hxxp://steamcommunmutty[.]com/gift/activation=Dor5Fhnm1w

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2025, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunmutty.com/gift/activation=Dor5Fhnm1w

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
2664	msedge.exe
2664	msedge.exe
3908	identity_helper.exe
3908	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2652	2664	msedge.exe	85
PID 2664 wrote to memory of 2652	2664	msedge.exe	85
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4336	2664	msedge.exe	86
PID 2664 wrote to memory of 4788	2664	msedge.exe	87
PID 2664 wrote to memory of 4788	2664	msedge.exe	87
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88
PID 2664 wrote to memory of 4488	2664	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunmutty.com/gift/activation=Dor5Fhnm1w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,14649638814695612788,11703128843656198114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c40660e-bb4b-4614-a648-1d650a116a15.tmp

Filesize
6KB

MD5
1302dfeddd8e111677ef2226a842e582

SHA1
fb1d0269e19b49eda8231da98902a68824fd4c06

SHA256
42f82f65c315009715769236e03ee4a3d047ab8996447ba995a9eab6b172ae60

SHA512
328403f21c5adc966fd5ca5482718a666d894f98ca5fb7b7ad48972aec22c53dbb8992b49cd50be1ff38353b20bc71f4a088ec000574f1154a0c9f8426e38429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
49aa930f42e90c8e82857ac8f41b60cd

SHA1
c3f7b2d81d947b6ebe530b060e921b6cd4c6fefb

SHA256
63ceca85b585a15d552d6f5af231e23603d1c54a97a05d7d057f3aa945c12139

SHA512
b52f18b2711d7dce4af7d03abe7810ee87f40fc515fe640d46a75bc133f940d08be102520e4ecf1825be460004ced191f7395624c5ada0bab7ffabb3ac3372ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
297c78ab32b3cd1da52069479b12f6cf

SHA1
667749f29665250b74db3e0ffd01599a65a30685

SHA256
5cea76e31827546a7e5595876d6b7e992cae7d64459c7848453def06dc1a9354

SHA512
7d98521dc614dc367dd4d8459f689ba3d3a525bb5f8846e7ee223017c008e6a3090b8e5e5e60bf877f1ffb0ab2d768f7b4de29f5849439947a58bf9f2a97f920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
622B

MD5
d1df581299cd58c447789dba52de137f

SHA1
fd312a2561ddbcacecec1e2f4afc59d06214acd4

SHA256
9aa12b98151884b3b2ee72cf02adc526e678f2a07bc86385c598e8243b9d0b1e

SHA512
28493803c43c108600f6a05d538fd2736befc6c9c54503a92eba277a89614a97d1d8cd4709195ea0289cbfac2648554548fe29244868f567ce5ede7bc544daa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
850f7c813be1a446dcba4b967548575a

SHA1
9fa6a7e6283f865861140f6c5ffd2925dba9b91c

SHA256
e943d92ac9293675a56d7614f2dac2cf0147e046ced4dc2d5c9e3a3c0bc74984

SHA512
df82e51cee6169fb9062ac32fa6f3e2fdd96627a3b8d396f6babac94f4c4fcf1f53ac7cb1f8cc70d8b42d6956233227610a8e01a6051577c1fd21176dee1c6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db499839afe6b58c4451068b617d28a8

SHA1
2934c390a23c84e3bbc9f8afa3ec7b4fd08fe501

SHA256
f0c69fe62943446e5757c785965fde3bfcf85bcd04dc6bec9b46142b187fb792

SHA512
d2b4f4e0d61ff09e23b55a037860c7b771cf848f63671007a9ca88d4b56b859f9770e873884d99b3b55cf258728c93820e80e0305566e99b4d6a26967f27bc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc058106bde3d7cce2157ff4a92c4d81

SHA1
1d970fb8663bbfcd841efbfc169553a4b7a0bed1

SHA256
12ce09e28514564d47807321b276e776a7dbb9cffd2066fb9ba933ac156284ae

SHA512
1289793f66dec378b060acd9e88daa6650cad78fbad32a7d1059915247cdd593b96b57f68961efa07b6a393a63b99ec5c81438533db75d22459237a3d2e09332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
ed1d6ede3de3616f79cb21d9c0e5df9c

SHA1
83cb78369cb92aa876d39859bbfa4a2d9ef29dfd

SHA256
33cd120941faf1439471867858be9064c988296c5ec4736119896d3377b88b3e

SHA512
10d456110b6d4fb7d10eca9090c1fde75e314219f8bf118c3abe3cc1589cc6726366f31f1f12c498ef81a379a5d043a10dc7a77ce3f799724bbb8b0aae6c1fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6d3.TMP

Filesize
540B

MD5
b10324443806c4a9ab48ca17e5d99836

SHA1
0c49d287a43aaf6631305ee9acaa4d449db9364b

SHA256
87262de134a5419853599a80c56075e9544872f115d006d3d5e5b572e75a2616

SHA512
ef6f203fcf556a702832df76dec891447dd91b830a452e687c0e6f4297dc0d8bcc3a7f0ab12f36a542a827c617406853c0c9cc17d982cb65ac48170c3fd74a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
616040404f1e0daa19e79a404982a147

SHA1
1631f8d70fcafb35635a975df8b8e3a4a8c72f64

SHA256
f84da5113ade8fec4aaff4d6043ccafa0aac64aafbf69c3eed35ffa667e943e6

SHA512
3515a227f773389bf732952cb6f1925632516965350fda06f0a44eb0d283861ac16f29475de2b692e50ce14a3df229c7ccf282134ef18a471b6d784b7d812b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
23e75413d65e2b05dca47b03196ea35c

SHA1
45f71bde992ca0178fdf8ab2c8d3f458674d3261

SHA256
b7a47a7109111db72e2d41889e6b9c57a80da9c7e997c5b3114c1d2aa913774e

SHA512
520eb6a8f3acbee411905ad0a6dc1993c4c1eba1b924512f20869ce31286620fb016b11f450ad30874f1c3872f41982a1b6346c72095a4848f9e884dd78a453e

Download Submit