hxxp://steamcommunmutty[.]com/gift/activation=Dor5Fhnm1w

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunmutty.com/gift/activation=Dor5Fhnm1w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3908	msedge.exe
3908	msedge.exe
2876	identity_helper.exe
2876	identity_helper.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 4080	3908	msedge.exe	82
PID 3908 wrote to memory of 4080	3908	msedge.exe	82
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3620	3908	msedge.exe	84
PID 3908 wrote to memory of 3108	3908	msedge.exe	85
PID 3908 wrote to memory of 3108	3908	msedge.exe	85
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86
PID 3908 wrote to memory of 4756	3908	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunmutty.com/gift/activation=Dor5Fhnm1w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff575746f8,0x7fff57574708,0x7fff57574718
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,16202568135371964903,6799176879238629193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
ba7a5e7da957496294541abfddda8030

SHA1
5530bbb150456f23e41ddf882f46c4607268764b

SHA256
d608970e9cb9d0ba8cfd7d4ffcde744ffc1dcfe7311c8e9828fa595b13b1e2d7

SHA512
d72cc8046d9cf17cef4685237060db3e9e3cee3881966d737fef650d57de877e78d8a978015716aa1f1b38a51ec5892cb515096a7db226e574859f7d3864d261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f8d38328b70c94c89dfe298e47ee59e8

SHA1
039c7cb542d11398b2d3055656af865605e2995e

SHA256
1bb2fe3a399bfcb319ec72371b150181b6488fd7bb688e197106a214951c5b8d

SHA512
fcfb5258e1008bf8acb0ef0d3402780706abef27b4499d6290e01c31742e882653362049c66a61f191db98527233fd73b1fdcd40fffcd59a8da804e7465bdeb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
b451a1ac5f2536d794d6ad852190f831

SHA1
ac90dddff313afdc4283dbce54aaff790d28d06d

SHA256
23f02d730c3e3f3b70b52b5dd407a39a31ac62808dc0dfabca772f59fdd4735f

SHA512
3f8b237c8579f1bf08d4a14633ef993cfcbb8220f1ceac134e02bec65a73566c5507953c3542ac5e41fe94665ce9e6431924f47694f18b1a5fd29ffceab44f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e086c45086e8ef424c3ac03c8e888b38

SHA1
3648eeb2cb4b4f22790759fcbe5b1c187f21b97d

SHA256
47c313c1c9d149044919697b2c71599a9886954ab3179a3b74251e94bbaa6ce4

SHA512
307852dda977d32fa62e7b5b6e082342390adc41febebc5907b9fa6f8078a5ef82471743b0f92d1a5da7cc52b2c641152873ebb28ae05dd462c5402e7a1ada15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89ff2b152fb205177b8ec57402ef202a

SHA1
29ea16eba567a19fa30beffc7a63dd3eaf13acf8

SHA256
dbbc9192e828a9ec56fbf2772d3f32e8974df7b2ec408c10a90e2368cc92f96c

SHA512
b418153c719d3bbcf837dac5424316ec795813df473b6e2944310e4fd910c97a8e67399f3521d6eaa5d23e462bce3a24836dbef87883041099d66204311223c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c60fcc2284c03cd2ebf96d3eca3002e

SHA1
33a4268131e9ee59d8f1d0297896821a9914ed3a

SHA256
fb539127d940886cafe0e08997536cc771b14a96adc63aca2b01d61bbadfbdd9

SHA512
b4ad409e4b642e0ebd727f984e64a7e350e8b42692d96f537648158a852a08d9871220f9f8315191cf03d51819f510055bda144d436010b31c3dc008f7fa476e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6f3.TMP

Filesize
876B

MD5
9e616e19d10755548c073dd33f47ab0b

SHA1
188bed1d1cc9d59a476d3d2c47bb4ca1db0d6fd5

SHA256
da902386cf6fd78660f1fcfa73678383ad7fc48b2ef7d9226034946389ebc845

SHA512
f3f1f7ebe6459c37b98c468898d05d680ea559bed5492ca4c3a081a4a88b3742e092e6407fb3dabaef64006db06383f152409599300725fac8392b5a074da4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9ce59f0ca9a0413b1ea581f4a55c47e1

SHA1
ba3b6522064b4f2c2cb0880434d63d0c80f303dc

SHA256
52e47bc71a545a3309ee333e59f0df0c3891e75bb748a20f2178298a3976f797

SHA512
9208c2c5a01cc322d2c1feb827ce11073833d0f8361b8206a2f45b0011cc2e99c511c1c90da11c00c808a6b87718391e4b245ab3b3f7aada544ecc3fcea5ce93

Download Submit