hxxp://now[.]gg

Analysis

max time kernel
1174s
max time network
1184s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
15/04/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://now.gg

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
12	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
1852	msedge.exe
1852	msedge.exe
336	msedge.exe
336	msedge.exe
3012	identity_helper.exe
3012	identity_helper.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 3080	1852	msedge.exe	80
PID 1852 wrote to memory of 3080	1852	msedge.exe	80
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 4020	1852	msedge.exe	81
PID 1852 wrote to memory of 3516	1852	msedge.exe	82
PID 1852 wrote to memory of 3516	1852	msedge.exe	82
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83
PID 1852 wrote to memory of 1988	1852	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://now.gg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4e6d3cb8,0x7ffa4e6d3cc8,0x7ffa4e6d3cd8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2667611070258651793,18170644690805055138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
43379e1fd46bbf81afb4fa093257a7b9

SHA1
a1aa383ab51d42dadb4d670b2f8cf3cd942b6172

SHA256
ff0fb0aba84da291dd911ea4776d4e1d61d300b655644196f8c53923c39506f5

SHA512
5db08aa2770fd4ed60407be5014cd602327ec66860e7c034b635c4c7a84bc8a5cae698ea807fabee1b05f36eb5759ad65958e54a8dc01a79bf908957dbbfcea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b3cd5e4894701b66c8551a435ee29ec2

SHA1
ac29ae9a2fc83b817e559ff6391d671122d34af4

SHA256
96f9e5444a3e9c3149465940f2254ba89befa89504edc3af41023a8e7a8c2640

SHA512
d3979c1b7d6d4d06b575e7adb7c6843224e826263272b1c3fbcad0ee8a2f3fba257ed12bc6ed60740fe815ea2fa1373749e8b63049a92d1a173340f81d9f9fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
95e95869c187490a00f4a97aea647237

SHA1
37e0c674e59f2b6a870036a3ffebd82d669bf4df

SHA256
895d244f366ed10a8768bfddd28ab14f2605f2772a9e82a68d1981fb257d1444

SHA512
9a73c234857f6ddcf81be298364dbfe77fb344d4818881e3a9756fb5e952a1e563d7a33ab4eb329c1049102cd9456830c057391f006af66998b139fcdb3386b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
66f93648a66703334f834925d8ee902a

SHA1
4d627be27e37ae5c83b5419d366283c67d9b209d

SHA256
bb72a95811317feea042ab430540c78a772d0799f8b5fa43df17603f906ce677

SHA512
1762fe0398064358b317c1f698caeb3780082a4719f2118b18cd38e240a31bb65e226c3f2f61310c5feb23e451615c872b0ee733ff1d0f64e06bd7879e14e70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
72dfd58c7751ff26ce58e69e803c6537

SHA1
bc4f94dd8df485b73c40943e69733b5bb9e7d516

SHA256
617a617c98757e35a1a60914522ffcb3f3542287f0365345b06c8fb11947d91b

SHA512
956cdedbb2107185838644ca086de844b83051b57c5679aab9df1ac2901ca217011eda34efd7806221cc3648e49e4055cc759f20dd798f90546b6373924b122c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fad4c23342de8428303b0272f3a44c5c

SHA1
28d2fa09e273f9fa5fe186240f67557076eb981b

SHA256
c67fa886a465d38d1a5b8c69cbcaeb784c874caa6a3233c2d5de9c6695fe6bf0

SHA512
9e95a518594a2ff1f28fce13cf160cff1544d991ec7187b9a1bcf472d35764004f0872a53ca88e14c20a26dd9e48cf51b66b557585a6e2b783fb845516ab4986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d12f9821d7cfccd8cbcd85b96572d872

SHA1
9c409b4a9fe63c26a54682bcca1eb6f9369c1c29

SHA256
adef702fb3ab9380acb3bec70331b2eb1f52d58688b49f77f1e03e47d8d7ab8b

SHA512
51fac6e71dcf3ecedc2a1c0fea3faebcde23845a4f3556a95f8b413017f3c8d156444f40b6e72f38e0febe4afb1028ec4b3159abc0bb0333b76d92c218dded8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
31365ce73942ae6971d474e8c3b6a8df

SHA1
d8de745bd41643c907b4bc20eb7f8b7c87ad7430

SHA256
e28e377cc6ba54aeba4d54d21e9c0a5d569fa9d0ac3de4b66a33e43fdf74a25f

SHA512
51435bcf877a793a1dd3060df6b4fe329daef41f9dbd9063664866f8b71ee23dd79c4d585727ab332fda537c270c43897fe78803eda31fc1efe59c5dfe2e30d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1494de069db17fc2d41431e3f80d0efc

SHA1
c377954c0e4bbdcd401f99b4125e9addf1cba206

SHA256
0487830959ed214328aa6c7f717483b508beb31c79a9df53e7c01288e2fcbc02

SHA512
def6f75123032a10ba98151e042414e42f05a1e01089bd87d99aebf556aa4f7a2bca4ee55682b45dd019a4f9ab211df2fe30d15453f389b387a0c6a1cf822bd9

Download Submit