b7b2a645b85e0976bde0e5155fb1494b1833c40adc734fcb1df9cea5ca087dd0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 20:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3691a9dc4da440a2d532aa645d1ccbf9_JaffaCakes118.html
Size

166KB
MD5

3691a9dc4da440a2d532aa645d1ccbf9
SHA1

897f4ed7d312ed8fed7de81a44be754d53774f88
SHA256

b7b2a645b85e0976bde0e5155fb1494b1833c40adc734fcb1df9cea5ca087dd0
SHA512

5a17540623b5585ffce3adf262f93b744fc21afeca168d4feff8e848f46605adab26df58419f995289aa79ed921c2be1f0b8afceee18e7cf711540f9a03149dc
SSDEEP

1536:Gui6zH2BBra5jqzqeqMqENHxSSS7VSRi0iYyiiiDNaZiTxQF7o26yhu2tuTuiuNc:9i6TIB2Y0gjNaJUuT0lni1K6XeKUCh9s

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
4464	msedge.exe
4464	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 4260	4464	msedge.exe	83
PID 4464 wrote to memory of 4260	4464	msedge.exe	83
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 4248	4464	msedge.exe	84
PID 4464 wrote to memory of 2464	4464	msedge.exe	85
PID 4464 wrote to memory of 2464	4464	msedge.exe	85
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86
PID 4464 wrote to memory of 2208	4464	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3691a9dc4da440a2d532aa645d1ccbf9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8266946f8,0x7ff826694708,0x7ff826694718
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9344260812983868142,10418391070208976509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
32KB

MD5
1fbfc2ba1b544583815404b4ad92dbfd

SHA1
d4f89ec5247bf715e314e45848a2710b35e79715

SHA256
35683e41edb1cc791cf6d8c925431d63b500c4e8436b61a26d4676c3f1141476

SHA512
17530db85040c96d7971f0aa4cc768d297f2bfc3075533302c56b2ccc4f4da862e8226b9e642e8044c2061e26a1d2633e344439244c55cdf271d0c58d8b6a83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
149d86a3e9e8515484a451dc74db7426

SHA1
4ad46e13e7b685ea17a999d5b9464b7d1b2ea511

SHA256
11ce7cdcaab4e3428bc6b3a7e2dc4be022b69dfbd5d915a81e505705a91c87bb

SHA512
951190f442f0b72e53ad9128324d66564646c3f10bb7113116fffd40feacacf96ecc70c0a84060f70af0fe7e4b605fcb0fb670e79e9a2549355dcc9a6e9f80e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5719222a756098a881c3693696c05d71

SHA1
8483a251f492cf194f86b46d9b1ead1493f97e1a

SHA256
9617b8aa66a35518b1b7d80ae088a8d64bd9b390eb6da46c783862145a69e16d

SHA512
6b96b4b6676753a5ee389b8270068f38f65a19f95ab0549cf1a14c70ded2fa3106a4898f20b7fe497ad1d1479b7eb92d387edb4da4440bf99b8226886032bb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f0056d8a46de9d84c3a3edea5516f01c

SHA1
807ddfa534f6b26ad98a679f576d5cb7aa91c17c

SHA256
201de57252f9cd272e75b5d7ae999b957d513657067528c292daaa56996fd454

SHA512
76041341a4f9b46d94d7c21a9666b93b27338d47d3c42e4e6a9fcd29399f224defdad9ac47996f88bef9fb5c2482257b7f856149221bd92e187d1e0799705739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65f44435e0b0bf9908be695400a8d3e2

SHA1
9dcb6d8af7b988ed2803b3d7b716f0afddc573f1

SHA256
f579c86b1bbfa5a52d666094bfd0a94a01334800889d0e24b0a95eabe46fc928

SHA512
c715cbc4033fdba2973174afaf0551c4084b0188eb11c4cc2414b516236a13399653d66e8b7aa1fb5435005d168b6fc97f22e8c9815da420073e156864d29ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c01f94142eab1c73a7f539f08af1b3e7

SHA1
3f89667041a72a9a1bed6c360fecb62fed0466d3

SHA256
6d888ce1ec020453ad2099573d8b1e34b7bb6ce3a9c645c66c5a57e60c7068cc

SHA512
ebb58d079a0dde71d69c07c3de8e3a3b0c526ac3b39725fdb2cdda2b8647ff84c43c1adce7d9f35acd18b318ffa2d1f34cd123d268b2702606f581a8e6a430d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
01038473f9eae6354a2ea8519092f35d

SHA1
875d9e51889f1fdab914b311bfcd27b728ca1024

SHA256
3ff4b317c006ee57ae365bd92ba201a4a035a4455f9df0f8df82692606f66a67

SHA512
ebca5f64eb08e494e5ced067b2b35d77c72e021c2c11fa90d5a6353f25bdbc08040d40134aec72cbe7f89e86334bda659ffab8c26a9023f988e9db92538987dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
49591594baa4163c51ca5f5cbf072248

SHA1
b673d655cd090b424def42873e4266bc6ad67921

SHA256
7a346353c563347536837494dda602de68df3cb26a7237a141e1a3effd229a58

SHA512
84c9458e20f1e87d41b0d4c6579c78f38dc4b931d7872d759ccd98df01b52cca7c8c3519b84d7ba10331617c483af4ea18578a88caa9fee4054bdafd60e5010f

Download Submit