hxxps://steamcomnitty[.]com/gift/id=1737219938/

Analysis

max time kernel
96s
max time network
122s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25-01-2025 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomnitty.com/gift/id=1737219938/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
14	3784	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
1468	msedge.exe
1468	msedge.exe
4012	msedge.exe
4012	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1776	1468	msedge.exe	77
PID 1468 wrote to memory of 1776	1468	msedge.exe	77
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3244	1468	msedge.exe	78
PID 1468 wrote to memory of 3784	1468	msedge.exe	79
PID 1468 wrote to memory of 3784	1468	msedge.exe	79
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80
PID 1468 wrote to memory of 4616	1468	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcomnitty.com/gift/id=1737219938/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff882223cb8,0x7ff882223cc8,0x7ff882223cd8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  - Suspicious behavior: EnumeratesProcesses
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16982121981428098557,15953936008323758536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\93405cab-acc1-4652-86e0-9319220637d6.tmp

Filesize
11KB

MD5
e575d6d3e8e9866d025beef7b89b7091

SHA1
d3ce2970b1c425f4829d02151c4d9bc88a45c86a

SHA256
faf045663f9856e01655048814620058955920e95b5d7e3f5a75d340033dc3c1

SHA512
3ff3f5d06b4eb18c83ba18ce60a4105ac8a9525f2a4798b209aad719bb523c9026614423dc12f9c1003b364b5de0edad0d6a6d55e80bec94344889fd063976fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
8fa2f92ac22e6c7974daafaf56b434eb

SHA1
edf714be953c3b953027701d420377035a2dc701

SHA256
c4c8076b2e2a78a8f03e5546fcfd4bc486036343bf0b5cb82b2cacc758b68321

SHA512
86f7332de64af071979fcccf8a20c2b2e5c2567f3d8518d00196a9972779a95f41ec5bf4b6d62849558a23ce53429462e7e6f8d18c744c6b7c35ef4a29a3250a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
670B

MD5
0fd7b53e37ccf49c7cd983918d29f7c1

SHA1
4cfc759814d1f6df109b22d5b7f081553a46e798

SHA256
e689eb0147d30bc4e7984aa7c329e7f699eaaa20ae715df833948a9c81e27302

SHA512
d4b85b45294c0f64b0f1a66dbc504105a1cbf74043ce4eb36d9775b44860c29e126b5a025a0c60c0060ed91afc85d64dbf6f8998d5ccfaee16504836dc137c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da4e3c66f91393b561e2ce10dd901486

SHA1
68cea9fdba5d27fc7d67360842d76a8066e51cc9

SHA256
33972015ad3c76ef7b8b5e2a7136d62f189c12f428b404f9c43eff7365565322

SHA512
5c60cc34335760517ed2587604f7258f286be9d53c8b5a02cf5e96c1777b68484bb44406c4b6c2f35244bb47293e17d01011b1597d3ae0db5bd880c14686cf0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
147a54c3c1eb779dea654087237c8761

SHA1
dc1e31dd151bd522c2f4a84028bf45e374d8e4ff

SHA256
d7d4553880bba4ae2e3324ce903dad26c27b14e776d8e38a659e8fcfe01f75f1

SHA512
e2f7ee7b342189b2280f2de1820b9a6621248f8244b20dcba80acee5e970529d881ecc237c05782becd775fc82acc27d5b10866523cdf216714693a4fcc2cfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7530ab2e4eb47fbc09b81fb33c62496

SHA1
cf55f1b709c1ac04bdc6094d22a632d44fb94937

SHA256
6f350da9fd6012ff2174c3ec4f14f41fc5534854ecacf7f6f6bc5be1fe8c2995

SHA512
48b25e90bde76d10024cb0dd74161029b56a17f8ae494d0667c280a1045833e9be89fcaeff4719b34e55e2e6c860db82ff6a5efe38861a540938322abd0dcb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50bcf321069a1ac1d8e3dab91118e8b2

SHA1
f111bda90d999ab7e60179d682769739cd9b8c8b

SHA256
9960e79f2587cf6787ceb6e5a5d4ce695a23cbbde6a40bfe7992b71ad68713ea

SHA512
e805adfc86d08f3d91fdb3dc09278d8bdcc66deb8059e0351b18ae8d7d3246f8e5a9bf4bea492c31d0995c481462638d38cb75d8bb89fa2d8d2e74df863803c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55c18611aff9791c45a2ee5f00f2b7c1

SHA1
8bc91897981f65f152db006d499f65b894b93312

SHA256
20a47218e5c9703aa04195dcec17b45a4ef081f2e8aecf6003f1eeafcec079f6

SHA512
fbc7cc798760b478fb94559ce0232d6de98baf7c74365bbb666b245d6547ffc3353361e40d5bd31330316c3f5c16efe5e9c4a81c7113559c19ef0089c9138bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ffc5d5a4539daf3b2da437e96d52ca79

SHA1
fbe4997564bfaa69d4c891122f59cc9456923f1b

SHA256
bd7a82e9c535c9451518020e1b78807deb2c4e05772e0efa67367dc647ea573a

SHA512
4271ed88386023014918d9571cdf6b361ec4b52dd0a7b3860bbb30ce848b43cc9f24c950bcd880a916fce474e17b40c56615a64a39cae0d93998757516121989

Download Submit