hxxps://www[.]bing[.]com/ck/a?!&&p=85399fdfe09068aaJmltdHM9MTcyOTgxNDQwMCZpZ3VpZD0zYmY4MjAzYS0yMTAwLTZhNTEtMjgzOC0zM2RlMjUwMDY4NjgmaW5zaWQ9NTIwNQ&ptn=3&ver=2&hsh=3&fclid=3bf8203a-2100-6a51-2838-33de25006868&psq=wanna+cry+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL2xpbWl0ZWNpL1dhbm5hQ3J5&ntb=1

Resubmissions

25-10-2024 11:44

241025-nv62msyelh 6

25-10-2024 11:22

241025-ngy4waydnd 10

Analysis

max time kernel
1159s
max time network
1164s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25-10-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/ck/a?!&&p=85399fdfe09068aaJmltdHM9MTcyOTgxNDQwMCZpZ3VpZD0zYmY4MjAzYS0yMTAwLTZhNTEtMjgzOC0zM2RlMjUwMDY4NjgmaW5zaWQ9NTIwNQ&ptn=3&ver=2&hsh=3&fclid=3bf8203a-2100-6a51-2838-33de25006868&psq=wanna+cry+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL2xpbWl0ZWNpL1dhbm5hQ3J5&ntb=1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	camo.githubusercontent.com
22	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
3500	msedge.exe
3500	msedge.exe
1552	identity_helper.exe
1552	identity_helper.exe
4648	msedge.exe
4648	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1968	3500	msedge.exe	79
PID 3500 wrote to memory of 1968	3500	msedge.exe	79
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 3196	3500	msedge.exe	81
PID 3500 wrote to memory of 4232	3500	msedge.exe	82
PID 3500 wrote to memory of 4232	3500	msedge.exe	82
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83
PID 3500 wrote to memory of 784	3500	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.bing.com/ck/a?!&&p=85399fdfe09068aaJmltdHM9MTcyOTgxNDQwMCZpZ3VpZD0zYmY4MjAzYS0yMTAwLTZhNTEtMjgzOC0zM2RlMjUwMDY4NjgmaW5zaWQ9NTIwNQ&ptn=3&ver=2&hsh=3&fclid=3bf8203a-2100-6a51-2838-33de25006868&psq=wanna+cry+virus+download&u=a1aHR0cHM6Ly9naXRodWIuY29tL2xpbWl0ZWNpL1dhbm5hQ3J5&ntb=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,8557204563529366178,4750972223803475679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a118c70834bbac0b63230148fadf7859

SHA1
f2b7c83bb925af53ce851dda75c9d76f79db8354

SHA256
c4ef3d9fad0cc6e6d83484cf1f6e5f3bb61c949d1c61417e9dee87d7a1c1dc23

SHA512
cf6acc555a601aec0fe27b69f285c0c01b118219de216e9a2577838d66703a5b49e3226749e2fcf2ec2140481d2221872f11f47fc5324e6f113c6e4389ca5a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
650B

MD5
6cfaee66ae01cd9a50bd1dc44b7bd71f

SHA1
dc7760d10385c6e28671c81ab1b725a7862019d4

SHA256
8409cfab1c23cf1029faca9c72cc0ba12b657dccd2033be7287692b2c892dd59

SHA512
c7e18b9fe0b7e432db3ebb16cb10a3385e05461af0b1772ef0385a42acd17cecc266853b9b0aff5eb7b2a5f2fcf502b18d803287e22d2684ec200c9635ec7294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f200093be1a103972851cbde315ff8e8

SHA1
81e21e7661c7373cdd00d284719c6c9ccd778f26

SHA256
97263a047e7d9e8b6cee77a1911f89e1ced4472310fd4485191cb5509654e1f5

SHA512
dd7b5d7ba83df98b1bb1185728cca9b1127fd2b26cc69bbfe40b1e05d2b03bc8cb5e06512c85f865f2a1b8f42bff59e36f6f01f0b8131cdab75bc53171e5d711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0479bd0133c9f7b33c6c2e01f2689605

SHA1
b1110dfbddcf1c9ec70fcd2387b639d37aa2f225

SHA256
640721c8d35fdac37ec8a8a3770f01ee29060a61db16a579342f2fe0c53771fc

SHA512
59ae3d4f290458dcbf0e10be034afcaa872ff0a34718ee9a4aa9104fbc99bf54a37a6f7b2b7be7a954e1ff1601aeea717650bc9ae5cc34aec49e907c92569391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cfa9e79aeda20307f419300e51acfe0

SHA1
64a2df50f042b186b52a600f3cb227256c6ce07a

SHA256
554993f42e19252762c4003c7df325f7f1224521069b1da6d3a518e1585d6ff0

SHA512
8554312f817f815a97e26b6f0be55484293020167d50b1a7dfb2c7054aef47eb4300debf628d78fd1001a7c9355f9278e978578eb2c95ef2e523a8ee29a2563b

Download Submit