hxxps://penca-cbd8[.]ilodnswfalen[.]workers[.]dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57

Analysis

max time kernel
150s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
18-03-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2920	msedge.exe
2920	msedge.exe
2752	msedge.exe
2752	msedge.exe
2584	identity_helper.exe
2584	identity_helper.exe
4376	msedge.exe
4376	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2752 msedge.exe
2752 msedge.exe
2752 msedge.exe
2752 msedge.exe
2752 msedge.exe
2752 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2752 wrote to memory of 4580	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 4580	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 3748	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 2920	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 2920	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe
PID 2752 wrote to memory of 232	2752	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://penca-cbd8.ilodnswfalen.workers.dev/fa0ddc1a-42fe-48d7-9c38-0e515868fc57
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f2b43cb8,0x7ff8f2b43cc8,0x7ff8f2b43cd8
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
2⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8956906726773646501,11688160034463792361,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5208 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
80fcebdeb35229e32ad9c8f10333d1c5

SHA1
3a421153aa7284d5d10816bd21ebce88b1f7f8e3

SHA256
ff87b6f6348c8b3aabf0ae43c0ddef30022b721117befa8f667fac17fe4dd820

SHA512
e0c79789833e3873ba7e91ad7e178c975454551b3db565be1ac9751eab8f9e865e4b70e1d90458849b2e8a3c1bf7834f7db96e5ffd07c51490d6b889534a4c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
39308e418ac4797b297f54ecdce4bef7

SHA1
b93bbafa0ac3992daf04e3a8c9e531489a473acb

SHA256
5f60ea6a640bc68cc0306afa48582163dca18ebfd56eb47ac867bccf5d203d44

SHA512
4d113d5cc1c6cd532252723f97d53df6b849b66e69fb037d0eb4dcb288202c69e43f5ec60d936c859d3ec751ea9deb1ae2c9912cdfd27249bd02d7c70db4b15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8f4e673c11956e0bc4feaf3a7ffe53cd

SHA1
0177bfcbe2655e731a6d46b134d651f1b3baa1d1

SHA256
e33573c70cc3e7904a9ec98b800a0718a8e31361d075419c9d9bffff938aa6e0

SHA512
e6de42d1f5c66974045a2cc60e84496b736f8b7dc4a2c13641df9e4d454eb6e99f44c8df42f6daadf35b885911b371b103d1f2663f3ff48205f7ff54116e48de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
25ecac77b206b82bb96aeb2d49c7980d

SHA1
2adf7bfc050ff8501867f14e5b2b6fb25a56b695

SHA256
f5396042cd9c0e99a89a44461e9252af8d2736bb4d9e77c4546a0663a940858d

SHA512
95cc359e699c575da9f78eb5e0a625ed0a6b60459a3bc07d43a7b4e39d20e252accf34faf6a5c2f98ca129fa08efd37107a64df760d1ab542495d7a0b9cc8f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
874B

MD5
db8df41843b7ccf55aad00f37af0e2f5

SHA1
4d4d782da488a517ca44a2fee705a76d0a9351f3

SHA256
8c11171cae7c4f29449bba591241598d8d675a5a653ab805adac3f0afe163e44

SHA512
2afcc1b8aefa49059d846d0a25fcdcc5c8bcb3af82e7dae12d51667c83bf8dcd0ad865fd8fc6675facfa41ac19facef21e26d591fca407b79592205729ac0b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582277.TMP
Filesize
706B

MD5
bb5efbc59f4bb40c079c65c9a1a5f9a1

SHA1
9bd5a5a5b58caea622425f9c349c01938c60a158

SHA256
79d45281ab92af8d629117f78a51fde5c46af05c78cf868a4cdf59bf59d65460

SHA512
25cf15cb0004429dae5c032f0eb4e03063e04d811f0f012ccab35fccad1a50adfb4be63f73a9840ca1662084dfc3408426595b1d17b2f7561dae0d023c09ec13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4208a0b75fd0b87f5eba7d75d9c8959e

SHA1
257230b736f8d668ed08ecd3d0e8ddd335fc442c

SHA256
bf3093327a9573ad49e7e6cd576e024660b393cb654eb240928e6e5f831afbaf

SHA512
d18bafccff567650238ddf1a3aab961f54756b62c12a4241bec6b05f731d66168ffb0b922dd3aba284d125b670c6c63cfad5305b6bd09540fb832d42751a86d0

Download Submit
\??\pipe\LOCAL\crashpad_2752_LFPVFVXUSQHHXQJF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit