Analysis
-
max time kernel
98s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
05-01-2025 14:22
General
-
Target
http://kingfamilyphotoalbum.com
Malware Config
Extracted
meduza
109.107.181.162
-
anti_dbg
true
-
anti_vm
true
-
build_name
6
-
extensions
none
-
grabber_max_size
1.048576e+06
-
links
none
-
port
15666
-
self_destruct
true
Signatures
-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload 2 IoCs
-
Meduza family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 46 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://kingfamilyphotoalbum.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82df446f8,0x7ff82df44708,0x7ff82df447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,13616343738215018290,6069209795986430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x38c 0x3941⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Setup5.0.zip\setup7.0\setup7.0.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Setup5.0.zip\setup7.0\setup7.0.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Setup5.0.zip\setup7.0\setup7.0.exeC:\Users\Admin\AppData\Local\Temp\Temp1_Setup5.0.zip\setup7.0\setup7.0.exe2⤵
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
Filesize
215KB
MD5d79b35ccf8e6af6714eb612714349097
SHA1eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a
-
Filesize
3KB
MD57b5592fd0d8392e97b4d71c827519503
SHA169139f7d792c40da2e3338a0d9a8fd415b332489
SHA256c3334f43afa76dd521b49a282b75691ed8648f40e3136e09af285ecdbba4e107
SHA512744336217811cce7bcd365b9ff626e58947237c36ff0f8b9fc5380e551612200bcdccf9fe94d6a25ec0c87c9b872e64e839a8fb520e139e570f0f4009f73c2d1
-
Filesize
2KB
MD54d1c6d903b7c4d0e98f9bea324b75a10
SHA1e79f5416ff8626f95ec4879c0cd12bfc8268b791
SHA25636cf8f5ea886b221b2d75738c25beae88fcde313b783aeddae015269be73f081
SHA5125744a79ffb072d089ae2571e5f3355d07c5a7fff4c4b6b817ba3bbd8a8176f21f003c141b795f38280bbcc516a6af6768c1aab54366b1296af02f16eb111b86a
-
Filesize
7KB
MD5d3ba3297e72398075ea5185494bb526d
SHA10055476c1bf392bec4e519cc78a1be6813d4a451
SHA2561eeee648737d49d589fdb1902b058f659cedde113de99cbfc2c9aba0b010b95d
SHA51288e0a857fcda997d40f032e7d5b8fd137d3bc4356f04017f259666e69e8a4ed8d844a8c21ca44905eab1aadcefddef5a80a051e8e3348ed952cdf16a440d1f42
-
Filesize
5KB
MD56f19d3afb82ebdb1a421a5bac5daf84c
SHA19073e807f5ecf2ccad345212dcff93acaa83bffe
SHA2560d259c361e4a883c0af40f9dc6af1a069df3c0d3680fef72aac969ddb78ba04f
SHA512303d8c2fb50e5edd0bae853efd4043b760f7fb1b00906b00eba730c20b6c6adc2f601b3fb0338b56a7c9355dca0df8564f77e2228d0d789f0b8d4283a43e14d0
-
Filesize
7KB
MD554010a1c4cfd0712c3c6cb5f5b4c0393
SHA1d4081eca8a6e883694b3eb3924cda3c184fe7b43
SHA2568715869924dde6b75b5f3417d94444a9380a35ff1c1e6b040144bd759f294cb3
SHA5121009ac279f3d5ba635971a45dbc3b0003e53a7cb64091e35970c2d0b8df7056cdb6f7464443f159e212f3579ec472709bc3f9b48ba3c605b8268f4289e1e043d
-
Filesize
6KB
MD5604fd4d8a510c4b059895bc0dcc03e6e
SHA1762cbc06c99f183b79d3de4806477c571c6619d4
SHA256dc496ab1de929a1ad2e3d5c15d2e262c6c4dfd7573a06ee6538ea759a04afaa2
SHA512d6c9eef2cb33465fa0bd03474f6dda35bfe4e9c7fefa5e764be5ad89231ac8d4cf47bea87bffe7db878fcf6b6a3b2210633845cb3d3eb315a2839e640067d026
-
Filesize
7KB
MD59bcdc21fff3c172fe15746680c226abe
SHA17e083ed95171fc723a7b1cf27875e83e5a283742
SHA25645045a74b0d133c3decc871dade1c0f3bb5c60a942d4176327034c63c13b5976
SHA51200b9eccdd4bac3b5e70ccebbfa0659eeff5e2ef4042f7e4ae856d55fde056d91ea38686542f88760f98d0dfb03b2e9ecefd9c609cc63ce1094e24dec993d38bb
-
Filesize
1KB
MD5f95a5c4d1424affcc36ee59e3913516b
SHA184437b5019f25d9c6625a678887608b7c1e7cf98
SHA2565ba5898b50a8b151166170b39f65ff1a3523c2c47b3f1f14e302ceff3483808f
SHA512115c9cb4d7397a307858d428dad1b03344a7ce2d697117be2cbe9b73a2f1bad587c598ade9204b1311b6e5ce93479229a12419204075cb8d4c0cfd3394e81bc8
-
Filesize
1KB
MD5d4adbdf17cbcce1188db677ab2158661
SHA1ce6d7f2769c5d26348f00f108e7ad1420a3d1807
SHA256e373541db1a3005f50b2529349019d6f6a7d3aa428a28638a85cf04a131b9e17
SHA5127adbc84ceb85d20160ef899733a277ff898a0ab5a8c895916a12d6ad8d7d5153106ab3a4f10d01f71982921cd87918d8da72503db931ec235f98fb235b938c51
-
Filesize
536B
MD569c9439b163130bcccdcf8db53f14084
SHA18e64bff393db994787eaa5d10b15cb5742c7848c
SHA256c449215af35cba99783000151eaeede095145323cbf92b747742a0614e2057d5
SHA51286a61ff05f0cbd1d0292b1131d792b4a7204c061674e106bd77755da6504198442e3d0b166b7ed1ac6ea0c1674aaba40c2929d436cbbe8a163250d192db89fa4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e50116a3ebf9b8fa05ec46a224020420
SHA13521773de4c745fb40ce89d33e833f2da4a4de06
SHA2562b05ac3ce1b2da8812d4ddd4ed9b0e90986c18023bc0235fcf80bc6e0f6afaed
SHA51257375dbcc2a6f98163b39dd8f88f894a8ff3053253baa3bac9721172fd0dab7fcee485684f4f6185265be1f0e35ad203a9146c373eb24ffe9c24e08e20b0be83
-
Filesize
10KB
MD58bab12a53db40306fcb97381a4a060fd
SHA17bcb27c4c5bbf94271c89482399178d0bcfaf7d8
SHA2562497fa393040866ae82371f094d2fe328aba102d0b0d048f2df52120d78e3264
SHA512932d144d2b981221d3a0ed90baa91ed681145f4772a231a310ff6d9f5d60e27ae311040d4be3e85260e8fb1b41e8d9894e5dfcbe405afe3258d858f23edd26cb
-
Filesize
2.3MB
MD5d7d4d1c2aa4cbda1118cd1a9ba8c8092
SHA10935cb34d76369f11ec09c1af2f0320699687bec
SHA2563a82d1297c523205405817a019d3923c8f6c8b4802e4e4676d562b17973b21ea
SHA512d96d6769afc7af04b80a863895009cd79c8c1f9f68d8631829484611dfce7d4f1c75fc9b54157482975c6968a46e635e533d0cad687ef856ddc81ab3444bb553
-
Filesize
1.2MB
-
Filesize
1.2MB