Overview

overview

10

Static

static

4e0d1edb76...7a.exe

windows7_x64

10

4e0d1edb76...7a.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    167s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    06-03-2022 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe

  • Size

    3.3MB

  • MD5

    d18bf81dbc8acce488abd633d8058cf5

  • SHA1

    1d6dcade355b4867e9435961655a9b9caa373528

  • SHA256

    4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a

  • SHA512

    10a6b3994b1b0d37c9f3833e700baded6b89b0162078442b4de5a9747c23027d8943016c5941ba2e530ee5263b87c31a7714aa7bcb5051e5d63cf0a3cd88756f

Score
10/10
buranevasionpersistenceransomwareupx

Malware Config

Extracted

Path

C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Family

buran

Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [email protected] Reserved email: [email protected] Your personal ID: 141-666-48E Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Signatures

  • Buran

    Ransomware-as-a-service based on the VegaLocker family first identified in 2019.

    ransomwareburan
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Executes dropped EXE 4 IoCs
  • Sets file to hidden 1 TTPs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Delays execution with timeout.exe 4 IoCs
    evasion
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe
    "C:\Users\Admin\AppData\Local\Temp\4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\ssd\onset\goodram.vbs"
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\ssd\onset\81ldp.bat" "
        3⤵
        • Checks computer location settings
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3080
        • C:\ssd\onset\15sp.exe
          "15sp.exe" e -psion0811 01s.rar
          4⤵
          • Executes dropped EXE
          PID:4452
        • C:\Windows\SysWOW64\timeout.exe
          timeout 5
          4⤵
          • Delays execution with timeout.exe
          PID:4072
        • C:\Windows\SysWOW64\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\ssd\onset\Ztestram.vbs"
          4⤵
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:3204
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\ssd\onset\sata1.bat" "
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1384
            • C:\Windows\SysWOW64\attrib.exe
              attrib +s +h "C:\ssd\"
              6⤵
              • Views/modifies file attributes
              PID:4024
            • C:\Windows\SysWOW64\timeout.exe
              timeout 2
              6⤵
              • Delays execution with timeout.exe
              PID:4400
            • C:\ssd\onset\mesager43.exe
              mesager43.exe /start
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Adds Run key to start application
              • Modifies system certificate store
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2392
              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe" -start
                7⤵
                • Executes dropped EXE
                • Enumerates connected drives
                • Suspicious use of WriteProcessMemory
                PID:1288
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
                  8⤵
                    PID:2224
                    • C:\Windows\SysWOW64\Wbem\WMIC.exe
                      wmic shadowcopy delete
                      9⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3156
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
                    8⤵
                      PID:1336
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
                      8⤵
                        PID:3588
                      • C:\Windows\SysWOW64\cmd.exe
                        "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
                        8⤵
                          PID:1636
                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                          "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe" -agent 0
                          8⤵
                          • Executes dropped EXE
                          • Drops file in Program Files directory
                          PID:472
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
                          8⤵
                            PID:460
                            • C:\Windows\SysWOW64\Wbem\WMIC.exe
                              wmic shadowcopy delete
                              9⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4156
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
                            8⤵
                              PID:4764
                          • C:\Windows\SysWOW64\notepad.exe
                            notepad.exe
                            7⤵
                              PID:4324
                          • C:\Windows\SysWOW64\taskkill.exe
                            taskkill /f /im 15sp.exe
                            6⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4920
                          • C:\Windows\SysWOW64\taskkill.exe
                            taskkill /f /im 15sp.exe
                            6⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4264
                          • C:\Windows\SysWOW64\attrib.exe
                            attrib -s -h "C:\ssd\onset\mesager43.exe"
                            6⤵
                            • Views/modifies file attributes
                            PID:232
                          • C:\Windows\SysWOW64\timeout.exe
                            timeout 4
                            6⤵
                            • Delays execution with timeout.exe
                            PID:216
                      • C:\Windows\SysWOW64\timeout.exe
                        timeout 4
                        4⤵
                        • Delays execution with timeout.exe
                        PID:1612
                • C:\Windows\system32\vssvc.exe
                  C:\Windows\system32\vssvc.exe
                  1⤵
                    PID:2004

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
                    MD5

                    1c7207d15a7f303c73d5d89d6aae43be

                    SHA1

                    19fe550a31cf89ab706e3ebcd6fcc78ca57bdeac

                    SHA256

                    52a8f1b16a9d4bcec89850a5f6d30488cd8390d0e6bc19eaea5a138d5dc64dc9

                    SHA512

                    d6216aa45ffcd9345139792c94a55d53fe40f775d42a6d6127fc2cb066c653bdc005d133ed85d73aa34f1bcf634c221c7624a7e840c2424cf1f29a2bcd088342

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\204C1AA6F6114E6A513754A2AB5760FA_0673414C08DE7F919AE3F6C4CC65AEEE
                    MD5

                    5bfa51f3a417b98e7443eca90fc94703

                    SHA1

                    8c015d80b8a23f780bdd215dc842b0f5551f63bd

                    SHA256

                    bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                    SHA512

                    4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B1230D967FD647CD5194F3FFA6C7E7E4
                    MD5

                    0f96cf32580efc867ff48db74bc92e4b

                    SHA1

                    2d16ce1151807b1cc5445db9bd511d0a2c90cf01

                    SHA256

                    7176b87dd59195a7e0fb8624010b143d1ca991161748e2cd38a88a4eec91a8da

                    SHA512

                    9d9e74180ef53053ebcfe25dd50659b002a4422c9253b82c78804b97329b57ea1ee19edf9eadec09d45f1b034270a15a7da5e5943406415dc259ca58fa459dbe

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                    MD5

                    c167da7b8b4c7fcda6675c7e0088f400

                    SHA1

                    994596505635ae1ea5d515c3812bde4da71453da

                    SHA256

                    393c90d40294d1f9e4875acc639b3c1b0207a68c7ca49aaf715f97746c128062

                    SHA512

                    8fbb72b5d58e34709eb545ab324112d4392f3af389b68b1e184d885ea210f529dede92167578687f47c1b40e49341cbbd62eaf8d71dc09397b5d44a4c9b767f0

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
                    MD5

                    376e8b515e7403fb6c11b13453fa11dc

                    SHA1

                    4bf67184d88f4d451e27fcd534aa547a77dfeff0

                    SHA256

                    50d7160c0cbaf6c54422ad78dcc1576f1707fb409fb466e60cf9df0bf8ee28fa

                    SHA512

                    f8fdded2702b7cb11e51b24ee66f8fa1eb49ed6d30a4595ee9383c21cfc8c17fed841eb50924ea70efd8eb8965adbe49caca8efc402db967374dfc5e4c70d934

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\204C1AA6F6114E6A513754A2AB5760FA_0673414C08DE7F919AE3F6C4CC65AEEE
                    MD5

                    c95478c775c248aa251fe045267b3923

                    SHA1

                    b00a2027056cf1e3e3b392d87feb647849d738a9

                    SHA256

                    25077f02c3a2082f20b144ee3554198081984b2fd7eaf84122f697276e1fae73

                    SHA512

                    02176afb9033e3ed76d024c3e3bf33da5553ecda0419c35c1a0dafd858c2fdd109e41dd138aafc3a6fa9a9627e792a90120879d7317912bbb9090b0f24e23b4a

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B1230D967FD647CD5194F3FFA6C7E7E4
                    MD5

                    339df2ae1465a8241010f5349ac0e36c

                    SHA1

                    80497d39d1fbb2b771f6066489b09d2a4f5c2786

                    SHA256

                    e67888787c3e9d3db304ddd098cca36aa0b67acffb4cfe2a11793013c7aa225d

                    SHA512

                    1d4e3fac03f71b929479d942a7e208da232b762fbe94d1aa27f4b803d7f478d383d9896da081239a5e75bfa552ba057e69fc9b15f227007e5637b5f5bd7a0d0e

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                    MD5

                    2b95987fe7629fa263baceaf290bf9ee

                    SHA1

                    efcd1037d291970118f24ee3228e21b1a786bbf3

                    SHA256

                    06fc1506e320d6f1476670670e80e863bc5c665153ef59cb2a473e804e1990eb

                    SHA512

                    96bc7c46bf7bfcce48c6dab3b94fb7f20d655483373b0b7909dc819b52eb67eabb42873329e57d2ec630379690526d4625dcc57f8f29743033b643bb8914671b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K6H59MEI\41AOBT3J.htm
                    MD5

                    b1cd7c031debba3a5c77b39b6791c1a7

                    SHA1

                    e5d91e14e9c685b06f00e550d9e189deb2075f76

                    SHA256

                    57ba053f075e0b80f747f3102ed985687c16a8754d109e7c4d33633269a36aaa

                    SHA512

                    d2bbefdc1effb52a38964c4cec5990a5a226248eca36f99e446c0c5704436f666bf1cb514e73b8991411d497d3325ecc646cbd5065c364e92ab6b9c5f1ad4a72

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OMK7HR9K\HNG1JMQG.htm
                    MD5

                    6b17a59cec1a7783febae9aa55c56556

                    SHA1

                    01d4581e2b3a6348679147a915a0b22b2a66643a

                    SHA256

                    66987b14b90d41632be98836f9601b12e7f329ffab05595887889c9c5716fbeb

                    SHA512

                    3337efd12b9c06b7768eb928a78caae243b75257c5aabe7a49e908a2f735af55f7257a40bd2330dc13865ead18ed805b54a6c5105740fdcbbaccacf7997bcbc3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\~temp001.bat
                    MD5

                    ef572e2c7b1bbd57654b36e8dcfdc37a

                    SHA1

                    b84c4db6d0dfd415c289d0c8ae099aea4001e3b7

                    SHA256

                    e6e609db3f387f42bfd16dd9e5695ddc2b73d86ae12baf4f0dfc4edda4a96a64

                    SHA512

                    b8c014b242e8e8f42da37b75fe96c52cd25ebd366d0b5103bcba5ac041806d13142a62351edecdee583d494d2a120f9b330f6229b1b5fe820e1c7d98981089e9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                    MD5

                    3163bba8a4861d47aafa1667d3082fee

                    SHA1

                    32824014c8740b8fef306e742c891bec0ef068d3

                    SHA256

                    39016358b939b83cf9997c447458ae2d13186c3f66e66784c9e8ff4031b60c7e

                    SHA512

                    e25f77dd78df4a80ec02f01c8c6ed85fa0f9028ea87b899ffa0a5a87d211cb8c861d4e7912bb8d3cc3ee0a7240eb130f0abd6ffa0d3698b3d416c70de52eb450

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                    MD5

                    3163bba8a4861d47aafa1667d3082fee

                    SHA1

                    32824014c8740b8fef306e742c891bec0ef068d3

                    SHA256

                    39016358b939b83cf9997c447458ae2d13186c3f66e66784c9e8ff4031b60c7e

                    SHA512

                    e25f77dd78df4a80ec02f01c8c6ed85fa0f9028ea87b899ffa0a5a87d211cb8c861d4e7912bb8d3cc3ee0a7240eb130f0abd6ffa0d3698b3d416c70de52eb450

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                    MD5

                    3163bba8a4861d47aafa1667d3082fee

                    SHA1

                    32824014c8740b8fef306e742c891bec0ef068d3

                    SHA256

                    39016358b939b83cf9997c447458ae2d13186c3f66e66784c9e8ff4031b60c7e

                    SHA512

                    e25f77dd78df4a80ec02f01c8c6ed85fa0f9028ea87b899ffa0a5a87d211cb8c861d4e7912bb8d3cc3ee0a7240eb130f0abd6ffa0d3698b3d416c70de52eb450

                    Download Submit

                  • C:\ssd\onset\15sp.exe
                    MD5

                    061f64173293969577916832be29b90d

                    SHA1

                    b05b80385de20463a80b6c9c39bd1d53123aab9b

                    SHA256

                    34dfe4869b0a524c63cc4696fafe30c83a22dc5fe4b994b9fe777f2c986733ce

                    SHA512

                    66e284f7c7e40af988ab09ff48cc786d287ac906368042d98d313be764058f01ecb5c3a7ab8d4336ee6494ea4a1347e73f0f2b4f3baec25ca6bcec1d888bd3da

                    Download Submit

                  • C:\ssd\onset\15sp.exe
                    MD5

                    061f64173293969577916832be29b90d

                    SHA1

                    b05b80385de20463a80b6c9c39bd1d53123aab9b

                    SHA256

                    34dfe4869b0a524c63cc4696fafe30c83a22dc5fe4b994b9fe777f2c986733ce

                    SHA512

                    66e284f7c7e40af988ab09ff48cc786d287ac906368042d98d313be764058f01ecb5c3a7ab8d4336ee6494ea4a1347e73f0f2b4f3baec25ca6bcec1d888bd3da

                    Download Submit

                  • C:\ssd\onset\58nfs.ini
                    MD5

                    42f9b29cb18cec22cf1f68375685ddc2

                    SHA1

                    54de5fd042aa740be90f85d7887d41ebc0e00b4b

                    SHA256

                    7aac762ca37c72400df369c6a25d81e758071e570f8dd68f136290923165d007

                    SHA512

                    f4065bc2b1b5ef8577c22ee6fe3ee4e5ee9af413d7a693940e317d2ab23de4ac64079761469369b282665c5d19fd3beb9a9ecd0af64a40531df946c65f36ab5c

                    Download Submit

                  • C:\ssd\onset\81ldp.bat
                    MD5

                    a5464805722aa29200eb97cb26605135

                    SHA1

                    80b2c57e6475325a89eaaba24db02685830018ea

                    SHA256

                    03130577ed6032ec6fce61f3f4a52fbfd2e7eb69ca1901823682b392f89c0e8a

                    SHA512

                    d99760c1a82e2bd46d4d400c60c2c7a1fdfa057b84c6de2e992e19c662f62aed357e67c6f326e989124ccf7b67b57e1157b124e9bee4765e4f6730fb57660aae

                    Download Submit

                  • C:\ssd\onset\Ztestram.vbs
                    MD5

                    b835e273fb843348db5f05d2ed0958e8

                    SHA1

                    8a5feab98df1ef7a898863e941e8bb07d007b9c1

                    SHA256

                    066327629f90b617ff1980f80a69ff3f5d76b4b005bfe9ee1a52319bc5517c94

                    SHA512

                    5438cd64586b1bfb6b555b9183e50cfae143306b163d7b4810383198cb8afcee3b5631a4f7cfb65561c2bb9babfaf70e8403937ae8d80cae93e9cd57e5c8331e

                    Download Submit

                  • C:\ssd\onset\goodram.vbs
                    MD5

                    1ed7cb327b190a41ed8aee89c9be87d1

                    SHA1

                    6bd8634e530a6911501f1ab1c23fa4282d3a9e4f

                    SHA256

                    c31b950a44c81e1aaa37c495da1cf671ef730a5d1efbf5e68a875bf998c94663

                    SHA512

                    a9b85159614d71f91f05d9f1a4f65085105591ef7ca6d4094e171121e4259ebeca65fe490c28846b8d5791ef15cd7c01d56c7114aab517bab64c2f262c3dfb7c

                    Download Submit

                  • C:\ssd\onset\mesager43.exe
                    MD5

                    3163bba8a4861d47aafa1667d3082fee

                    SHA1

                    32824014c8740b8fef306e742c891bec0ef068d3

                    SHA256

                    39016358b939b83cf9997c447458ae2d13186c3f66e66784c9e8ff4031b60c7e

                    SHA512

                    e25f77dd78df4a80ec02f01c8c6ed85fa0f9028ea87b899ffa0a5a87d211cb8c861d4e7912bb8d3cc3ee0a7240eb130f0abd6ffa0d3698b3d416c70de52eb450

                    Download Submit

                  • C:\ssd\onset\mesager43.exe
                    MD5

                    3163bba8a4861d47aafa1667d3082fee

                    SHA1

                    32824014c8740b8fef306e742c891bec0ef068d3

                    SHA256

                    39016358b939b83cf9997c447458ae2d13186c3f66e66784c9e8ff4031b60c7e

                    SHA512

                    e25f77dd78df4a80ec02f01c8c6ed85fa0f9028ea87b899ffa0a5a87d211cb8c861d4e7912bb8d3cc3ee0a7240eb130f0abd6ffa0d3698b3d416c70de52eb450

                    Download Submit

                  • C:\ssd\onset\sata1.bat
                    MD5

                    03560667f8a4144f8d45f917fd522a95

                    SHA1

                    df8ec645f2cbecb9388c87a63674b508a791433e

                    SHA256

                    41e9529c2acd43b7a206ec80655016bb65ba6721acfd930d351399730e809ad1

                    SHA512

                    215824afaaf96acef5977a7e6f48b2133cd969b1d809db333bf1b700176dfaa745141aade50fb4bec1151087a3deb2d64ae542b2405a17ec53d17fbc69052ad4

                    Download Submit

                  • memory/2032-130-0x00000000024A0000-0x00000000024A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4324-151-0x0000000000E90000-0x0000000000E91000-memory.dmp

                    Filesize

                    4KB

                    Download