Overview

overview

10

Static

static

10

ee45820911...99.apk

android-9-x86

7

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22/10/2024, 02:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999.apk

  • Size

    13.0MB

  • MD5

    4d0f9c686f81f95666a6f22d88d5da46

  • SHA1

    31df016c69c989479f624001da67e0c7fcb0e750

  • SHA256

    ee45820911580803c3df8ced9659bbc0dc21226710c59f11eae5d7c2720c6999

  • SHA512

    076d6dc6a6e6111dba5728ae39f6d01350c0b40c9789c212d098691b508b9c91ed9a0d2b0b6d98bad13ad703ce4e6b79630ea6501339f9ca4ac8a8046267cee5

  • SSDEEP

    196608:CpN6utSK7VmWuFxX+uUZIrzIRliSS4jo5nNIceyLdapE5oQryApUoXaI6oCHYV41:CnFV+xXJrtSS4+N7xaSoixantRgaf

Score
7/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries account information for other applications stored on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.aa.bb
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4331
  • com.aa.bb:s1
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4616
  • com.aa.bb:main
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4590

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
  • flag-us
    DNS
    www.baidu.com
    Remote address:
    1.1.1.1:53
    Request
    www.baidu.com
    IN A
    Response
    www.baidu.com
    IN CNAME
    www.a.shifen.com
    www.a.shifen.com
    IN CNAME
    www.wshifen.com
    www.wshifen.com
    IN A
    103.235.46.96
    www.wshifen.com
    IN A
    103.235.47.188
  • flag-hk
    GET
    http://www.baidu.com/
    Remote address:
    103.235.46.96:80
    Request
    GET / HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; AOSP on IA Emulator Build/PSR1.180720.122)
    Host: www.baidu.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Length: 1108
    Content-Type: text/html
    Server: bfe
    Date: Tue, 22 Oct 2024 02:00:22 GMT
  • flag-hk
    GET
    http://www.baidu.com/
    Remote address:
    103.235.46.96:80
    Request
    GET / HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: www.baidu.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Length: 1108
    Content-Type: text/html
    Server: bfe
    Date: Tue, 22 Oct 2024 02:00:25 GMT
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • flag-hk
    GET
    http://www.baidu.com/
    Remote address:
    103.235.46.96:80
    Request
    GET / HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: www.baidu.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Length: 1108
    Content-Type: text/html
    Server: bfe
    Date: Tue, 22 Oct 2024 02:00:28 GMT
  • flag-hk
    GET
    http://www.baidu.com/
    Remote address:
    103.235.46.96:80
    Request
    GET / HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: www.baidu.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Length: 1108
    Content-Type: text/html
    Server: bfe
    Date: Tue, 22 Oct 2024 02:00:28 GMT
  • flag-us
    DNS
    rpc.ynhz.xyz
    Remote address:
    1.1.1.1:53
    Request
    rpc.ynhz.xyz
    IN A
    Response
    rpc.ynhz.xyz
    IN A
    172.67.130.58
    rpc.ynhz.xyz
    IN A
    104.21.3.44
  • flag-us
    POST
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=0
    Remote address:
    172.67.130.58:443
    Request
    POST /x/command-report?state=0&ty=0 HTTP/2.0
    host: rpc.ynhz.xyz
    version: 09050322-Rebuild
    type: encryption
    content-type: application/json; charset=UTF-8
    content-length: 55
    accept-encoding: gzip
    user-agent: okhttp/4.11.0
    Response
    HTTP/2.0 200
    date: Tue, 22 Oct 2024 02:01:34 GMT
    content-type: application/json; charset=UTF-8
    content-length: 131
    content-encoding: gzip
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-request-id: mvorj4bm6yyeHtNQxr7MTRQeq8sTukvO
    x-xss-protection: 1; mode=block
    strict-transport-security: max-age=31536000
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZHD5okfMivaIcWQB1gUNRA%2FDzGFg23GTeQulnfvdneezzih10uEkxYMtWPEhWjsQbG94Ut7cCvEjzRRmVIlfSMvOiGIsbZ3VpAE2LoMPzRcaQJzMkjCCjbtoBIl8No%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8d65e67378947772-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=39598&sent=8&recv=8&lost=0&retrans=0&sent_bytes=3390&recv_bytes=801&delivery_rate=109769&cwnd=255&unsent_bytes=0&cid=ee487ae1c6869f3b&ts=559&x=0"
  • flag-us
    POST
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=3
    Remote address:
    172.67.130.58:443
    Request
    POST /x/command-report?state=0&ty=3 HTTP/2.0
    host: rpc.ynhz.xyz
    version: 09050322-Rebuild
    type: encryption
    content-type: application/json; charset=UTF-8
    content-length: 55
    accept-encoding: gzip
    user-agent: okhttp/4.11.0
    Response
    HTTP/2.0 200
    date: Tue, 22 Oct 2024 02:01:34 GMT
    content-type: application/json; charset=UTF-8
    content-length: 131
    content-encoding: gzip
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-request-id: GwlV3MD4vnBfIWe7pjZvlSRTw7Crpmtx
    x-xss-protection: 1; mode=block
    strict-transport-security: max-age=31536000
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M38ULReLg0yP8AaaQ85Suq4Xpim0%2Bkvz1Q21%2FRA9NiigS%2Bi57xGSc7%2B4jOILJou%2BRKWQeTKwmrwvEb6A9DP8%2BXsE6EvcIoCP9c9xCyPeQo8VIA8XJmTUAvIlnp9Azsc%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8d65e67378957772-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=39598&sent=10&recv=8&lost=0&retrans=0&sent_bytes=4315&recv_bytes=801&delivery_rate=109769&cwnd=255&unsent_bytes=0&cid=ee487ae1c6869f3b&ts=569&x=0"
  • flag-us
    POST
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=0
    Remote address:
    172.67.130.58:443
    Request
    POST /x/command-report?state=0&ty=0 HTTP/2.0
    host: rpc.ynhz.xyz
    version: 09050322-Rebuild
    type: encryption
    content-type: application/json; charset=UTF-8
    content-length: 55
    accept-encoding: gzip
    user-agent: okhttp/4.11.0
    Response
    HTTP/2.0 200
    date: Tue, 22 Oct 2024 02:02:03 GMT
    content-type: application/json; charset=UTF-8
    content-length: 131
    content-encoding: gzip
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-request-id: V3mwR72ykYEYz5k5VF9tXyAgKp5WgvLB
    x-xss-protection: 1; mode=block
    strict-transport-security: max-age=31536000
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sVED5ts%2BXK4XPepQZs%2BcUonacvOnVuOPPN%2Ba9U%2FvbQrDeok3VY4OgPtN5%2F%2FhA9nlhwfhjGmm9A7rZWotFIirqh75gLNHRgivGOBgaf8agev2c9mGjTtrZO%2FmCxV9wIw%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8d65e72d38e27772-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=44041&sent=14&recv=12&lost=0&retrans=0&sent_bytes=4966&recv_bytes=1071&delivery_rate=109769&cwnd=255&unsent_bytes=0&cid=ee487ae1c6869f3b&ts=30051&x=0"
  • flag-us
    POST
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=3
    Remote address:
    172.67.130.58:443
    Request
    POST /x/command-report?state=0&ty=3 HTTP/2.0
    host: rpc.ynhz.xyz
    version: 09050322-Rebuild
    type: encryption
    content-type: application/json; charset=UTF-8
    content-length: 55
    accept-encoding: gzip
    user-agent: okhttp/4.11.0
    Response
    HTTP/2.0 200
    date: Tue, 22 Oct 2024 02:02:03 GMT
    content-type: application/json; charset=UTF-8
    content-length: 131
    content-encoding: gzip
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-request-id: RQ3YssfwAO35S6xkBn5AAyofpwdoO8tY
    x-xss-protection: 1; mode=block
    strict-transport-security: max-age=31536000
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bc%2BeezEcwTsOTUjY17JHYWbXmtgRoMAEmlWkdqlsBF%2BahWFy%2FDBA8HeRLdeaqjf%2BlvZ9ViMOmXlA6bSUVjVrcfhBXD0nFHCKnnapqaAKv%2FWld0uspS0WA9YkMhNlvE8%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8d65e72d38e37772-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=42790&sent=16&recv=13&lost=0&retrans=0&sent_bytes=5643&recv_bytes=1071&delivery_rate=109769&cwnd=255&unsent_bytes=0&cid=ee487ae1c6869f3b&ts=30086&x=0"
  • flag-us
    POST
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=3
    Remote address:
    172.67.130.58:443
    Request
    POST /x/command-report?state=0&ty=3 HTTP/2.0
    host: rpc.ynhz.xyz
    version: 09050322-Rebuild
    type: encryption
    content-type: application/json; charset=UTF-8
    content-length: 55
    accept-encoding: gzip
    user-agent: okhttp/4.11.0
    Response
    HTTP/2.0 200
    date: Tue, 22 Oct 2024 02:02:33 GMT
    content-type: application/json; charset=UTF-8
    content-length: 131
    content-encoding: gzip
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-request-id: kocnR1c1ddR4blWd4uKyjrW6bT3n1Kzm
    x-xss-protection: 1; mode=block
    strict-transport-security: max-age=31536000
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y5HoyNhWkiFLP%2FSh8mMro9p2tUr4DZrgbU3p6WE8pLffOBBv%2FzvdQkWWDlNCh4ik3zjHGEdgsEkNGMfbF3spvBQt9ISuBNHMbtEkkW%2FgdJnN%2BNzBYNvVLaH%2Bdt3PBlQ%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8d65e7e8beec7772-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=39055&sent=21&recv=19&lost=0&retrans=0&sent_bytes=6294&recv_bytes=1341&delivery_rate=119442&cwnd=4&unsent_bytes=0&cid=ee487ae1c6869f3b&ts=60054&x=0"
  • flag-us
    POST
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=0
    Remote address:
    172.67.130.58:443
    Request
    POST /x/command-report?state=0&ty=0 HTTP/2.0
    host: rpc.ynhz.xyz
    version: 09050322-Rebuild
    type: encryption
    content-type: application/json; charset=UTF-8
    content-length: 55
    accept-encoding: gzip
    user-agent: okhttp/4.11.0
    Response
    HTTP/2.0 200
    date: Tue, 22 Oct 2024 02:02:33 GMT
    content-type: application/json; charset=UTF-8
    content-length: 131
    content-encoding: gzip
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-request-id: 8KYy6nZL6amZsycjaiUycZkwP2uLCr8t
    x-xss-protection: 1; mode=block
    strict-transport-security: max-age=31536000
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uKuVIF%2FhXeuNI544PYAEqF82IDFEbM3GqQ4FgwgfVFlvL7Jj2bTFYB2jtBIyBUIcDhqVB6apjYdZxFZ2TwiIJNXQybg9NJNmGb4js0ISmMtHjmFr7mI96KLt0Gd950k%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 8d65e7e8beed7772-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=39055&sent=23&recv=19&lost=0&retrans=0&sent_bytes=6967&recv_bytes=1341&delivery_rate=119442&cwnd=255&unsent_bytes=0&cid=ee487ae1c6869f3b&ts=60086&x=0"
  • 216.58.204.74:443
    tls, https
    202 B
     40 B
     1
    1
  • 103.235.46.96:80
    http://www.baidu.com/
    http
    621 B
     3.5kB
     10
    10

    HTTP Request

    GET http://www.baidu.com/

    HTTP Response

    200
  • 103.235.46.96:80
    http://www.baidu.com/
    http
    649 B
     3.5kB
     11
    10

    HTTP Request

    GET http://www.baidu.com/

    HTTP Response

    200
  • 142.250.187.206:443
    tls, https
    902 B
     40 B
     1
    1
  • 142.250.178.14:443
    android.apis.google.com
    tls
    5.7kB
     9.6kB
     17
    27
  • 142.250.178.14:443
    android.apis.google.com
    tls
    2.8kB
     6.0kB
     9
    11
  • 103.235.46.96:80
    http://www.baidu.com/
    http
    701 B
     3.6kB
     12
    11

    HTTP Request

    GET http://www.baidu.com/

    HTTP Response

    200
  • 103.235.46.96:80
    http://www.baidu.com/
    http
    741 B
     3.1kB
     13
    12

    HTTP Request

    GET http://www.baidu.com/

    HTTP Response

    200
  • 172.67.130.58:443
    rpc.ynhz.xyz
    tls, http2
    901 B
     3.8kB
     10
    8
  • 172.67.130.58:443
    https://rpc.ynhz.xyz/x/command-report?state=0&ty=0
    tls, http2
    2.5kB
     9.0kB
     23
    26

    HTTP Request

    POST https://rpc.ynhz.xyz/x/command-report?state=0&ty=0

    HTTP Request

    POST https://rpc.ynhz.xyz/x/command-report?state=0&ty=3

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    POST https://rpc.ynhz.xyz/x/command-report?state=0&ty=0

    HTTP Request

    POST https://rpc.ynhz.xyz/x/command-report?state=0&ty=3

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    POST https://rpc.ynhz.xyz/x/command-report?state=0&ty=3

    HTTP Request

    POST https://rpc.ynhz.xyz/x/command-report?state=0&ty=0

    HTTP Response

    200

    HTTP Response

    200
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     304 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.180.10
    216.58.212.202
    142.250.187.202
    172.217.169.10
    216.58.204.74
    142.250.200.42
    142.250.200.10
    142.250.179.234
    216.58.201.106
    142.250.187.234
    142.250.178.10
    172.217.16.234
    216.58.212.234
    172.217.169.74

  • 1.1.1.1:53
    www.baidu.com
    dns
    59 B
     144 B
     1
    1

    DNS Request

    www.baidu.com

    DNS Response

    103.235.46.96
    103.235.47.188

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

  • 1.1.1.1:53
    rpc.ynhz.xyz
    dns
    58 B
     90 B
     1
    1

    DNS Request

    rpc.ynhz.xyz

    DNS Response

    172.67.130.58
    104.21.3.44

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.aa.bb/no_backup/androidx.work.workdb
    Filesize

    100KB

    MD5

    829b1a80099b4ae04f9aaf1f29456958

    SHA1

    83ed9ea2df44735ee8e25e44a9a38951f2a839db

    SHA256

    13a3e0dbcec4cd2c14f98521934325612955ba28c3eea79e177f8a7baa621831

    SHA512

    3723da75bed851808c88b2319248bbf9882e2ce31a07cb3e0dfa9033e86558b328d27a057d51cde27dea7c265a2c4bf0e25f04ffcef5b16f4cac16564c46a376

    Download Submit

  • /data/data/com.aa.bb/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.aa.bb/no_backup/androidx.work.workdb-wal
    Filesize

    402KB

    MD5

    2a5baf06364c1e6f37d92bae1efdd7e2

    SHA1

    98eccb16958bbd2545beb9f954257203866c5be7

    SHA256

    b80ee6d52825e464f5517b87ef372af183df245a566aebd3be19029cae432ed8

    SHA512

    aff203e5e31dc9d7f9935611cc1d5f4e05ae681163333f13386580e684ddb7c2cd69aca853345fffa63f08ea3f2f846c45b90c2ac31fa0b7d75d0d3eee8edc59

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.