2bb495e189ed48efb6cb6d9ee3b32509892daa175be1f3dd6a0dd4bf9a67850c

Analysis

max time kernel
145s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
Size

73KB
MD5

8a9de2ed6e842310557166f21ddd7bfd
SHA1

0dbc55e096ad32ec54dfcd762752e574b4f42053
SHA256

2bb495e189ed48efb6cb6d9ee3b32509892daa175be1f3dd6a0dd4bf9a67850c
SHA512

bd3ee8c60ace27d5bdcd4b60c0738d32aa149e55829b71b79fcdedf9e1b8120213c4a011a0ce26697d7baf03969784aa448001c948cfde5550bdc37dcc6ee4e7
SSDEEP

768:s9CsTIbXuXeDObNckYKTwkiws5ObYq5wLbOutyVOA8ae3JEI4++RHCgIuXcYnVO0:s4bX+bNcOwZIpmOuYANaeOIYHRB8liG

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2456	eqs72DF.tmp

Loads dropped DLL 2 IoCs

pid	Process
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\RCXCA65.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Media Player\RCXCCC9.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCXC2F0.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jre7\bin\RCXC783.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\RCXCAC5.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Media Player\RCXCCDA.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\RCXF396.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\RCXC4A5.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Defender\MpCmdRun.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\RCXF213.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCXCE5C.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\RCXD1E5.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCXC0DB.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCXC29C.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\Chess.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows NT\Accessories\RCXCD2B.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\RCXCF5F.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\RCXD207.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCXC00B.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\RCXC92E.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Media Player\RCXCC88.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\RCXD125.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Media Player\wmlaunch.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\RCXD1B4.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{C3A4D3BC-D67A-4D2A-B0ED-B4E62D27E02C}\RCXE1C5.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\RCXBEAD.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\DVD Maker\RCXBFAB.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\RCXC9A0.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Journal\RCXCC03.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jre7\bin\RCXC7A6.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\RCXEFC1.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wabmig.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCXC28B.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCXCE08.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\RCXCF7F.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\RCXF0C1.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jre7\bin\RCXC7B7.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Internet Explorer\RCXC0FB.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCXC2CE.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Mail\RCXCC24.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
File opened for modification	C:\Program Files\Windows Media Player\RCXCC87.tmp	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2456	2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe	30
PID 2856 wrote to memory of 2456	2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe	30
PID 2856 wrote to memory of 2456	2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe	30
PID 2856 wrote to memory of 2456	2856	JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe	30

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\eqs72DF.tmp
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9de2ed6e842310557166f21ddd7bfd.exe"
  2⤵
  - Executes dropped EXE
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

Filesize
291KB

MD5
42483fe576fde8df0af465e97d20d255

SHA1
2a0b82f8dc52fe4050fa66123bdef73e8f8bf875

SHA256
0157807c9691d144ec07f6e6c09b31baba61193c2242011e3c028f750c663904

SHA512
4cab1a6aeae069dbc3c2cc1c895612ad0fa065c9f1fc4d92f6c5105f98303ab9258c9b25fb75230a6c4e85fbf17e245e831f6effe5b548ff389e4290cf4891b9

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE

Filesize
843KB

MD5
b79c9ecbbd56da72d037b7bfce431bb1

SHA1
543211a3dec73ae7d8832a2f4b0d88d97023daa2

SHA256
3dac6e83ae31fd978999c5c4fb5b7e3116ac9a0f7d60d863c2778cd8a757ae34

SHA512
7493b29de6e6e31b555ceba2d2840314a7d325f65cef6e9faff8474c2982bb9d385fc102d7cfc2d7fc2823f46af9beda5869b39b32fbb43335af46228f9f2ad4

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\RCXD0D4.tmp

Filesize
12KB

MD5
b46623da07c310350cb57e76f00fc8c4

SHA1
b73d5e19007ccff392bf362824aaa53b52033f5c

SHA256
22cc8f22fb1a750b1845e0e0bf2a384f4ac6b966b115fab1e5273de4d5ecf0d3

SHA512
186b41b86408c35ee6a339c28160cab317592dfd8d65110ec53cf25b9813d1bc7420b9dd9d3988931a0a07fbba5360eea1171b6eb19c1c59495fedf1033406c8

Download Submit
C:\Program Files (x86)\Google\Update\RCXDB7C.tmp

Filesize
24KB

MD5
af55a716aec08dba9c04cdfc34d74207

SHA1
8f9a3c66a54a308e0a07b51c4225168888ec974f

SHA256
468ca83e74568d3aa13767b85caa6292595c4dff749dcf6b2f5afa40ee9e3045

SHA512
bbd0cdf7a1632994907d26466ea53c25c2ed33c6bc222a09c007a21776c819f69565d35c280232d688da42ab89382f3a31b5076f4a7e4d0acc84dd6e26242a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\eqs72DF.tmp

Filesize
61KB

MD5
c183b7e8c4dd96af66d7ace48d2d9b05

SHA1
e344488c9f1f3aec1b9878ec30820cb99c56f129

SHA256
8b9b0e4cfea6e006999b0c6c50d9da6a3c0fda5aece6e752c3ab5016637a6199

SHA512
cab52dea1734fd0e1df3cdbbd576ffa7561656af3d9b47b37e66e55364f9909dc70b2faa25ad4029b66107500328916e538ad65757f0e87f04a4c0ab043a64c3

Download Submit