hxxps://drive[.]google[.]com/drive/folders/18n3uI_BDlLvETCimoBbIgImTFwu68LZz?usp=share_link

Analysis

max time kernel
76s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/18n3uI_BDlLvETCimoBbIgImTFwu68LZz?usp=share_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
4260	msedge.exe
4260	msedge.exe
1084	identity_helper.exe
1084	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 3796	4260	msedge.exe	83
PID 4260 wrote to memory of 3796	4260	msedge.exe	83
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 4392	4260	msedge.exe	84
PID 4260 wrote to memory of 3488	4260	msedge.exe	85
PID 4260 wrote to memory of 3488	4260	msedge.exe	85
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86
PID 4260 wrote to memory of 4580	4260	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/18n3uI_BDlLvETCimoBbIgImTFwu68LZz?usp=share_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b8e46f8,0x7ffc0b8e4708,0x7ffc0b8e4718
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9586397696457874586,7552419404427778126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
bfb4ad144233248db8f0b493c9f53943

SHA1
75f204ac49008ca945d35db03568db5ffa2ee27d

SHA256
57819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393

SHA512
0f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8710ca70ecc4cd1dd9c919b7b22616bf

SHA1
3e9a1dd4f88158ea240c057be17ee412f126a9ff

SHA256
5606c29df0efedb9f96b9f862678158f651fca25f680d18c6cdbf7b4bca89c55

SHA512
1b3f4231cd671354a111cd8825cb029f869b2a9a44799a1a0eed269fe6799a3f89f51db815fa581350c9885abea76585e164120945b03d19d9238cba5bdb63e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7870f3fa449c13a8fa1af06e2ae0f3f8

SHA1
6cd6754d67d9e80eeaf204487df3bcacacd0bc87

SHA256
43adab3ad51a9addf9375ad283553820c17d8954965c653fc9fc9eabdfc1a04b

SHA512
8e34fe50d6ed4a1482520b1c7c4a767fb0f1dcac7363ebb386b5cdbdf5d0072951fcc34eede2e38a82b1ba3bae3463c4739056d37a2dd8ed5664a8bcc938e3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1740cb40e16390825c5d9261970c867

SHA1
bf1a25f20cbd6ed0421f82bdc00e8b813fdf21bd

SHA256
930d9dc487c5e6a5cfb87f21229c519293be3eaffb876983ec86666bd98685bc

SHA512
5329e8a5dbfb3257e9e1b87aff2d84a6468d01c9b533bed7f6319896ff2ca11dd9cc8a4ee15de0ecf9ac46fe482e8cae4f6b4f59ca3e86158956bf0015b0ee4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c261ac490ec0189db11c2428d2809b62

SHA1
2779a010a1ef2f9438698e0046b16ba403c478a3

SHA256
c51bb43775751b8a001358966a3e88d85f33f00c3a3917ad9971de38d4255044

SHA512
37e0fe43b25206aec479d180ec8e205eb92fa596b9564e57f91b263c7948edd3869c08dab8c4eff8ca9addad3ed9aa47557dcb85fbb6b44da511164bcc7bfb8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0503a396b9bad31288b8e2bda71add5c

SHA1
cee6893e3f3ec30ec113f2e5df9029e49804c365

SHA256
14aa748c6952c242689b493a032324b43df10a5904fccb920e378087741ea4aa

SHA512
4adf19a66356e5a297310928814393da584750549d3f0ad640b284352410a4a7686ed768cb7f064e4bb1cacf1ef49fa0c69be00dd2644198a0e0316fc8ef20a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02545fabf7cb0890ed1e780a909b6ae7

SHA1
146bd3025c2c0cb366940f69bafe03da32cc999d

SHA256
f55725919defa69f2d728f2b41e1a060b001a4dd65469bcdd0cc3dfec45de3e2

SHA512
85ea52e71b85bd655a8789dacd4962a3411c063bb0fd8ac23b42bee1477cacd23d2cac4e74ab39b804f75c19833e227601ea80be2d51b00300a6eb7f13efe87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d9e51b22694574b6050b8e1002cda2f

SHA1
5c3acebbe7c4bdf11664241027fceae009643702

SHA256
f37c787dd97de53ee92797fdf04fe7f19521421b7f77013a116ef40de57a403e

SHA512
9534d4e1e354e275723b975205b13c9d23aaf08b4c69b7d548d42a8daf2801a8359d5376cbb44fe29e9349e824899f0371530735b33c1256b020fc50372f56a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
160628f9ef83e01244bc353af973501e

SHA1
e7e75b72b64a76a802020d62b284323ec7813c5c

SHA256
44b23bfd7b1f336586393ae80303457bc12c11bc878ed489e63ec9cf9af75f01

SHA512
639a90c4ba42ba43615237e72a4cb2e7ac5e5c2a812af278719c0da34f223edff531a2912fb6271addc7a5ba0ddb205b264f45ca07b33e92f67efa64d2495971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587431.TMP

Filesize
1KB

MD5
bd91469bc0f44bd44ba03305c990745e

SHA1
658dba664439e22326de246f81636f89151d4eb2

SHA256
2c49ddd5b5bf922b40961a3f0527c0c1645b6a735bd819811c3725bbf2211410

SHA512
d1f3806c617bef2af01f246b2fa83c1a507cf28d9263d9498bbaf77b6b5b61e9482e08e350bd746ec07bfbf47505b19e7c71ac9a1dd0ec329002ab11d77d0989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cd8e0257b3b850f5ae9d6eec4f12211

SHA1
233c7a127cdc542c514c08b0f2156ce10f4b1f30

SHA256
186ebf150e5afe826ecce0fa391541d7ca69c4071b7a79b76971485eb9f5bcee

SHA512
e43aac0230ac967911c9cd69c2ff44756f4d5175d9f8495725452b48ff103af37a54337971190a821e93d18d7ebba956f5feeffb09d4a8309b6cd4d7777d50b8

Download Submit