cf5619bcb51b82e4e1765276e9f67fb1e2d23dff968a653657acf35bafff8bf4

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 04:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DS4Windows/BezierCurveEditor/index.html
Size

193B
MD5

b7f3e0aec1e9905b2706285819ad8627
SHA1

c86d0c917ef8b6e1ee25d034fad53b0b9f6ba5c4
SHA256

fbd5e846237145aaa4b1d5275eaf95013a31d41e9cdaaad032d583245de54a7e
SHA512

036375d1801c4b85c8454a874267cef9dc49bd7aa73a49e308584fca8cd188857ba625f1033149f0a9aa395c5ccb78d1f1abc73e2b85339a6c5895d46759a080

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04EF4C91-E027-11EE-B411-768C8F534424} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000008cc47b58d626d74f92504bd89dece1506f3d50d54c3de638b5a649ccc62f72b4000000000e80000000020000200000001bb4da9da105a83cdb5716fedd23ee9d158319820ace7dc6fddba7b4efa89a4f9000000068e6e93d545c7d7e56409302c794e2587d725f1297bc14ce4b9335b02de05748765597efca964b320ba29f6595ef14906957e81660a7cd29570d3e971a042007b4fbd5567c55876386e68212fbfd4834c793d214e76dd95819c559e10915ea36a0334d22c512da8aa6804b02c8927c0b60dada5cdd907b01ca4e92c379f552649fae9434e8f5f4288250d4760b526aea40000000f7e04da8595f8c994b1563963af86e62920fbe294cc3f80dd43e8b66e1cf509368b63f0259f2efb0966dcc2d1cbb087c75e6615d14923445070a2edf7f2a5fcc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416378736"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000b0348ee35706b65f5d49cf955a53c853e8d723a38fb771e7829a35e127f5a9fa000000000e80000000020000200000008471eb66e64e3489ccbeb6eed78c339489d19f87b5769188d14d9d4ddb40ddf220000000e5950d56b7d3bc04bc4663b2f81f3e0eab414b8e7338858c4db76f19490d7b39400000000a0b2cb19e29b5b13e0599bbfe59fe2e1821440188e8390a99f31a416ed99ff2bed11be177bb2f0d1defb9bddff56b2fcc73a1ddda7719d0b5fd4b44e08bf3f5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 102694d93374da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2240	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2240	iexplore.exe
2240	iexplore.exe
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2940	2240	iexplore.exe	28
PID 2240 wrote to memory of 2940	2240	iexplore.exe	28
PID 2240 wrote to memory of 2940	2240	iexplore.exe	28
PID 2240 wrote to memory of 2940	2240	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\DS4Windows\BezierCurveEditor\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5b860347cd6050befa93b00a1721184

SHA1
2396a4fa577e8ff1a9f292627d463ed2ed3b00ca

SHA256
75e7c45b30519e5e08bc681f2fe7bdf613e358f95c8800b11582393c2f113895

SHA512
bc45e82d947453932896199caf98f0680d58f268d647398dff38324056faa2b1a08cbcba9e6b36d6c32a7fd8f406d723730884e69bd15366886d49f6db44b185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55b25d92d53dcbf87daa0e8887ffab09

SHA1
cafc5e53985ad3039ab3a280719fcdff009cbaaa

SHA256
6d13d3932da60f0543da6ca16478df1b38c02193c8de5aba15c1296d09f752fd

SHA512
715bfd2265c7aca6b4d115a34edd9cb7f558dcaee0555fe4c8015b70292c41fb2623635fc9c7716843b3786710dd42bbb913b4b091b8e97e56817c5e2444745c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e51e93a840995ae09331353cfdda7d80

SHA1
e2fea588131b49960972c53b4c505c7e3d522465

SHA256
10a19e80cf0d4551a7c65992d602dd2480f02d8e276de7793082738161bd28fc

SHA512
384bb5f06db2e3b3efc62988d9b06f71c9de0b4fc0bc88acce11d2c92addb1d523c63453e5b30e8239334f4bd38bee8aa5ac4778f536af1edf1490e3c4cfb330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52aa77c59a210423668e9be73f75ec06

SHA1
8a942f001a27b391cb1b815c5f9881bee7ad3dcd

SHA256
e1937c251047f12faf8efcee9d20dc05a8f69a13dea77af0f2d21280ae18349b

SHA512
d126ef4bb3b0bdc8529594fbc0641edd3265c001bed0b10e139e92e560f61a71497b8d1df7e2b3a7ce90a68cec6da997a8130ee28eae17abe1a4e96c5011b345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0818a095540595f73065af342a28c355

SHA1
4b92eadf8ab55566aead681888fcba5cf444e240

SHA256
3ef1b8478e6ab799ec9c160888101829f1e45760bcf40cbdafb98a22dcd8e23d

SHA512
143fb1ab6d31cd7fab9ef68c349a6940a60e1709289594f89c976208db187188ad7ad6f8695b82ec05c540da0f3cb9e533283d4c466d97881d16e364e1dbb75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09e099923868df9a26e0679626f2cea8

SHA1
b678baa1216a8e82cb0fc61fe62e5cf3f0289d91

SHA256
8f12fd9ddda32e759ae56e06b0f755002e6220fd06ec8ce4d60f5ac6084c8c7c

SHA512
f8cee64cbf92375901f194fcab5d20a24c2d86aa39817198cb7c18aa80de5069f092a8bb5273db911befd797697592e80459034e8536a82799385a0ea7091940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f9157838778212a37ca986469b6d0a1

SHA1
68e717770d9831b8057da0a6cc5e9e86f37493b8

SHA256
7ad2f4d7a3a47541da3bd690bc155f4fafdd0665033c3c5f0c9c2261bf27e504

SHA512
6f689fb4df7a74bc647a9e1b7df1c87ca29db2b026d3a9f88587b58fdb7531ac6a5c8538d65c5307b4e9075bc9cb9889d6dff40be99e57b39ad02cf9682f3a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91c0741447cd3c04ae325eda00681aed

SHA1
72b5afc86bcac67a6fb14d83d93255c360aba027

SHA256
6c123c5d8ebf947260f6584d1544ded3326d7a513ca8d740db83ac47cbd5a2bf

SHA512
09dc649a3bdd5b21d5856498da354c90eb3ff694f2bda9197004a80f4e8d63d3524b53a4e926b423d128d86e4283dfb4573f9b5ebe52b89a84c7504deea29b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bba1f04d46bec5bce3ce6a0fec1c7f4

SHA1
3294acf1444669088a073274e560cb830ed6a38b

SHA256
bbcdb84a2d58dcaa973786a218590f2a518d02f6e945d42ab3c4e963c98dcbaf

SHA512
9bb6a6241292df4c4e34f7ddf451f446c0a45ccf36bfaeb6b3ae1282616bf3895386bbed031244f925bf615541510547392fc0fe3a0f4719283490c4e0ce9c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31f840cd15cd67eddbdd5af33dcc73a3

SHA1
7f22827a334cf0022b9ebb5da3cda88a41c17075

SHA256
5fe710face7d28493a798568887b0fc9e510ef66bcdf960bc37bbcac6a2e17b1

SHA512
5a8920578471d394b52ba9ff1e0d3400a44f5bac4a81f3995d7cbcaea816e7e309e021d63f2776407bcbda5e72762a81202ee43c0b6b7378fc4eae14f7e13352

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac66cd72fc29683ff35fec57d96b61a7

SHA1
b112606c59c8fd2657144a4586365eba3eb90bcd

SHA256
96c94c1dee896132daaf6b30e2aa0251f1d69110c2e164fb7fe25a1f391e0c44

SHA512
7b2102d73b7e10c762f2534a8d7f2456b97ddfda7d368771a922d4cdae5c7d560f2a6b41beb829918d4e663b7ecd9bd8f0ac7d9213a5d6aa7f502d183d9cdae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
054b1732a40c6e5683c3efdb7e56faa4

SHA1
23885155ae83cf48d55281b057a4d50681e1754a

SHA256
936b33cfdd9124dd55a14c30bf924df379358075866ae4317c344dafb2ef4c15

SHA512
a957ab5be265d91934cc75cbd08a47cae232f906aa055fc1ebf10ad4864c494063724a23306bf4813bc48eb42b2c0a48446da401184e2141e3f151ab74a01be2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e344470318833597e8d9e0e328c9dee1

SHA1
33ba637abb88f14d3d2a001e411b12469ab3fb91

SHA256
11f90999393d2a7084585c40bb11c1b0eff141e17fc37b699ed8c73c84711da0

SHA512
f1c80aad43492d0628c32da96678c4d21fa2d7029975ee918c7fd0f624de01104dca00e3c8fb919c2568ad91079f6113689ff22514b2020844215211187acfab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68e23277e33fa93d7279745be8c6d633

SHA1
8cd9f215d6dbd80d44ba66822e6b8506fcc5c535

SHA256
149b09a689e12bd078f959a11602354e4028dcce1cdbc6a4c80b14f2c45b3ec1

SHA512
333575b3f99ed25cb0b2a97cb5b25fd2001edd96fe2877107e91c8be47c0e6762c4e5026619491a99d04438170351e01e1b844d90fa44c081070fe378fd4a4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9740e1e38e5a47972cf6e0f6b27a1fa9

SHA1
1165dc8707407689c43822176b373c01cc0fdb92

SHA256
cacdb85d8d928014a232e5bfc7c1e42fd77454154e6698a48ebdb8981732b93c

SHA512
61f8d20418aab63d2bc7d2b1bda4929ed63de3bea463c28f7542cb8495afed8668b6547f444fee22c68e85d29f3d8b48be92c10d2e30c16489274f3729689d2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d8cef31766aa6fb63ef6a3a74f37204

SHA1
26210042a857f4eca5b3020e3a1f06bc18b55bd0

SHA256
1b6f4c790ed1ea0ae4224091b72b3b46bf3da5cf3ecc194bc1c9cf1148e99038

SHA512
fd530546baf69029ecdc706349990d60970e038047895e9d1e8346bd628628e263d789d4fbbbd7f33edd2e08dddf215ca04ec7b1a6998ee65a90b18a4e5979f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c1f338b302391e6e0087abf526a271b

SHA1
7c377e7a2afc4152040215aa42ecab79c9182dc8

SHA256
087f4d3f70d4d97800c5aad8f1c3ae295b37ac4855267b26270da9c3675d4ecb

SHA512
a4ba008cdfa6102f6b2eb00716fde2c2198a20f700b29abc966a1d9eec024aa04d7f5d06e4b3214a0be9b521aeb20a77238957039ecd32c1526db5eb81d836fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2907.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A17.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit