0608199328a6a99f873f7ac2b24e3dae6360b7eb6d2126f65b9571fc20437c24

Analysis

max time kernel
134s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Size

2.8MB
MD5

be23ca84c770caba266a752ef659fbe2
SHA1

24f070cc1050901e56da6e8ce30a9fc51979c789
SHA256

0608199328a6a99f873f7ac2b24e3dae6360b7eb6d2126f65b9571fc20437c24
SHA512

a2bb0b83699b26e8afeabee1fbc9d95123584cd21aeeb5dcaca3b0bf7356cf437b2e80767f4359d0ae23dc056237d6cbb330ea28031e0100ab978891246f07d1
SSDEEP

49152:g7OKtQuwOTN2nuqnKZ1UFxalg+q7tlb4Wd2/FRZxY2wdHqfcxtVgq:gvaujeuiK+2Xq3b4Wk8PdH6cx

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
Token: SeDebugPrivilege	1564	be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\be23ca84c770caba266a752ef659fbe2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CT1060933\CT1060933.xpi

Filesize
1.8MB

MD5
ebf9a4b9b5866532fd4ddbb996b7e49b

SHA1
21b4893a07b1c3f5360db4f2b38c9e41f5e3745e

SHA256
85bf0210dc38073ca5a8ce2d9fd6379c9861c9402d0992f57c1b6df543412e17

SHA512
24561917683005a24a5b9d259940054150aebda894538bcb4a312a72e7246b4537c66b19477cadd8314fff520a985001cccd260ebc315a89cf1a2fea54d1d902

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\InetC.dll

Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\nsCRandom.dll

Filesize
145KB

MD5
9ad78702635cd2f0ed3433628454fecd

SHA1
c786a3cb7ff21214c04299ffc37e4f9852afe6bb

SHA256
673d8ffba022c8196129d537973ad18049192f5cdeffd027ee743e2a6f7e1c85

SHA512
1a15155057cece9e5600e3a446a7f25a91c7caff8b99ac995566cff18edde956789a2c549748aa267802111137fb5fb60e2aafa077caf06df060361274745398

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\nsJSON.dll

Filesize
87KB

MD5
bedcf010d3e92c6cbc30fb8ea67abe1f

SHA1
4cc451f8d84913cfbaca0286f4b415c841221d4b

SHA256
50094ae30fd6c741ae051c2d6d09a0af957caf5d48fa96f232f9279e7ded2103

SHA512
8394b57aa401767f259f2ba14ddc17e4ac022f7e6f392d790e3466b0a2801a210a71182abaf6cc5fc8d160ef79ba20b27930dc33763b9db497293e52ca52f38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\nsPrefsJs.dll

Filesize
169KB

MD5
947cf03bd51a4644cb8e59221485343e

SHA1
4edb9082cda4834f3b08a501e75e21a430197dca

SHA256
23e4665fa2ac4434aa623b8818d478fd7e30b3a9fcb7ee43027b4c1771082ef1

SHA512
6fad92247cbfdf623446f2b06671888d71f1cb23521e6de0fffb9fb56663d51e38946eb2958c2b5462f5bbb5ec999a6ab5ce5b0d46005b82f065863b187d8239

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\nsUtils.dll

Filesize
340KB

MD5
e34567b8e1dccb066ccd0173d5818498

SHA1
3ce6f07c3c06bb89d6b422062cff9dc66f13f856

SHA256
ffd585c14f96f869f3c3ce6d0a2d47bc0a2575c02bde9d4057bf7fa5fa81c6aa

SHA512
dcac041914f7ebaa96ced5672752726709155bb8f8709f2ec215e66de7163e2496f3d73a5c9ef431668f814b633182012f728f099771462a8558e34acc3498c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0D.tmp\nsZip.dll

Filesize
196KB

MD5
977d7686d7a04135444542fdc1e7c13a

SHA1
a171f9ef1eb96ca91225ea26468c1023939a5c14

SHA256
4274ea4a094ebb9eb54046c95488460afb0097d0565b8eae4fbfce981706f0cd

SHA512
4f3bef13aa1d1f57624385dfaccc4ecce201c235ba2d2d451f469d39ef5285afdd57249c7dc5a6538253ea8f7cda25964abc1eb041715730d2626694667ee4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszA8F1.tmp

Filesize
307B

MD5
571ac6052902d3f4b7a74f155dbf062c

SHA1
00989f579b361b5b3c2e4486d093db4afe79d203

SHA256
4f66463e5b2324b27f4ab9ebcfb12642bf93da09a64898c942b9a7e7961debab

SHA512
dd2ce26ecf079a68acf4f7df217b1566478d9661d84eb79da07034868cf997ea7fc7c129e5eebf13718a1ee3fa6820b23eafb7a849df5a8b79eab529a3942bd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
124B

MD5
50aaba3c0989dd1d39b7c82b8e6367ab

SHA1
c809537532016eaf3c678a1ddcb9c2eb33703c4c

SHA256
18ef01edc065a7ced8dccd89d2b04a48967af9c1dac938ad97a539ed1204010e

SHA512
e154ae34be06213e29c180d8ef44626378343e4de1a9095eb752561ca6bc8f7c35c8a4bd2216fa67f411e0e6f128f405a3fa89e943b8df63456803d0f6fe3e63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
256B

MD5
97524b60ed36893a90360f52e174f54d

SHA1
8f5f3460c8d2082775d42ca2f3a0b1303224f032

SHA256
2e08e13e951ce1da6198fc5d782833c4986b42de21b9dcadafde1d515f69b470

SHA512
1825d9e7f2c0f4c725de52634d5b5d8b1190cfa0fa345d042ea1ac04239be303450150147fbf64d5a4c763c37d5ea1cba04bf4c3a1b4e51f589731d8bf917bd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
290B

MD5
97c88253d58f67301adaea53b0e65492

SHA1
e3bbe62338efef8dd6c0e35413cda9c312901c51

SHA256
8fb16364993efe6139ea1a4a910bdf9a196ec318faefbb6d1cbedabc47c25162

SHA512
80e87b559fdfdbe80443f85ff627892e0fc52db0530d06d6568b8e7ec8809ea147f8c9259b498e7ee27c6ffdfa526742291b430231f352336881d7f12572091b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
509B

MD5
f5f060ef0c05e3ad2a972bd632975ba9

SHA1
73cf921bd3aec295796dd734711aedb38832ec83

SHA256
cd12ee0798a970a9c8db35b3dad86880628b457e68dce0acbd7f186d2903777b

SHA512
54ecacbef4c196fa4526d187127941e0f9da0375c3e6e415d5b9525ad129288a5ccbbf2d7b3869370d0ea4984a8bd25e4618b1ef71c65059bcd7147f89edf252

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
613B

MD5
545c40e35df822a643f4f7ab2bbbedb7

SHA1
2c64074e1a6c450907d4281893f1be9a89af97d3

SHA256
320ea63564f1b406711992b6eaea0e5e6a26423b60d27d77ae8baefe9e860804

SHA512
da4c9bc9d40537a2ea3126099e197359f72d0618faad86edfa576e95a3d4d8784380284350cca089f9257c4ca5bdb208543e3e6d1c7281e60e3c6e22168c178f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
807B

MD5
6717f0229d79ab381006955b68a558d4

SHA1
ece11b34a65ad03a4a86a78a66cb354676b2e4b8

SHA256
69a5760bd2053895a1e97c4f3dbc130da1d8874c2e9e8e28e33bfbf2b9b9194f

SHA512
43faa85b21f5a3d2621195fb1086c7d5d00c7ad69aefce2c154f4be89b2e7972d90967499f3451ae45800b11c84a88951c582631d759109a44ff4c45e1ec331b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
442B

MD5
f1ebc77862596f2f327d3d0f9124b3fb

SHA1
d890dc9e0cf5b28811205486544641ad4ce8896b

SHA256
96af4317ad042ea129d84c39446754f268898c8b208b2e724d14d52e17a9b0c9

SHA512
c9a8aecd31dc9bf484046a975da3539a532c4579a8babc9c24b854f79af5ce8628c04a05a44d3b7380ee6ce79e003b1b9481c99e39390ca2655a51670c047eee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
569B

MD5
60ab61e6da4849a3fddd696f5f4e4dff

SHA1
c6c37edd79045215d1e449ce3a7aa1538fbceddb

SHA256
2d7733926ebc385ea599d326ce872ba0c89a0c52897c0df44ed1b5ace3d060e0

SHA512
a3a1aa8247ac345739e3cd78b71381fdd3ec29058e3ef2752ae4e41fad467e0e158f55f3d23ce591eda730c67337ab4469bd2bb03261d652d2050fe19c08e43b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
660B

MD5
71ebdfe53df49616e3f9c5f83b0e2027

SHA1
ced2c73d2eb45b394a8deb706b59c0849425f9a3

SHA256
3cd4dab79c71a2c2ede8c55c114a8a7d1a6b50b7c32a63e8a6e659ffeaac6d9c

SHA512
8b9df4016c4c7c59a49ac057cfc6b34e0c0669c52ff7ef2c7b420970e9c65b11b9d9021c0c28b8c3081e681737db6011ff2e2cf605f97334699f860e496d96ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
902B

MD5
d17251d8588e075c1dcb266664e704fc

SHA1
142053cff7b657288cd6d8344bfd3a9ba57a11d0

SHA256
0c34104537866dcdc21a35d5e505bb00f680e276e2df4680004e199367037078

SHA512
6efab5b7719ee3c11cdddb799ade8c4392ff82db8960178f08029c1a73bb937bbd212f2fc5106719754f9d90bc59bcd07950f1037f0c8a5ee108a74ca3c8d797

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
708B

MD5
ae6dc7e28c9f2d71f9912acf7ee74194

SHA1
2add205b1acf95a2e2eea42d910825a3b0e572ee

SHA256
77c99a3ef3d1318bb2f6eae93d1afeb6f30e1d842dbee058b4f4b55a63d79471

SHA512
afde18f9d811c3fec1ee0ba5e60301fd1158e578d6abd59bcda5019c0b507c2a3a6379556d535f0ea6c098a1999cf415bbf00d452e3767d37aec89c6e4ce2a9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\newPrefs1.js

Filesize
753B

MD5
05064576882dcebd2b2cb7e1cd53d1e3

SHA1
60d07c6f885cc04c2fb33658d0e4c4c776171a77

SHA256
e09c0ca81edfc07c3ed0eef8a4bc7e78da143116a046784a34642deb27254c79

SHA512
3ffa18612158b0d6d1ff734166e2752d368a5c943bae656d115efe474066f8f058af6f4a63258094cf31770aaee5589312d379d61c4f557a56fd8bba89777e51

Download Submit