hxxp://drive[.]google[.]com?authuser=0

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com?authuser=0

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
14	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
4156	msedge.exe
4156	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 4880	4156	msedge.exe	82
PID 4156 wrote to memory of 4880	4156	msedge.exe	82
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 4884	4156	msedge.exe	83
PID 4156 wrote to memory of 3428	4156	msedge.exe	84
PID 4156 wrote to memory of 3428	4156	msedge.exe	84
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85
PID 4156 wrote to memory of 3560	4156	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://drive.google.com?authuser=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4fe646f8,0x7ffd4fe64708,0x7ffd4fe64718
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,880949048357661819,5648306759776257193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
8e08fe2620e4cae543c2d6a5a3ef220e

SHA1
0a05ecaa76dbb7ba2f903f1f8465ba991aa8a860

SHA256
90023c51fbf25d4658587789ee246b7b0b3055a824b39dd8427fde1b693bf85e

SHA512
262b14502f73b139615422d4717f499ce410469ac016dbf2fe300caded7fd3cb4b40f7a06cd2fc7ec757ae1342d212351f255b5a6bb391e8f2658a6e0a0fd278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bb8b848bc80e1097d2c67b9ddab9e88b

SHA1
495d837c63535cd8527d5bb6a98413cd45da40b4

SHA256
3a61b051c083dd3f494a8c0e0e796b251d415fe4cbda127d212017e27b943c33

SHA512
0ed46f8642aa70954cd859549ffba5c34eabf160bd1f7ed59602e08325f6cab136dc2463f0ba6509bbaba702f338a94de465810ce62d7890ea3e147499826d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e6e904afcea0aeaa448a7b942147c3c5

SHA1
0a593057c8d80ad03ae364e8cdd8aa5198d98474

SHA256
0d9621d765b9fee54833a72c5a0df14b14bd550f8639283761dd43cba77ab9bb

SHA512
2a2302093051b49e6149953485ecedf807670ae2f722841eae48e6335e349a0c1c77f5c6e1b8b3f8dec8d54054b9885591f06f1b21a7c733d5b5089a160ca828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b67fa96c2a96c326a5a909c98f60388

SHA1
5928f70e23b5f8d824629c767e02dfa64abc2b11

SHA256
69afb87e7b20b032d916745590941b699b283e1c1e1ebc9c0594f004f45e28c2

SHA512
9bea6e8cd98c23728a08e63cd74cd5504ef9c02eba6b58326d0773ce9996d1ebbd9f3173bf6d1d4a46e1de0d68c6b44df1ec893a42226b88aeb1691d0c63a648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63eebacad182442920b271825ba62297

SHA1
10d9954b4c60d1848867266837e8a163f6cb3c3f

SHA256
f2c9234568f26515953858957980498b18b20c3d8665745222832f0fae3f679a

SHA512
b3c45881881d0846a833fe8292721b01d7f41dc00a3322584462bab812f4f0752307f02e54d0820e1ace24c083271942fa0855f7fa7b6cab913395f232f0aaf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f7c87680359f54959cd0d4b691e236ba

SHA1
65cd107978d2481dc25b8fb0b64db7af408f402e

SHA256
6486226119f3fd7749e590ca8590fca73b570551a7f97eed4686a98065bafcdb

SHA512
a607b5385f93ab08930218bf8b68dbcf8e310e6d0b00fac2c33e0756edbf626b9c3bb1475351d5a68602c3b145645649446859b2c7ffa15a7f226d81d3985175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589fb6.TMP

Filesize
371B

MD5
00583ffebfd57e84e19cefa724ee7017

SHA1
b8627df0ce3b37b64978f1615f047979413236d7

SHA256
ca6641b0cd6cfa928959ad532e4348f10e80fc91b43e9768e8cb8d8996052b8c

SHA512
da68ce1da7b116d96551c126b948756f48ac0bffb6c6b780b80cb3d4e8f0cc2e11501c4ad08d9bcb9aa14427dffb1976806861253923666c59e636f5d06316e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eae1e82e0253858788e85fe5260bbef7

SHA1
2550afe7464f4235e78e2f5e1d6ac6f305c0e48e

SHA256
e10c40e2dd1857ecabb44decebf383cd53deb33f134cf5451b931aa26667b7f4

SHA512
cd1ed8fcc8fbca50366a1df708359f7bfebba7e4155aa9217e3a246edaae95c376865cda00fc639babd3d40db40799681dbef1667fb44db9a200e25ce1589e9f

Download Submit