ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

General

Target

file.ps1
Size

1B
MD5

0cc175b9c0f1b6a831c399e269772661
SHA1

86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
SHA256

ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
SHA512

1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 8 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/file.ps1\""
1⤵
PID:521

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/file.ps1\""
1⤵
PID:521

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/file.ps1
1⤵
PID:521

/bin/zsh
/bin/zsh -c /Users/run/file.ps1
2⤵
PID:523

/Users/run/file.ps1
/Users/run/file.ps1
2⤵
PID:523

/bin/sh
sh /Users/run/file.ps1
2⤵
PID:523

/bin/bash
sh /Users/run/file.ps1
2⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkd
1⤵
PID:522

/usr/libexec/pkd
/usr/libexec/pkd
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:536

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:552

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:552

/usr/bin/pluginkit
/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
1⤵
PID:555

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:557

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:559

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:565

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:565

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:568

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:569

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 560
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:571

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:570

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:571

/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension
/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.Photos.StorageManagementExtension 559
1⤵
PID:576

/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension
/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.messages.StorageManagementExtension 559
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Trash 559
1⤵
PID:578

/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension
"/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"
1⤵
PID:577

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.iOSFiles 559
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Mail 559
1⤵
PID:580

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension
1⤵
PID:579

/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement
/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.GarageBand 559
1⤵
PID:581

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Applications 559
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.OtherUsers 559
1⤵
PID:583

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension
1⤵
PID:582

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.CloudFiles 559
1⤵
PID:584

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy com.apple.iBooksX.DiskSpaceEfficiency
1⤵
PID:585

/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency
/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency
1⤵
PID:585

/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension
/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.CloudDocsDaemon.StorageManagement 559
1⤵
PID:588

/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension
/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension
1⤵
PID:587

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.AppleInternal 559
1⤵
PID:589

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.CloudPhotosConfiguration
1⤵
PID:591

/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
1⤵
PID:591

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:595

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash
1⤵
PID:599

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:595

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash agent
1⤵
PID:599

/usr/libexec/xpcproxy
xpcproxy com.apple.nehelper
1⤵
PID:600

/usr/libexec/nehelper
/usr/libexec/nehelper
1⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:601

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:603

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:603

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 601
1⤵
PID:604

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:604

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:606

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:607

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:608

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:609

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.CoreAuthentication.agent
1⤵
PID:611

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1⤵
PID:611

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:612

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:612

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:613

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:613

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:614

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:614

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:615

/usr/libexec/xpcproxy
xpcproxy com.apple.adid
1⤵
PID:616

/System/Library/PrivateFrameworks/CoreADI.framework/adid
/System/Library/PrivateFrameworks/CoreADI.framework/adid
1⤵
PID:616

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:618

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:618

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:619

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:622

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:623

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:624

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:624

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.8DBAD01B-A0A3-4015-850B-F0BC4A5074C7 623
1⤵
PID:625

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:625

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:630

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.EB26DA42-B85C-4029-8B89-DCA822A24EEE 623
1⤵
PID:631

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:631

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1

T1564

Resource Forking

1

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Preferences/com.apple.networkextension.uuidcache.plist
Filesize
288B

MD5
c92127f7ee48ad5e3c8b165ef0dcba1c

SHA1
7fabbe716497efc2de185429b40127cdd58f59b7

SHA256
04fefbaa058a5c300a90a50be6894dde2138fa47239dd93e7b9265352a96e4eb

SHA512
29d6c275b4337e642dfc183316969acbc345c0cfae53f94a103192e56fbf73499cc05cbf8076788191434162ba75275adfbbe0bf31ade37be0c76954570b1ccc

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist
Filesize
288B

MD5
180d9b3949b39ff1f5c85cecb6d6785c

SHA1
c0d976708fd5a19728d7f0f275e93e19b7558eba

SHA256
87a9a1a2c137609da7808452aa71478cca04d1b0a778b1d1f559446bd8178d19

SHA512
68ee36c2cf3ab0699358181e5027b9cc69adb9847de0206fe0dd46d3a06155b0f5557bd39863f6e1cfde3698f7abd873e57bd41398983fbbdf07a02e97b5ff43

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
Filesize
124KB

MD5
bab5708972053f101bb4634ae077e46e

SHA1
450aa89fd3935fbc4ab5723ccc25ad2737e26cc6

SHA256
814552b4810d43a498c46600bdd4b02e6f2ddfaf320bc0721c2d38942876a71c

SHA512
b475f504d2ab20bc89547209b475449af1379672b4acded5ed8e61ba59ba77d89d424f8f40e89d6a2addedf7a1c98ac83ecacc66d30664ab405247cb75f5ab2a

Download Submit
/Users/run/Library/Caches/GeoServices/Resources/altitude-1261.xml
Filesize
162KB

MD5
461dcb8e6914ac8c3efadaa2ab3bfe82

SHA1
bfb82d565114a505c0dc45a7b88c64fe24c2a96f

SHA256
267aae1978c73f986ab32623d3edd0415e24888226d266bb42943765fbf12904

SHA512
b6e500d7c269c1fa7fe796ded05d3489d2c773f1e02ddc87b99a777cb89f5837b527bfcf4a1ec01a155ed8c07bc4fe9b8ff8c7d3672bc9ee89be09c71bac13d2

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit

Analysis

Sharing