Overview

overview

10

Static

static

1

interfi_acid.zip

windows10-ltsc 2021-x64

10

gath_acid.zip

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    422s
  • max time network
    427s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    05-01-2025 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    interfi_acid.zip

  • Size

    8.4MB

  • MD5

    a1927e0a66add92bd80b2956d133147c

  • SHA1

    6354da51d6f9550fa48cb863e3ba756f31adcef1

  • SHA256

    b3cf39e53e1045f100a129def75b7f944fee6443f8dc4ed3f3183f78ac7af8f1

  • SHA512

    d3121522e7e7042f69aefa43602570689b7bf236c167c4d28e3b63d55baba26ba8025a67f926b72a94af88b55b3aad5abf391dceed50e4955ef996df05223cd3

  • SSDEEP

    196608:9hfbf2TiHtxoxwvRMDnW8hYUSm6kkBO86SNKimHtrM6s:9RbuTCKAIPZ0k9TSNKBHtls

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\interfi_acid.zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Users\Admin\AppData\Local\Temp\7zO8474F6F7\inter_acid.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO8474F6F7\inter_acid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c move Citation Citation.cmd & Citation.cmd
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3720
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          4⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3052
        • C:\Windows\SysWOW64\findstr.exe
          findstr /I "opssvc wrsa"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2276
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          4⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3916
        • C:\Windows\SysWOW64\findstr.exe
          findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2320
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c md 170898
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3144
        • C:\Windows\SysWOW64\extrac32.exe
          extrac32 /Y /E Repository
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4676
        • C:\Windows\SysWOW64\findstr.exe
          findstr /V "zen" Consist
          4⤵
          • System Location Discovery: System Language Discovery
          PID:5000
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c copy /b 170898\Heard.com + Proposals + Organizational + Extension + Mb + Elite + Parents + San + Wordpress + Citations + Iso + Aboriginal 170898\Heard.com
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2832
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c copy /b ..\Willing + ..\But + ..\Situated + ..\Thermal + ..\Shuttle + ..\Conflicts S
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4328
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\Heard.com
          Heard.com S
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4952
        • C:\Windows\SysWOW64\choice.exe
          choice /d y /t 5
          4⤵
          • System Location Discovery: System Language Discovery
          PID:720
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:904
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\Heard.com
      Filesize

      2KB

      MD5

      430fde969f9da31e57dd08e4ababd9f3

      SHA1

      7ae05c0a8dae69b299aedd96d4b6ad5747576955

      SHA256

      a7ba6cc14188c9f372287a0b1c09f85610cf9d199db3cc6e2fb6bcefbce18d69

      SHA512

      5adf5ecd024a2e794f47676c130b306c1ba25f5030e590d2cf53dc03628b776c97e2a63236d820abb5563273f7085bec921650917c205fcabb93e85c3d48d0ae

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\Heard.com
      Filesize

      925KB

      MD5

      62d09f076e6e0240548c2f837536a46a

      SHA1

      26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

      SHA256

      1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

      SHA512

      32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\170898\S
      Filesize

      468KB

      MD5

      e29526011a875b5df841536c5753c6f7

      SHA1

      cd0a163314691bad0879c5c4089f80753e152a9b

      SHA256

      98da08475b74376406ef3ef14f37679fe7a570ec352e5452dd92a334c951efd1

      SHA512

      e0f21e5118bf8a5350c08897ba7d3592685c59af6708a38dac900de9d368efe05b70c071f2f95fb6b66f25f0128b79201f70d09f48674b1a1a950ce8598e3f98

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Aboriginal
      Filesize

      73KB

      MD5

      07314039b19dc13c7a6c82f2a9274051

      SHA1

      d11ea8b8d1b309b6c37f2f82b21d7dd81212084f

      SHA256

      c720ccc9b2b3178bf072abb0c1057acc6726da0fa6a2e50a87af879c40e2ed7e

      SHA512

      617831791d8e83f889f1a7864fc7dfd5d4e28e10b58996297619316cfcb057a06a160c293006839a4a62a52ed6864b47839f8a335175317095992a31fb7e2166

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\But
      Filesize

      96KB

      MD5

      353cbcc4db2a06ca96989d8db45f5845

      SHA1

      8fedd5bb69d3b32031e05290de53efe342383491

      SHA256

      7cee924f41c91b416e718494229926a01fe493d882d0d9994dae053e1a12eafb

      SHA512

      a3a8e0a6bc2407fd5ad8189a1cff148671e4affa2157d7238df71164e671491b0fc62e3f218a0c1ec0ed10daf2b927e2b7ef6d7826199da08c8484596e002dd3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Citation
      Filesize

      17KB

      MD5

      6627bb2c9f64f623b082646bdaa3771f

      SHA1

      02d4e9eee858c99c7bc869166db9b70caec40186

      SHA256

      4ad227feb69b27715eda0555b3963f8d6faecb971f3e4627b55ef9e766710b0d

      SHA512

      7acebfa6d8b03c2718e3652e2060cb64322f4440701ca88e6284bebf6848c90925d1b0b9d4be6f55b8023c7378166e1de4efc3f4970c3a54e8c1aa508e5f8110

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Citations
      Filesize

      65KB

      MD5

      bd0c8169fea6a0f0ad4863961cb3e828

      SHA1

      a283793374a89319f3161f258c590832ddf18770

      SHA256

      3aebd16034dafb00367c74809de05380fbf0de25c5cbbee7485b69eee55d3e06

      SHA512

      fa170a2520e91454a777f559086862d24c113bfa529715c35ccc42220be191628d2aa0e1bd255104463698e8ee957c84c2af0a2caec06934b482a1cbf0bc66b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Conflicts
      Filesize

      23KB

      MD5

      6f0c63fb9a8005e1b9893326e4c5d644

      SHA1

      37c8d16b7335f238f2dd0f4d080071b17b7cafad

      SHA256

      cc27a286bff343903ad429d8443957ac09064d6ec7b27db26827b1a835c7d748

      SHA512

      738acaaf1947758670dfd0228a544e74cf97dc4aaf7d35fc7829452975bfc37ad12a1ed9a0cd9d44a318e7ffc63935925be4995980b3a00d29184372c3cc7693

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Consist
      Filesize

      2KB

      MD5

      83312cafd3a0f5112950c5e033d1f877

      SHA1

      1ead3f8680199ad967a050123d1c848a4c37e3ee

      SHA256

      74bbb520a6f27437431afbce50d7f3c52711b8860d910588e2bea2c3cb24fbf7

      SHA512

      009a57214977c088bd1b2e4f24dc2ee2c563376716d134fd7850dc0424ebff9f96db0c032cca3307c50150d0f8492fb055cf0aaa24012c49714d50eb3b90b738

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Elite
      Filesize

      126KB

      MD5

      53e2756e1204e5c25c38307daa54185d

      SHA1

      5b99a9c06ce605d93cc5b43b2efd766c4edc89e9

      SHA256

      7c5d27dddc9407fe64ca0fd3ba884aa9d593fc91bf7b4ec5127acbaa4e1e2ff9

      SHA512

      65cf4a3695e54cdd621d599f027dbf8b6de1331cc77765ee0fe3fe40de795398049a3e5db10cf79c710272cd1ba8640c87c7750b76f64ce9848adb5b43797d02

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Extension
      Filesize

      66KB

      MD5

      ca328a92d384e1172b0f657e588197cd

      SHA1

      e0ea7102302f25b4218159bf32ef79e1bb56345f

      SHA256

      bfd10879455f94674de0d891b993e28c84f547a45200e23ded744b76a7bf1abe

      SHA512

      b25c494e79d057d32498d25f85b8f85018b9495af7ec2d254d23dbef9d1d1011332455574e24f9d4d4ef2523b8ae660e0c41075a6e794f9632af758c3c959d49

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Iso
      Filesize

      58KB

      MD5

      8f7a27ca8809b10dc04c9a81b4c82b03

      SHA1

      5bc8d6a5db258139be81b4cf8a46b542cc9f93b5

      SHA256

      7a1c064f518ed6d7596ed47faf2b8aa782e763948aec3d84d6006ff97d5703fd

      SHA512

      9e688577a417e5a4940c09477b6e0695ea13fe032bc23b484ade6050fad8db51ee071ab3ab9c2c63f060855dd91960b2123520067a79ab642a41fed4d22fadd7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Mb
      Filesize

      144KB

      MD5

      c62cf4ea70d4c9d82852e1ffc94e0437

      SHA1

      793bc14e085fba0dbc1fce0d8407ac1483f3926e

      SHA256

      7e5ea196f771120e2df45468ac39df309031b01926730a2b1dc4acbb9f137c8a

      SHA512

      1fc7bd0af67ef6cc51400a7bff017f74bf5368818f57d51c107a69f833dd6b267919a4e5e4ae5ae849e0437eab80a26c3a629bf0ddbbcee4a7df0d6487ed9e12

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Organizational
      Filesize

      77KB

      MD5

      86dfe448d6f558dc4ac44dbbebefb0ce

      SHA1

      aaca62907c75daa348ad0cea162b0c4197a1b781

      SHA256

      eeda28037ede8298dab5eb33fa2a6615439cfdbef809e6a765f3ad322ef7016d

      SHA512

      0a3d8e00dd5a5ce937e22a77f270ca3e42a870f65204c1a36cf49d3b411247ab0a1b58d2ef7a913987afce0b6e7fcd5be8c463e632806d41aaca1617231f4187

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Parents
      Filesize

      77KB

      MD5

      ed7bbb47a06dfb797c1c29023c951964

      SHA1

      f670b7b70ff683d513a0e278bdcb7c3ad4fa70ef

      SHA256

      31984e14c8a40bbda23c1bb7833f218bacc04eee6fca486ce3c4998e5009576c

      SHA512

      c020b04283888dc850a98b14b160c4ad454c9e9060689ad59945da5615b04972f8b5e08c921cac9edc8e77e697d0b9f5197b7ff816170b84701c320d441f8ce5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Proposals
      Filesize

      67KB

      MD5

      96a4f605abd67c69596d0f30891bcda2

      SHA1

      8c3e19dd616ce28feedd05e6d5df2a77b959d1ee

      SHA256

      c17bac465a6f151832b1df82dd19d944f7612d7718162c78766cd19c3f3da1b1

      SHA512

      a81ecd134e41b1bc0c7b11f6c8bbdbdef71a286eca4b995cd21c167efbe04ed9050cf2d7e8279609cbb1cb338cd66db879e1cc1d26fef154ac7bb735bd77d1ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Repository
      Filesize

      478KB

      MD5

      3fc44943e0e388647474298f5fc4f98c

      SHA1

      66aa8e5313b1715fce540f1cf985337115d3a60a

      SHA256

      d6128ec0e64b67be5cb7787e91f2d84330d7c8fff4ecc5bf78c2f2d8f55e094e

      SHA512

      4cc34dc74a34f2fa8e2ead392a3f7ed5e38fc1f50e37b425e416abac0d945056fed50ef549568afc59104dd1e1133abfd545b3f1a1be8d4b1fe9ceeba714340d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\San
      Filesize

      109KB

      MD5

      68b81ca65154f033364440d912d50556

      SHA1

      0be175fa5e63ece9188b733e9b56d424a87ddd64

      SHA256

      48771a7faaf737d13e454593703a8bc1304352a49710913b3dd21a70afd18f9d

      SHA512

      fff833a5d0c7e95b74d0fe1c492a71b5549b0bc8751cbffaa6c855e220edc222d8c1ac6c05f2f5a3696f3f8c5d029394b974a2831b34ccf053140de59bfdcd21

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shuttle
      Filesize

      69KB

      MD5

      5b24fa429fb2c46e9b30609ff0ce2a48

      SHA1

      5728528cf2245e0f189af5a510faeae8b4d41abd

      SHA256

      b4ce707bab0cac4f91125d6f88052ff734405c58eaa1744e81e088438b8de8e6

      SHA512

      ccbf1849d8b92e0bf7e2ebe379f5bea765a0a5063c69bd32ebe4dff23e5e0b1a8bf991856417a44c49503b5d9b3d154549334de199404517880e507fac25dd6f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Situated
      Filesize

      99KB

      MD5

      ebd570f07376bf2f88e64312737b8e1c

      SHA1

      d8daaf771da1db6a27e1566c49479f52d1aa0257

      SHA256

      710ee0073474296f0c83c5951c60998e5694beaf438c1055f2961a0d4228435a

      SHA512

      f7e0974e7e90a2f740856715e077b4b49bb827d407ce8c330dcefa9e752a29a523ea2d843d38fe17a574e33dc6be0ed46f666fa681b6bc52dd608b0960347e90

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Thermal
      Filesize

      83KB

      MD5

      38ffa94e0e6c78baf39af60e3c708117

      SHA1

      ae52d958bd438dc0e7d2aa4f83d062eacf6e211b

      SHA256

      c85681f23ae88c9b5f480046920672b4e1cc510f2af1622910b8247ffb2fc462

      SHA512

      011355e40ffddbcac081bae30916982c405d604241a42e9668fc96ad1b9d7083240f9c7d14e9fade35ea41194a8aef836d8bebfc24682bce77e49bb2ed981605

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Willing
      Filesize

      98KB

      MD5

      ab8332216c0359a94d5907d2499796dc

      SHA1

      522c62354690742aa60e1fbd7b110fd6a3eefb92

      SHA256

      ba8c84e37d3a7b1237f014098393e68aeca58dc527ecaaf994f5a2bb078cc90c

      SHA512

      0e4eb5abf3a460fa47397592affd5280a5a2173d88a7a703ffe622eb4c60bd9b12615674a39b564cf5abdbd9cda2339183abcb38d4893b5ba06fe7aac7a74cd4

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wordpress
      Filesize

      60KB

      MD5

      3f0a63af42ca7cd1017dd29fb2145a9e

      SHA1

      c9067449a9ee03f063f14419b4e04f3f3ff50af8

      SHA256

      3128948b5b4145db9cbbc96081f7374a5af5de421145c05bd0038940ab8872c1

      SHA512

      95b17ce111f774eecb73a4aa17b450de2fcaf02d33f4d182e7fdf811f4831fb0c2f002a5c3f8e5d26db6889589546227fe017c1143399b61d56dc16fc16bf12c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7zO8474F6F7\inter_acid.exe
      Filesize

      1.4MB

      MD5

      4fd542a5d9d9fb3bf5c712d9c8798977

      SHA1

      fdf1d0613754c4c422ecdccdcdc8e6509adbf042

      SHA256

      dd376180de2b87377738050491d1b6d49a8a77b32c8145e7ecad56185130012d

      SHA512

      a48db2fc60b9e9ddbb522a58551c246fcb3642422901b3a4adf550f145db26ba8921fc22c3268f6113022ea19209748cf8647f63b3a7a987dbf1cb97926687e3

      Download Submit

    • memory/904-33-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-22-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-31-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-30-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-27-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-29-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-28-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-32-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-23-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/904-21-0x0000023C3E330000-0x0000023C3E331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4952-99-0x00000000050A0000-0x00000000050F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4952-98-0x00000000050A0000-0x00000000050F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4952-101-0x00000000050A0000-0x00000000050F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4952-102-0x00000000050A0000-0x00000000050F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4952-100-0x00000000050A0000-0x00000000050F7000-memory.dmp

      Filesize

      348KB

      Download