hxxps://www[.]canyonpartners[.]com/strategies/real-estate/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canyonpartners.com/strategies/real-estate/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506216365897549"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 2132	1264	chrome.exe	59
PID 1264 wrote to memory of 2132	1264	chrome.exe	59
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 4800	1264	chrome.exe	90
PID 1264 wrote to memory of 1504	1264	chrome.exe	91
PID 1264 wrote to memory of 1504	1264	chrome.exe	91
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92
PID 1264 wrote to memory of 1600	1264	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.canyonpartners.com/strategies/real-estate/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5fe9758,0x7fffa5fe9768,0x7fffa5fe9778
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3500 --field-trial-handle=1904,i,10700087417125387632,8395725170445369500,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
699967fa36c5fb51b4b9c4167551d86b

SHA1
f8819f0367d04faa051575d0a13b3727d7da72bc

SHA256
3676aaae11b8a96c6dd9b0c9068f1d8221cd7ca156e847352e111f462dee249c

SHA512
6c7b393a414455f7a9b06c29550b4678dd1ac02e140de469363b77a7ab703d3c516a4242741d4da7a394463779b5f9db57337208adc8361a3ba3133c88c7b915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6eb51cb585b3765a650265727b70992

SHA1
b2f1e2186281a3b24c53573389e2b87e850a1ab0

SHA256
7b0006353dc3d61213ff0e51abd142ef685d66d79640081275f09318b578fd79

SHA512
d793606a65795bb78059a7ad4904da30f7ece427dabf5528dbc019b68584afd3943bb2c8ca371b2aa223d3de2738ec79bfd479f493245f7958f23c9a0bbf1af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
a8dde6e5beebfd48fe506fc3a3bb30c7

SHA1
ecde0f9d9e430c363df47259af199942965a5720

SHA256
4449da539fc7cd2d4e09a9d72486624a6ddb3195755ff748893cf8671745ddd1

SHA512
5bd50d42250c1b7ddeeb2fb0e8689d8acdcd221ef581792a27eff84c8da062cdb0695328c7182e027c0ba763075d415ab7d916a20f87ab40127c8234e8d5a0a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1b1621d705ae7126dfbe00efdca5852

SHA1
cdaf7c274f832b63d33f1d88296aef19aaa46376

SHA256
51a5b88cd7ba286209469dae463bd7c07bf0c9661da87ab049ca67d7ce212dbf

SHA512
fcc8de49089ede594b1c1654db9cac7e90eff4948a3cf551d8e139f0b76866349149f79a06ddd2d1fac38a5623549a07ba1d18dffce5cb17634042c90449d3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
f947c56a656faea49d5a4b61d6126247

SHA1
039e79380d934f84101956d5f092da0be2a30495

SHA256
fac40acc18c111138157ee4a7f85ea7ba4b4691cfc39ef0d2a4ca5794d648408

SHA512
509a44a0cf6eef6a9102bf48d2b5138db683c1092ef79133d9747cc6b0cc6c3be31705ce6622c148d81cd3c30397dbfa59f05618b6388cc1b362d9be6e756a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
8a5958e462cbd85f55157bbb6d77bc32

SHA1
47d55a889a9c5f838c28e6816a0e7a193a70a855

SHA256
4119165bf69c7b4fcd51f5addf0402c0ceb87287b8dfa8934ab9c6fcfb934d55

SHA512
abfc3af863355a819cc2ce8ed5a04c806f1a71222d17e63b05d7cf3e87d97dddeafe2769f7b200a76cd34a2730b01f1bc458db1b705528f6964e21a7ff72f581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
dcce446072edfe009d1f3269e75e12b9

SHA1
2f538d12164793825a8cb039f8ea1c4833ceb8c6

SHA256
69e7285e9c610065969b0926b2172ec71806d3a00948a000f16aa44a838b4d36

SHA512
be53dc2c9b74fe18c4a6814c3fadec8f08481a7192f481a13918c5c924a1df4aab8f56b4bf5e8e5c82ff27443cff0655334f5fc85b545a13729f9f4e1ad4f32f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2c094be95f5eb8795b57c7be406f28d3

SHA1
d9dab4b2616aca4a0d58682b6dcc077f29dfa2d8

SHA256
5d8c391086b22514dd9337cd0c0731c3b664f2f21e78a58b5ef44557cfc769ad

SHA512
d53d76db2c7764eece49087dfd25e079e492b979669db2ffda0ca1ec5c070f51e54bcec616a31d841475da7c14e3c71ff702c62a4552e3f2ae4f30e14b81351a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit