hxxps://drive[.]google[.]com/drive/folders/1WjlX37XrzWBBcM-njGVLp4gtq4LbNybQ?usp=sharing

Analysis

max time kernel
145s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-12-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1WjlX37XrzWBBcM-njGVLp4gtq4LbNybQ?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
7	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
328	msedge.exe
328	msedge.exe
2924	msedge.exe
2924	msedge.exe
5008	identity_helper.exe
5008	identity_helper.exe
2396	msedge.exe
2396	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1612	2924	msedge.exe	79
PID 2924 wrote to memory of 1612	2924	msedge.exe	79
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 1176	2924	msedge.exe	80
PID 2924 wrote to memory of 328	2924	msedge.exe	81
PID 2924 wrote to memory of 328	2924	msedge.exe	81
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82
PID 2924 wrote to memory of 1368	2924	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1WjlX37XrzWBBcM-njGVLp4gtq4LbNybQ?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc597d3cb8,0x7ffc597d3cc8,0x7ffc597d3cd8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,6482169437329070294,10981965768813423879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
97299330e5ab35cd1ae6e83e17cf0284

SHA1
bde19958157f034dbd181b1543efcccd0d14731a

SHA256
f329f1d2beaf29448c471ae25497d311f0f41dff163a15247abc5e325e282d33

SHA512
ff077d19c4a42748ce5e8a98e5e6a09351d33e9b237523958107b2a328e5b22cef09aa0105bd942ade49c3eaebcb1d08db3ae2449aea990e55955025d631299d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
46cde38c380a8a305d1698540ea5f70c

SHA1
ed912c4680d0353c53614da0f8ae03a7d163cdf4

SHA256
f24ae9b36a78711debe8d30ff08150be852b56aecdaf67414411c304d71bdd58

SHA512
45e57096c004b9a2777c2084cc2f1909f0b1d99a92536b8b3ab39b4a9b2e441e5b52c315a842db1f7925b31b1882fbf155ef8f514d9bfed00018959821a069a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6f399b0f7eb4745b52de5477496de11

SHA1
cc0d3df67a899e488f678486b9cd981328851196

SHA256
3e95a8ffa3de2c8c0539acfc4f3af7628a9cecb6ba47699a3f617ae23ba7a0fa

SHA512
9db894e3799c353a6c78f94b20b0ae591cb5acaefd4f7ea51f4f0491cb4755811746cbfc5505265e126d19b33baa59c2162d6a276329db874d8c0d3f328020b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a825b62b67a65541600d77992301aba

SHA1
cefb08066622948c83f777611bd89affdcb87824

SHA256
3486f8c24c8406d2ac22e9cbad749b4b21ad470e6ce8bfefc7b352017c3137ac

SHA512
afbcfa64cb70f9614464745dba5d3d8bf80e10df684ffae5bcecf79074b6fa45bdf60095c228f69aafac066f12bfe66b0205d9c86bbc3a1203873ebfb86b5abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44d3651bd128471aaecf50de0c1f126e

SHA1
a5618d38e5bb9a899f6f23b2c119e746aa97f0d1

SHA256
631fca2b7a55cac17b482999d901c935ab3bd5c85061402b67b56f2e6cc4e31f

SHA512
189b8aaa9abf3ee8eb42f410418fe1db9e9588c642cd121458c7138d0b9ee3de9ab1db7dfb564121f1d9eed1005fb9bf35c47007a4252eaad720d83dfe20d1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5878f4.TMP

Filesize
1KB

MD5
c38fd0566e7f30952adecbd0c8d67c8c

SHA1
e89ea2468bd3318aa98963c0dc099e55b8f9a763

SHA256
b374a778d73ecbf7adbf456a6f053beda5ade9a6b7b390e35460bb9f05d2c155

SHA512
b2a266d0d904ec0241d4771697cae22651ec18ed82f116233c8c25d9d9db1a587b53a6bd155aca8fb0c65ce38399ba5b9767854298c0cc3a07c8af4466eca758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56d3aea8ce2a3d03c9dcef53a58eba24

SHA1
eabc108a976e71835c5b7d6ee548cd423e008091

SHA256
d10693f279347ce138a86c0376479cfc407d77e9067e196da76fd3bd4fbb176e

SHA512
31cde7f6d2e1ab30f10b0354940c7067f629e19f49c50f124485a3526143df707c4f4379681ba6ccf448e2a7362a49894de5bba5ec1d2f4a24838ca1d480bfde

Download Submit