram

Filesize
1.1MB

MD5
10f2513b0e9dd3d5a2eb1cb1479db18d

SHA1
581fa9cd70938501e527a413d51976ffbcb72c69

SHA256
bba60338e3b915b927d26e402021f9809b5f727e418a8ee3268b45de07bed00c

SHA512
b9e2ea538a8fe7ea9bf28f62b7ad7063399df0c66e340fb20ecd991ab08dcf149784a83130e87ef466ce330c201bd0d6ca5804a3285a53f866ba15867f110f55

Download Submit
C:\Users\Admin\Desktop\RedoMount.xlsx

Filesize
10KB

MD5
1906234b4ffe69869579db2ad20eddfe

SHA1
e6a09ccaa5291fde2dd84e14ce3e09eabe109caf

SHA256
b4631bf295bf116a4f5178a8156c97a327200ab0d94d56f1623270df281e4674

SHA512
2685dc0d46f2d329d000deccf8ebae34ea509ad8fdd769a2d7927d7fdd2d95b3e260ddd2524741de6127b1a90a62c63fc76247dcb6f703f8e263be2c79970d85

Download Submit
C:\Users\Admin\Desktop\RenameFormat.jpg

Filesize
632KB

MD5
9c3dec80ce3ad78120d21fd0800b994f

SHA1
56ea4825959f0711ba09532244730843042fae23

SHA256
f4e861d219360049a4ec53a0464c31f6efdd246358efbb97fbccbeca14106e32

SHA512
902601bccfe5e5458a5d0131c37a22fa73a95482a8881cafedbacf87773335118f7b83e283d721be564d4177faa4c8a9aae28297ef08b81834c66bc36b71a9cc

Download Submit
C:\Users\Admin\Desktop\RequestConvertFrom.svgz

Filesize
972KB

MD5
4297b3acd2d110a3a25b048bc7117ba6

SHA1
5204316ff849ba938af9bbd9ce39009927f31d81

SHA256
2668f109bfffd17356a56a11c4979535ff3547404db9a61d2c83740ecdbce2f7

SHA512
a719023eb37d5042b808c3aff1129200074df74e3af28f9ae1b84fd851efe933178d8563aa866f3da4e1b431ff46b95465478bc851990bda5a03c07a155b628e

Download Submit
C:\Users\Admin\Desktop\SendSwitch.xml

Filesize
1021KB

MD5
ba70881c7f348ee5cbbfede84b393eb9

SHA1
4f8da368cf28e52006be62f9bd82b774d0ebddc8

SHA256
5d084c159795ad96cc4c2fdbf33160c8eeb8beffcd5b665e3edbdd8373ea8179

SHA512
c71ad5907dd4009d7075970bff2441095abc40c1a96abf1542e63fa11061dc8ba53de0bead7935941bd427f1c5186581cd718c4130b1f81b3bbe06edd78eab36

Download Submit
C:\Users\Admin\Desktop\SetRevoke.png

Filesize
778KB

MD5
82ef5598f4015e8af2efcaa7ef2c39c8

SHA1
f5bd7efeaf8c7b26dc6e9a459e8702f2c0765455

SHA256
2f8017d47f46782e0465a7a8b0597550488c30c96d4773e85daf0bb0deecf21a

SHA512
dbfff0ef66f10f9cdb736857b00ed96b4df8be94fd3f5147142ad257609e29b01d317cf6a64fc07f178ab4d8091ca0f091ff9d7263ce582a98c2038f4784f945

Download Submit
C:\Users\Admin\Desktop\SyncNew.xlsx

Filesize
11KB

MD5
2ab5de451e08657041c9d69145978fe5

SHA1
9c3102f701e0dd99f942d7846224ff9941ae8c58

SHA256
75928ac637c4dfbb9ac5f724576a7219e09c5974545ca1075d3780d447de800c

SHA512
e8218a3672ce4aafe6a518a5563c5bd4270e340048833b78b0b9832e3bae62cf355e5fc3d87f61a85fe537baaf107ed756103dfe28e1eb9c0506254d7902700a

Download Submit
C:\Users\Admin\Desktop\TestCheckpoint.ADT

Filesize
535KB

MD5
178b79a81b983f3f653520df9ac36169

SHA1
2196dd5144e47df3c5e1029bc75e4b8a68b49c53

SHA256
46d05a7181e2e7ef4f96530df00cda8f7943c864315bbea7f5705a6a20985629

SHA512
82c93f4546b7017f1d26e334a27a2889b5fb6e48832338cb59492677586d9faa7c0933e95348e8169523802d0ac135b1614cdb6c434f4ae9ddced5b084208d2c

Download Submit
C:\Users\Admin\Desktop\UninstallRepair.ico

Filesize
924KB

MD5
8fdca6495f8689bc892b6118885b7836

SHA1
0c3cac131064e8d979741b5df3e755a2428cf4a0

SHA256
ba6f1060c467ebe1bb76a3d8d9f24c22ae10595c601d9340f5173b43b1ddda4e

SHA512
957f88a0fca0304b53caefe129f6c1b0b6b86efcaec0e1d4d1bdfd6757a130f731ae35204128c3263be1d2d0e2ef5d94ed3975a48d69b33089356dcfd8706075

Download Submit
C:\Users\Admin\Desktop\UnregisterUnblock.doc

Filesize
1.3MB

MD5
13e3367d2d7084b9c0529481a2c507e5

SHA1
e25a7dd890b3a4bb421382a931f65c43a9a62f5d

SHA256
040339c66b4d87bb395b00c279d7d88018722a1431665962e2f973f1410aa27a

SHA512
1afd934c26ba459091aed5b96638de7baa02a75c1f645b19f40785bd9fcc4ba024a38f924cbe873624f4b8d164c5bfa346f106770230f79fbd4b94d7c195603f

Download Submit
C:\Users\Admin\Desktop\UseApprove.xlsx

Filesize
10KB

MD5
a62cf14e1a11e5126ce02af4491b4183

SHA1
a1d96ea65ff76b17e0c00dd5f4e58bbbbda23743

SHA256
1070177ae2804513bc222c73d0976e669cb99a6ad0207cb16b18b97490eb446f

SHA512
b88ad068801c6b751d717aff6bedda6dd2cd3121fe6bd8c1dae18a2a384933e82c7eddfa46d2c88db853a612cf98f3fb9a7c6cb1573023bc9bcdbfef23cf9344

Download Submit
C:\Users\Admin\Desktop\WriteShow.tif

Filesize
1.3MB

MD5
34ec48f16f260ed3338c810cce95207b

SHA1
513041961b5572da67a39b7c433e55b997046b89

SHA256
12ed26c2901306c69e0af7984df4ce97ea5b818a302df06d6dad630105b32e1e

SHA512
f011811d7f8cad1d4638a4f913316407e5110b6c761a3382333e1bd3a6ceb88eb64a47b906a428b80f5f86086a1018fb1185f1d3c5056a6f97d4f8e4801d71cb

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
d430547f4c6d64c4f36053f42de1b4d0

SHA1
9e92d41693a134f3ac4fb06f7aba663c8c856115

SHA256
10b0351332b326d17b516202e0a5bdf2f793377db77c373547b1eb564942cee4

SHA512
ac3db5254d551c1864c1ae411c8d6f87435277e18c1f5642c6b36da013a30087e56f28b66a7b6128de98e5ea0f87a57f5fd9061c545a8beb85658db85819b6da

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
b5b1db65ee4b5444f47f3ba856ba3a2c

SHA1
e26f2a2d3ce5c951d6540977e25eec2fc644b808

SHA256
7cf618a1e89f30170449a33a2ad7c8063970c71548beda7c31a808582cb8bce0

SHA512
27cee9c30552a6db9ce35d37e7207af7fdf1ef4db62bf2de712974976d3af8d8d0c1c2cd4624cb238daa4e26eb07147eb653a618630b9fa1daecba95d18c9607

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
506b5c060574b432deecfd9b8ce43ef5

SHA1
364f5adb90065d1df1c84c088e3248f8bd166dd9

SHA256
e41ff00c3bb1a2cfe3d73e11e9ef290fc69fb243bd0f6f34c4d337d98784a16f

SHA512
eede8f95a5ceb64ff58b5ebe314d8e80a8b291cb2e2ad51b080abf39a0163a9f19518d071095da50e0ad2e5c6df85b6d491a3d574132deb646ae40a07020699a

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
d90d015c1ee2f3ce05a221185a209f92

SHA1
13bf0ab97b52e901b3573dcea67f0be856f5f49d

SHA256
66261ef5bff2722cdafecdb7b705c22ace1bd18bd9c515bea4f9e177ccfe431b

SHA512
e854bbd237b8ba92150db6c4ab8cfdb0e48a42264d73a73c1f1dbd3cd7f988d3c493d2cde94f9b52cbfaad0b8d2acbee6baae457776c68831095ea3923e1ccb1

Download Submit
C:\Windows\mssecsvr.exe

Filesize
2.2MB

MD5
19c96e2329aeedc880af0ea55c954c30

SHA1
e71346165a77213c579c45d786abd07492b7c92e

SHA256
8eb01339dc01bd8a949931e7f3f73791ac0c96bc14487fb9879186ee4a007f5d

SHA512
25edaa8d4101203e74cc2a3da31d544a0112527df15f1789967345ceea53d1501de15eb4c01aded9d555311850f73c9320a563151f3acd985e7fb2d5bf458c4d

Download Submit