hxxps://atopaymentteam[.]com

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://atopaymentteam.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415370309806931"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
928	chrome.exe
928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe
Token: SeShutdownPrivilege	928	chrome.exe
Token: SeCreatePagefilePrivilege	928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe
928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 3812	928	chrome.exe	71
PID 928 wrote to memory of 3812	928	chrome.exe	71
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 5080	928	chrome.exe	85
PID 928 wrote to memory of 1588	928	chrome.exe	86
PID 928 wrote to memory of 1588	928	chrome.exe	86
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87
PID 928 wrote to memory of 4688	928	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://atopaymentteam.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc92409758,0x7ffc92409768,0x7ffc92409778
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2512 --field-trial-handle=1908,i,7072381908284997241,9311194211596469670,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
25c7c8f5cdbf0f42d08e27d5136e203d

SHA1
d0b1d7a41d5c3985e43ab84af78465ed572cf050

SHA256
6a9482d14bfc4b43c9952b1646c0d1b043dbb2e6973033a230dc6eb3f8b85466

SHA512
d1acf1c7a77cebf6d77e7da490ad895abd96c9af9504a305d8610a96414494eb2c47f7b59d50add5ff821a7a766a93237f9ae109f9c3d89b32c00d5cfcf246b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9184512abca95d25d3b57268a93e02e0

SHA1
8bc80ce35f3577f64929a515036c744afc9affed

SHA256
f6535553f22dcd41618e7507d2a6ab5ff0f400d3b0f25f4148045d7d58e2fc39

SHA512
b473898b3fc7a3c6cab6d727883f863415abc77e4fa9b3c3592d734e5b2a6f4ffb236e52f56bfddda319d8310717013168b4f1f374a9346a7a455d79e6d83bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d205d6c69c9432ed170f1d0bb7d92feb

SHA1
1b4d77e0e4e10a630d5ca64543d105a178b400f4

SHA256
4c128f4373f717a9638b02d87793fc33732518b305f7a498af542ecdc02b5e92

SHA512
aaea7d0a8e4ef20d41200e3d27c560131b2ae5ce11c6aafee24db9e3bc47768ab848fc210f2ee0bda26956168f973e4fdc02ce64b61e1c6f8084e6206c37b731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6a249bf9ab3217fbf4523c10fd369c37

SHA1
5e7f246440d4c7f24fd1868b3bc1c58704c189ad

SHA256
14e1d606e6af20efacc1740e22547ac838960f917248428de3ad1f07d2cc2399

SHA512
e16d2291d2062d7e3b4d44931de9ef1c7a84e696f262b92e28778a9ccfb87ad3ab43e0fb6622955e041bbe5e3675a2c4dcb6d9bf03e5247361fd2a454e146174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
932c48113345687d5cd6fe5612995a86

SHA1
553c0fb7fe2fcd17bc5839ad8c50160072bdc267

SHA256
1c3ff77379e527236e2b8c1fa90e8a337baad3c0ba43ece36b9d4066721260bd

SHA512
7086cc8d6f6861fa23c760eb6e7a332a78a85d8f37d95c0b161c09023a4a1568c3f78c1f811dd8aafa3441653a8ef259dce3203000fb2b28ef0daec8edaddf19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
435ec68307e1aff53980b2918080dbbc

SHA1
acaaeb266434b91241eaf600a5e3659170728eb7

SHA256
65c355701b212842d0ec4133793e328743eecf6f306303e3a51d7e15961f8b61

SHA512
ba7e2601b34e5be646aa864c9f1e0728e4eee9061b86bc8335905ad9b9ca9c8fc4676168d101ffd0162649740479296bf4df0883766158a317018b96f849b4a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
77b7ed569b064acb49b2421fd487ea08

SHA1
2f2b8c1d49178d6eda724be2e2f9f00c2c7898c2

SHA256
800ea34b818b2125b402890df586511d650c6ba8b8e9cf930af3642d4e490675

SHA512
e19d9cd76ce95853754e418fc3c91251ae70008a492556f3b5385e3bd22f3b8f294c425a935fde8536ec448429f32f4e149c6906fb759fd4f39376c3f4526c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
a6d03c693e244bdde127a44d16f9a6cf

SHA1
f074dd459ebb493a3ade874319d447e01093e3b3

SHA256
699ddfb298ff719d9dcb4e01d01b1eecdcfc9c1424793ddde75b5f2c565656c1

SHA512
f7ab4ae857d6a51bca259325db44b63e9471edaaa8e26c80b70871ec2d75d6bce7f6d1f10afe747730e3b0f2e17840e9e0f20585a898188f9dcc509ef8289347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
92e0d5d820a9582c5250bb493288c2aa

SHA1
134c937fd2469e7d7305d82b52e8fca6d0fd28a5

SHA256
627c105d52611c2d57ad0c3890ed55a9b21b9ea47c508448da25f01633c8deec

SHA512
41dad39ba300c934cf8b4c6f17153372dda87e8d23e07794e0d4ad4aad56f1627d6475a537756e0f078c66fee584a4d2785a601b1dbefc223edae88fbe7da103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit