Analysis
-
max time kernel
152s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
19-10-2023 15:41
General
-
Target
8474da7e8a71af08d6c2eae2de2a93edc2b77bb93399fc1b1895fbd8.msi
-
Size
2.8MB
-
MD5
8f82b80d2996a27e5efd72c1748a6048
-
SHA1
7c3deb150d73fe97e8efd1086bd42dca859a4766
-
SHA256
d0a0a3ac8865737a917983d10cf7307ed235aa4102d146f6858818694ab8f3f4
-
SHA512
9f476032cf5dbdfa57d2fa34deb8330eca8b118ffcfb344f013437758311cd390f51c5ca803a2cef93bf9b54854451362a68e1fac16a330e39479a14a32df69d
-
SSDEEP
49152:KpUPZCQMukBtM5X1nMg1Y6PWG0QIaqZQxxWsprXhTrdMqsI1Jqf1vOEMH+3iplvB:Kp2czg71Y6PWGZIaOYxWs1hTrdMqvJqg
Malware Config
Extracted
darkgate
civilian1337
http://185.130.227.202
-
alternative_c2_port
8080
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
HLzTkCBjqtAfzL
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
civilian1337
Signatures
-
DarkGate
DarkGate is an infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 64 IoCs
-
Blocklisted process makes network request 60 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 3 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 11 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 2 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 53 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 34 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\8474da7e8a71af08d6c2eae2de2a93edc2b77bb93399fc1b1895fbd8.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1A584444E416AEC08B27C8684644BB172⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ICACLS.EXE"C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-4a80deb5-380a-48f5-9098-0a8a0c33c247\." /SETINTEGRITYLEVEL (CI)(OI)HIGH3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\EXPAND.EXE"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files3⤵
- Drops file in Windows directory
-
-
C:\Users\Admin\AppData\Local\Temp\MW-4a80deb5-380a-48f5-9098-0a8a0c33c247\files\windbg.exe"C:\Users\Admin\AppData\Local\Temp\MW-4a80deb5-380a-48f5-9098-0a8a0c33c247\files\windbg.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
\??\c:\tmpp\Autoit3.exec:\tmpp\Autoit3.exe c:\tmpp\test.au34⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\MW-4a80deb5-380a-48f5-9098-0a8a0c33c247\files\datacountry.png" /ForceBootstrapPaint3D5⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
\??\c:\windows\SysWOW64\cmd.exe"c:\windows\system32\cmd.exe" /c ping 127.0.0.1 & del /q /f c:\tmpp\* & rmdir /s /q c:\tmpp\ exit5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
\??\c:\windows\SysWOW64\PING.EXEping 127.0.0.16⤵
- Runs ping.exe
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ping 127.0.0.15⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Drops startup file
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
C:\Windows\SysWOW64\ICACLS.EXE"C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-4a80deb5-380a-48f5-9098-0a8a0c33c247\." /SETINTEGRITYLEVEL (CI)(OI)LOW3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
872KB
MD5c56b5f0201a3b3de53e561fe76912bfd
SHA12a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
SHA512195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
-
Filesize
170B
MD5c11de27657e82b7c81e1bf21b6fa89bd
SHA186146b06a8a3294d58c3b947955bcf45b7a8ff49
SHA256e7d8c54ce352dba2c62c2722cdd71b3aef026485f64d7342df437e6380f434dd
SHA51222b3ba903ce25e45921e112e3277c04b280d20f2b3e35aa80aef3f1a556013e153d6fd4710e049ca6b40181b5ed21aa99e55d023db151b7fe89f98f130551695
-
Filesize
2.6MB
MD57b9bdbec97cd227e8b03ce1e797a98c3
SHA1226cb4b94545a5e4e00fe2209252182cc3b4dc66
SHA256fd23dddaf0d3698c0a9bda2235ac79071a4caa68e5a9635fd3f681979c020ed2
SHA5129cb96d687965e63a5fb30ea75c52a4a56061c7f0ee93f23a1676c44b2b1973d8c6722c1d409ad28f0a8cf78fa8f3e419f537de89416c6f8252f58788b35ac7fc
-
Filesize
661KB
MD5e5f36215426555498dbba13bb15b012c
SHA1013d8597350e791f68a72dd1b089a3252e67b0e2
SHA256c67232ee5b6e81e173fb18c7ea395105de9138da921ef17ce2e3d8ff9eb8a8d7
SHA512d27dfc373ed1054cebfe72141da96f314fbaa826109c3a1ea844be968a7f87ea208efa113a7e785e3619a034c54764b79a5133c20e0193eb225bd62b1647b814
-
Filesize
93KB
MD5a4693a1dd2c47ff19154bc9943fac883
SHA10303db5fa3289953eeb5b8b4e44cc42c3be2bf10
SHA25610129ba8547d56ba4e6f763918f0f3f8e7fabb9292e289b9dad2ae7d05cbadb4
SHA512bacf272d29c52ee8f468fbe861146ff25760c224038bb11b33ec919c5371ecb59a2c3e39163ea2f966c8a7865f3defcff9cf5e1c980b7d5db7a6c19d67251495
-
Filesize
2.7MB
MD5ea7ff1907bdaf0fcfab733e020a70b4c
SHA11b141ae68ccd8b453fdbfa151c1f0bfd6dea85e5
SHA2561fbca6c9c3667f6f196ea18111f624c7468be6c7b7cbdb5c1b21e2fdec2e2925
SHA5125b9433c72c606e21c1fb3ee1830cb3dc7911cf839a52fd38626627c0b6cbe9c158bf9636ff45b68db77e3ca97c43cb54731e3221583549ab0bd5a3fd4c29a22a
-
Filesize
2.7MB
MD5ea7ff1907bdaf0fcfab733e020a70b4c
SHA11b141ae68ccd8b453fdbfa151c1f0bfd6dea85e5
SHA2561fbca6c9c3667f6f196ea18111f624c7468be6c7b7cbdb5c1b21e2fdec2e2925
SHA5125b9433c72c606e21c1fb3ee1830cb3dc7911cf839a52fd38626627c0b6cbe9c158bf9636ff45b68db77e3ca97c43cb54731e3221583549ab0bd5a3fd4c29a22a
-
Filesize
62KB
MD55f6d7117758a11c5cc96725a4fc72348
SHA1eede69efecd034bb059b90b1bdd48d406e80f5e9
SHA256a5e75d0cb8ef19d4c28156a58b14958fee2ca7c8bf69e4cbb3c4333a0fd21202
SHA512954d8c7ccc171e47ec495af646638e32f712624c707c6c6edcf860161ba337296c2fa955232e39f077d11d772717d47ee44eeb7554ac904d4936ce3b97fcd4a0
-
Filesize
1.1MB
MD5a82fd06ad4339762ef1ea3e6ebf28fae
SHA15fa84f3ad4a2f1e078562c00e6bbad445418cdb0
SHA2566c61ce9dec3052ae229596c8a32fc2cf8c9090b8b632998ef69de580cfeb1afd
SHA51263eda89fb03ae581c888c189906ec84ea8061097ec55296c0c6bbfa649a9d7e58d5a299e6e2bacb7d9aa8abad62ceec1f5f4e47e4236f9d7de9aff76c502d052
-
Filesize
22KB
MD53b1a9a56eede8c6335e94959d5231ac5
SHA18d256fc02492b6c51db9f3861746b386e62ba317
SHA256161a04957d74daafb21d9a03dade488ae7ebcf90af0e7e41cad1445418a9b3ff
SHA5129fb552bebb2b72cb8f2df55863ba529974ea0d81da83cffb12f95974faaeead1d623f1a6df87478d308cc69a5102cbd01109dd5b8cf0fe11e5132baa903ae6e0
-
Filesize
22B
MD5ed8842c313a411cf074fb082b7184ab0
SHA12e411a8b4b62c15e31415fa63742d4c40e8265df
SHA2569bcb8b4872fb35ebb4413b554a9b8402b39119c78d120bdcef353ce511fc93ca
SHA512019819aacc76617a466da73bfabdd892c407d7e74844329fa47ba3ea1e13379a41950988976b5021ac2cb9068da904ae93c249a229ff6dfa7fdb633f2adc1216
-
Filesize
474KB
MD504ec4f58a1f4a87b5eeb1f4b7afc48e0
SHA158dcb1cbbec071d036a07f0e8feb858e4c5b96e7
SHA256bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4
SHA5125b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80
-
Filesize
474KB
MD504ec4f58a1f4a87b5eeb1f4b7afc48e0
SHA158dcb1cbbec071d036a07f0e8feb858e4c5b96e7
SHA256bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4
SHA5125b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80
-
Filesize
1KB
MD5aef763ac67fed95e4c52411e5cd7a7c3
SHA1b831ab35f462078f9a90c707286928cfa4c81bd8
SHA256b2e4e1e642542783979f383211f1d0a3644302ae3a70b40fea920cab98f78379
SHA512e9b87081e7c0aafcf05624024a3aebc20f630409852529932b790914f6beb0fdee33c6e66e0e78f5dc57e7880cd8220c6e7bfa1e748e47c44ec9079a8b94914b
-
Filesize
1KB
MD5bd4301070156d675216c21ed4e02efe0
SHA17bcfde5779aed30689bd7feaba75746a5c3f1679
SHA256f2882378d88ae6b58e6a986770a56b5409b1ce5ad70f888e4fa4e36d9c1a739a
SHA512be598f0e219fbbf10a24f3a057c3264678606d2cce620c436f5d519877ee2f912c8361b74fff1cc76a178293e9dc747636045973ee13c202a4a3c107d3655e9d
-
Filesize
1KB
MD5bd4301070156d675216c21ed4e02efe0
SHA17bcfde5779aed30689bd7feaba75746a5c3f1679
SHA256f2882378d88ae6b58e6a986770a56b5409b1ce5ad70f888e4fa4e36d9c1a739a
SHA512be598f0e219fbbf10a24f3a057c3264678606d2cce620c436f5d519877ee2f912c8361b74fff1cc76a178293e9dc747636045973ee13c202a4a3c107d3655e9d
-
Filesize
208KB
MD5d82b3fb861129c5d71f0cd2874f97216
SHA1f3fe341d79224126e950d2691d574d147102b18d
SHA256107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c
SHA512244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b
-
Filesize
208KB
MD5d82b3fb861129c5d71f0cd2874f97216
SHA1f3fe341d79224126e950d2691d574d147102b18d
SHA256107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c
SHA512244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b
-
Filesize
208KB
MD5d82b3fb861129c5d71f0cd2874f97216
SHA1f3fe341d79224126e950d2691d574d147102b18d
SHA256107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c
SHA512244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b
-
Filesize
208KB
MD5d82b3fb861129c5d71f0cd2874f97216
SHA1f3fe341d79224126e950d2691d574d147102b18d
SHA256107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c
SHA512244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b
-
Filesize
872KB
MD5c56b5f0201a3b3de53e561fe76912bfd
SHA12a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
SHA512195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
-
Filesize
872KB
MD5c56b5f0201a3b3de53e561fe76912bfd
SHA12a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
SHA512195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
-
Filesize
23.0MB
MD54b186542ae23e113cc669e149007d630
SHA186816266316efc3754d3b6ea888a0cd008eceb6b
SHA2564f0f2a940d90a5bfed87ae86db01e9181fd233a92487d517379da4fbdf07ac65
SHA512ada3fbbce509490a1ea812886f4903c055fed4ba244469e648f7177496a9e3718874331bcf1e4cde4184471c284e2650e25222df28d2a390ee45ce76a4539afc
-
Filesize
5KB
MD52def4201c3751a06067120a46df98765
SHA1796e3ed21191ab950292e57708475de3ec0d11ac
SHA256a05fb6d9a413e582e0857b04199700b290cec489e93f05f8960d3ef8edf78310
SHA51285103f21cf83337fc6aed2c36081106b1fb00ee9e9f38ac606bdd77398525f580ae5e1d4edbd652363802e8039d2e1d71ea2678404d20964bb50831b58fa27e0
-
Filesize
498KB
MD5d7f6bfa501962aa242fa445ac78afa5c
SHA1f9563cf07b077c10dbe9bbd139830f63e0852c6b
SHA256d96635e537fb3128b5b1ce600c1739471893100a3450d82a224e89ed56e7db39
SHA51273ce2fc450c08aaeda6b825e238773912eaeb3e6730b72a3c58c223782a98389e53ba5e1a565c37fb11c231744d2e09059db34734f05f89481c2ce10fb6de12b
-
Filesize
872KB
MD5c56b5f0201a3b3de53e561fe76912bfd
SHA12a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
SHA512195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
-
Filesize
498KB
MD5d7f6bfa501962aa242fa445ac78afa5c
SHA1f9563cf07b077c10dbe9bbd139830f63e0852c6b
SHA256d96635e537fb3128b5b1ce600c1739471893100a3450d82a224e89ed56e7db39
SHA51273ce2fc450c08aaeda6b825e238773912eaeb3e6730b72a3c58c223782a98389e53ba5e1a565c37fb11c231744d2e09059db34734f05f89481c2ce10fb6de12b
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
2.8MB
-
Filesize
3.2MB
-
Filesize
4.0MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
4.0MB
-
Filesize
3.2MB
