hxxps://steam-card50[.]com/gift

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/gift

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4412	msedge.exe
4412	msedge.exe
2712	msedge.exe
2712	msedge.exe
3424	identity_helper.exe
3424	identity_helper.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2712 msedge.exe
2712 msedge.exe
2712 msedge.exe
2712 msedge.exe
2712 msedge.exe
2712 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2712 wrote to memory of 1360	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1360	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4452	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4412	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4412	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 4812	2712	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-card50.com/gift
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8cf646f8,0x7ffa8cf64708,0x7ffa8cf64718
2⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
2af61e13b5c0b499b5bedb38bd71d457

SHA1
36d91cdc8851b21da44e64b56001e2d86452e813

SHA256
4292a9dcbee20995ad5cf063936b36fca2d364960e0723ac3be6d84610ee8123

SHA512
fbc0a861021588d4b98da890c523317321f87a769dc2c9c18e6f0e574456f9d9b5a71b304d0a1a268a8a914d54a3cce10e660257b289e4b13c076a8bdc35aa2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
21440a4ed4bf1b80445d5778ffb2d788

SHA1
13a0496007b29058fee6ed09511521c833b78129

SHA256
ecfc82e7668784cedf9cfa5b8c135a853995960f52260f51e77323f6a6ea3b75

SHA512
550e157bc9c320d17f01f4327dea822b7f4ff16f73f0b0eb987b2b6c98f22b08a6278b10380caa39986e6c4d9f9ab2d2237a9205777c5993d0e0ca9b943902d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
989B

MD5
ffe5b2bf7ae7c6bcfe0df4018e18bf60

SHA1
0c20bc5c516f2ac6a53f0f2cff0c716559f09606

SHA256
c5a72d118decc18bd3448a960e903690f98201e86c5ea57377112a392a023d43

SHA512
5676eb68dd80a11eeaf02ca6c5930e3f4b8dc0c78d3f3509608f82ba162955dfa33bf67acf5e9bfdb5d70e2166d9575f354db9cdfd6d68c5fe689a2f585c24ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
231044077d9f50571bd618d5a7181b98

SHA1
eb68649a86a73f8df5c5d9aa68606806bc6d9370

SHA256
6aee47c154a8475183201200e0f68be952e58c9b0dc1d3b98a42c2a6d0662a8a

SHA512
376fc01da1fd5712f73078e5bafa764f1bdcee610c445630f523e179b1ea335a7b23cf5203c2c83bda3812586ba3da5419de86d68348f97ac084f0f7d208e5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
63e93a38e83e59b671393bdb142d2bfe

SHA1
4caff1d4901ef3c344b48617f0362cb0c702c433

SHA256
1b0c79424d019c7234342bdd8eeb2b5e41a61b58af78204c33fd475a4acddeb9

SHA512
b8b10cbabab240e47472d6af9a9dac7c8e5e5bed2c7ec570f04c0dfc25363232fcbb28c478d2db376ba6c7e25962859fbdcf6d9ce3b2c10956f145e49fe685c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d1c565cff59355aaf2aecf576942c1ef

SHA1
341599671797882a12eafefd5c89c3783cb521eb

SHA256
400168d763de6ce33b99c753bc38595d46cdce25e74bdcc1431f0ec14f691421

SHA512
4ab33289464ef16a952c2da53eb20287cb198db66593946371648db480724237c6eac5b057c83e000ce391669f6f821a2422a3fa658de594e7bfc5ae2a8e061f

Download Submit
\??\pipe\LOCAL\crashpad_2712_QDJYCLDPWBJRXHZD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit