746475f67cd3456551c5cd9c6205c9754b2aef17472af1b40d41904df2337a2b

Analysis

max time kernel
1191s
max time network
1197s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

bb3af87238abccdd1b9001f96348e756
SHA1

6ae600ccff0741ce420bbd372c931b951094121f
SHA256

746475f67cd3456551c5cd9c6205c9754b2aef17472af1b40d41904df2337a2b
SHA512

c5f71d88b9938079fc4e44ff6b8329cae451c776fffcbb2ffafb29bcd3107a08a6f5f5327bc5b367a0bac7cf66ec18e549f09815099872882f431230694c5b7b
SSDEEP

98304:25/+S+eFDeCPb5AER4V3CItOqgw2JqaVqn3+GwpU5bAeCoMg:29+STDeiVAc4VnOqgw2URwpGCS

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{16F3DD56-1AF5-4347-846D-7C10C4192619} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000301193a850f6da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000301193a850f6da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000907295a850f6da01	AnyDesk.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000301193a850f6da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{99FD978C-D287-4F50-827F-B2C658EDA8E7} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000301193a850f6da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000301193a850f6da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{920E6DB1-9907-4370-B3A0-BAFC03D81399} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000301193a850f6da01	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2972	AnyDesk.exe
2972	AnyDesk.exe
2972	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2972	AnyDesk.exe
Token: SeDebugPrivilege	2972	AnyDesk.exe
Token: 33	2704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2704	AUDIODG.EXE
Token: 33	2704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2704	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2976	AnyDesk.exe
2976	AnyDesk.exe
2976	AnyDesk.exe
2976	AnyDesk.exe
2976	AnyDesk.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2976	AnyDesk.exe
2976	AnyDesk.exe
2976	AnyDesk.exe
2976	AnyDesk.exe
2976	AnyDesk.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2972	1096	AnyDesk.exe	30
PID 1096 wrote to memory of 2972	1096	AnyDesk.exe	30
PID 1096 wrote to memory of 2972	1096	AnyDesk.exe	30
PID 1096 wrote to memory of 2972	1096	AnyDesk.exe	30
PID 1096 wrote to memory of 2976	1096	AnyDesk.exe	31
PID 1096 wrote to memory of 2976	1096	AnyDesk.exe	31
PID 1096 wrote to memory of 2976	1096	AnyDesk.exe	31
PID 1096 wrote to memory of 2976	1096	AnyDesk.exe	31

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies data under HKEY_USERS
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2368
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
5675a27be609623d6ca19500a17188d3

SHA1
36f6f6eeb5c17dfe3599bd85152a07e39a62d952

SHA256
8c651062e34b9f2763fb11fa1d621d1905eac3bf7019018cb499060a1836130c

SHA512
8d662efb92c767341bb88056f4466032b91faddc85f523bee11870cea5667693828e37dd6ac06e87e5aad68c93b51a13bf6b16865a103904f894f7b9180240c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
c41c1d6c85c1f0cc9bf7a92715b22005

SHA1
d34855d55f655697119e69f28f501f3bc9e4940f

SHA256
0d1226dc273e0b36b74e5cda3277ff28cc5694c47e3ba6c0b87f10846638f72d

SHA512
f6a572d9ded74805be1b7b1f0dc09454739c571c9c39e8a5fdf2fa0601f7d713d7ded551ac05b049a45f55a8420682f2d0e7910cc39402ab8aa4a1645d54d423

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
65KB

MD5
73f2f43edd8de52ff523cdd6e4b3bdaf

SHA1
7a7a73723d6cf4129460b0945e5269565293ef0c

SHA256
2066be73f529d38a004b1e6749ea9b03de9fab1fa3942d4682c051b4e13752df

SHA512
d3987cc4b6e4b959b9387b7ed327eaf930afa4442855d96f37353f8c1e67a1e35ec79975e78290e2f24e016076c5c8280d2608f3b74c28062e4ba2034d31a123

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
facb19e75176da33e26af4c5df625287

SHA1
ad50ff842c51acf0bc68e6b3a2458401b1f046e0

SHA256
8116b9c71478512652397822018003466e0c4d127e9cc12e740cff99e74781c3

SHA512
38b239be5429b60e57d7625ba7890df1d0901697b046a36bd6a0b7ad6a153a76005368bcf79afc41716e0e6327309769288db67c9afc52443409fe823fc3be34

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8534f5ad3238b06a245ec9563f03a135

SHA1
ac66593ca951cad4e3c60e817d5417a7cd89f0ec

SHA256
01161d826d6953267575f837b182ad7bbf5a76b64fce2e598f2cd3b234fd605d

SHA512
0026f4580d359222387416e2704e42c2a00576bfbdc31093388b70d36fd6f32019399521dbb9c9ffbba3e66ae4d09435d54e0491e02934d86add946116e61b4c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
1728bfc8d7191adf301396701cf707d7

SHA1
108608a646696ce043f841d9d7d417c5a9cf5122

SHA256
4131495b1eee00c113fa0f4ed5ec99cfdbfef346e63a468695791ea136399655

SHA512
7063e1c9058e104b44ae2791fa5568f93be471529db548b17970442e91d5a080122e7d368f53af5f1a3bfee59331fbcb2488452ce9cb14a42b719dca898c40ee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
e163cf718ff646451b255fc4ffabbc42

SHA1
1eb8bc481f05effa29a92839467a519d194d3d70

SHA256
52b8758374d5cdb7b1eb6dd52b6ae75fcc198a5470d62e75014339e6224a687a

SHA512
50f0716585698aea9068b3b5bff9d90db70379b0175b1b857dac48d9a81cc75173d47a04d646063f225dffea4175f1f5e14d98e3727ab9d840c02ccbc7d03df0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
ddc149f31339b8e833ba83d92910d897

SHA1
bb1947e90aa5d781a9e418c5627ca8711b1fd95b

SHA256
42d87f1ca557923285173a11b3b0d1c174818c1a4939a0775ce5f74cfefe8855

SHA512
8c4862a4f557593a2808e2b06d03e4aa66ab2bb1c4747df9608234b1b62e8da52d566e9a08575a9e914df6d6fbe5e76dbe5f87d287e17ead4688a3aa5e548988

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
69930d2f5144065f99c0af1c073b6f08

SHA1
76ec1e0100a71e583eb569e3a81c9545b15f721d

SHA256
db7f8d839bc9b000cc740f13dead45b7a4aaf88bbb66b928c4097462b09ec9fb

SHA512
619d61ddaacea49f6cf45e1ce43d5ca036d4c4c74e6e201e3ff07ded8e279f1134b73d6369a2daad04d91c328b34a16f0e5381728e0f4b047b3deecdc7c82cef

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
9dff0d8737305e6d5ab06c3b86fd7b8f

SHA1
691645ca36f1e4f7b0fe91c770bf1e7362947026

SHA256
d23838cf47499499a9bdf678ee423d26032a3d7d5c78373720c05641b1668ba9

SHA512
0bdccb6c40d51bf00713bfc99b0ab18f2582de5706732974eddf7c44822cc61f99fdc8141fb18a2d7f044da3bb6172f72bc0b13a9f2976c62f39f2eeccb50239

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
5a5e73a9a4c354c641d9b147f34193eb

SHA1
9064bb9369ceae658f048079426bd74e05b739f1

SHA256
36433908e25577c729e65c28bd680d8189fb367fd8e9f858c18cee6e124158f9

SHA512
f34bd955f68fca171475b91376de29897cd6ef97b809308e27c2c41ba950b57ed15308557f9b05992501669415c2c4d3084b033ee9b2026249564dfd6d1f6769

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
6a2694b4c52e114eec23818cd76bf81d

SHA1
d00117ed5e3b15597c652328c7b60b1e6cdeee55

SHA256
d08021cfc03247f8c7b6778bbcc6e4ed204022d18127bc11e7c62144e42dd1d9

SHA512
a9d203ba5d619b0a3ca7ea5b1c2e92ba2e625c3132448bca21af226dc4f3dcfce3aaa6311dba5fafb313f5da1688d971819db6e136bde1b1bf1efeef7b189c44

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
2a9c0f3d7f028dedf5c57eb485679009

SHA1
070acb2f791c2d95f63f7017244fdb3cb8ad1bd5

SHA256
2735e69a70e7a7de59e41e5a384c4e526ee27af5ac9e220ed10e911bd28d8c1f

SHA512
247298f124d8f4bcacd0d7e25e824e6363d9b5b34453e9a24a60d6549cb4b4b4d90537b5f90eb36f6aec3c1a453fb00d8ee8aa2261c0b83ed352880f242a63fe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
91c1c89d1b8f26012472ef5eb60a0e15

SHA1
fc0da72881cdb464a12d249f4886ba2b64630dce

SHA256
aa82653bec48e840a767021434fa9f3b1829518b5ffe5771e006dc7648660bc9

SHA512
713b1f367d00c0eebc2c81a51dca7ed0572652f17325a78f1c0490d64dce366140e64736f1534ed8141d67e45ce04539d43cae6ee645e55ceacde1ba18a334ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
712b1612222c9ca1b4872a4336e6d67a

SHA1
9681fedc8b1ae92c34fc9ddf5c3c535405a81396

SHA256
85d7ff809803b122a1944e510469a6ee57dd54397b967afe0030b0e7b769968e

SHA512
7c7dc2385f55384f55f0d1b1b18d7446ab0b60e249d671899dc459c2d1ca1fabec8486bae57794b952c680b6eba22d565f9f5b52e068d8a5130bb5841ba53920

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b3d0fc226f8fc7f3624bcc764d334847

SHA1
2e010f32925a4835a6060c212e905574fa7c15a7

SHA256
25746f0698ea996182f391be7f5015e3e7a0dcdcfb21d64cc7acfd2ce5f12e9e

SHA512
415f3f2ad19af554466cf6a1c464b8ec904bc9da496a0845135b4e93e9f5c702f6fb7bd639c6f1007f9c0094aff424949bca4c3c0e855908369604b95830144c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f31fe75ced634648d7eaacdc562a3440

SHA1
c8532da0ea11712e481bdf5170edd7d7955fbbe5

SHA256
1d38cf044e65d037386f7a68ebc4dd710bef583b651a216ac662acd4c0ba207c

SHA512
1b55ac45cba1d4c0f4e1c09b50106a5d4aa79181a22262aa35962c7103e11fb428d15d52078cf7dab040fd7cf416150b3a4a953cde5c790c8fd5a91850b24a21

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e741399adea6d8fe4a333c8a1e7f7df6

SHA1
c07ab4ce21857a3f81013816fc6597ddf7227d24

SHA256
8d21dc799b89e011ee419fb3dc355c1ad76f2edd2f87ed0c7e3f69f138fe375c

SHA512
dae0d1e800d18890bd23fb6e567ec2f928a1e7cb3fe42b01d33055d485bfc9f23030dcf99e73c6e2c0af13fb99e37ba2b77ecbc91fafe085e1a76ab598e1dec7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f018345ea84722c35813b69f40b6ab3a

SHA1
839693b89020603d3f7e707fc201f7d00352702e

SHA256
70e4d198418176e75fa04bf0d8cfcefd15be2817d3e31ea8adb4267af2e47dcc

SHA512
b38c87aaded9554c1b22aae58520525f2da6b910ce1882c18b906aa88cee958c8f02da71203ab7eba1b2f401b0af9fb37f8873d92dcc64a33f53093b153e3dbb

Download Submit
memory/1020-259-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/1020-231-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/1020-255-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/1020-245-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/1096-2-0x0000000000FA4000-0x00000000021F9000-memory.dmp

Filesize
18.3MB

Download
memory/1096-1-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/1096-214-0x0000000000FA4000-0x00000000021F9000-memory.dmp

Filesize
18.3MB

Download
memory/1096-215-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/1096-7-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2368-285-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2368-267-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2368-290-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-281-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-291-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-247-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-253-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-300-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-297-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-13-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-243-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-230-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-294-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2972-216-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2976-292-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2976-254-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2976-217-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download
memory/2976-11-0x0000000000FA0000-0x0000000002713000-memory.dmp

Filesize
23.4MB

Download