hxxps://drive[.]google[.]com/u/2/open?usp=forms_web&id=1Dnk8nDejhkLVZ-Zo0N4ls1GHPwja6CY4JSLAE56yMyuycOJFGKYder0Hg1SgdcxvvY5CiO4o

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2024 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/u/2/open?usp=forms_web&id=1Dnk8nDejhkLVZ-Zo0N4ls1GHPwja6CY4JSLAE56yMyuycOJFGKYder0Hg1SgdcxvvY5CiO4o

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
4792	msedge.exe
4792	msedge.exe
4252	identity_helper.exe
4252	identity_helper.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 832	4792	msedge.exe	84
PID 4792 wrote to memory of 832	4792	msedge.exe	84
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1004	4792	msedge.exe	85
PID 4792 wrote to memory of 1152	4792	msedge.exe	86
PID 4792 wrote to memory of 1152	4792	msedge.exe	86
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87
PID 4792 wrote to memory of 2596	4792	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/u/2/open?usp=forms_web&id=1Dnk8nDejhkLVZ-Zo0N4ls1GHPwja6CY4JSLAE56yMyuycOJFGKYder0Hg1SgdcxvvY5CiO4o
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13256634596193222347,14662085237142348394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
adac508d051907284cc4f09617107907

SHA1
98d2f6af50e59ad95510356bd4726a2906a6f78f

SHA256
341886cfc1a09c7a5630ff5dcbb0ab304125075afbf283bd2077807169963349

SHA512
f3b7d9b748e7f9afcab464b65d1748e73aa3db00f5ef3f305e497549f51297e9bd839981ecdae9dcaf70a69d910c3efa5f5b88ad8f739b2ee27223e200b70d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
83ae2800ed4e19e655801e0a23cf6e54

SHA1
487c23b7fb0b044aa8fff46ee70d730cac601ac9

SHA256
19862016acc0521feae574b81e1a2cab38fe0849d537de3b692108b9f261e9ad

SHA512
3313b9dd12e4f0bf26a3a2ff2d952c68969d7a5a33c4bad84dc437a9c83c75085fea4b0a9a3f6e5aaff66ac6b79e8b79f7f1f7c2bdffc9abee63e5c7758557d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b76fb56dafa4b8d74f3ba48fe008c829

SHA1
7f7016d8127b8a184b3c34fa064f2b76344983c4

SHA256
26c4c654a3cc72f0bd90f202061cfa77c00465eacebb85735bdd8eb243105545

SHA512
91cced581bdf61c6abe73142e0c4940aea91ce3dd664a7450b44b3831941edba29527eb9aa422e717cefb2dd8939c678f3063f1c119c22caa0732e48a5dea840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b5c8f9078ea4799dbf71d70a6e1d752

SHA1
4e402621047cc8574444364eed8dd906d73e8c15

SHA256
8f74ef59728fda62a57719c340f17729a0d0bf68900e4bf5e8033901f0182770

SHA512
de225cf1fc12dde3dd97821d333090e51cf3be6b4f14ae4da988ffd4eb967d7eb6d36974f2b416fad73079f83196c13b4d13928cb0aad4a24157a736ee65902d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89ac523b6d13a40cdabcfa7beddf9f15

SHA1
475da29aee21a3456cb6bf39c45293f77b78e096

SHA256
c35a428df542aace0989b6b884ffa00f8f8dd2cbaee3e75e83061ce01c74bd2d

SHA512
9eeed7c9188b438533ee8aabbe8a3c92989bcd77580e98e45a7c4f31a0ec03d365616c331445f1c7936e35d5de1fcc31d230bca59485b1b6c81064d5cc46d008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ab8c4b9a2af08b60f7090f996d5a5f6e

SHA1
b948a5eb8eee074d85622272825c835142813728

SHA256
ea1416f070bedc2413e945213747adcd4eee3db689771ef5d29ac8d4b8931ba2

SHA512
704295ae2b0e15565490d37ad8b48d3a29a4dcdb9813b6daff532f9f194eedb29f4d8602cb8a24269d2b5f14d8f65414cd90e059779038a544241eaeb4bde69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c4b2.TMP

Filesize
369B

MD5
fd7dbea094090b4b5f2a73268424eb80

SHA1
328a5a664740b19a0e8c99998714c08332d03355

SHA256
04d934f397d0ff94105aea53cb5bd358e20cb7fa02008b4563dfec387ec58acd

SHA512
d4ab9adf47b0aa0b94fef5e665f30a7010d1aa98883e717d98a903fbcb36808fc274571788a3d20d4a39115ad30d4503f9cbf81dcdb7e8e1f8353922e53db67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ca64d634ef73c5cd89014aca3fcfa40

SHA1
e6f8fa548863084699a1684e826eb0d4b70d7781

SHA256
2947386489ecd0c056d3eca6ab7c53c9b2b46a8590a2a1c56f6de8cec6601a13

SHA512
c6dd6d8becbe2eb42e4dec6e9ba70db0cfa47560a710a7a56458465582d8f45cc5300ea2433ad85cfb102fee94dba4dda56378e474335349cbb4596331c64469

Download Submit