MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3507dc0b236809b00d1e1b8481607e75b2085a6cfeebab4d50ba816502adb29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Amadey


Vendor detections: 11


Intelligence 11 IOCs 5 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3507dc0b236809b00d1e1b8481607e75b2085a6cfeebab4d50ba816502adb29
SHA3-384 hash: ee5e262ce8a71e82f8acef1d2e9ee39ca77720f8bf559b7982306014e1357f4835905940221b31acac52bf1bc4629fbd
SHA1 hash: f7bfb05cadf646aa2076561321a28ea32ce3572f
MD5 hash: a0d966c2ff40b2f4d70f25d26b5b6a06
humanhash: speaker-early-lemon-uranus
File name:a0d966c2ff40b2f4d70f25d26b5b6a06.exe
Download: download sample
Signature Amadey
Create hunting rule
File size:5'384'539 bytes
First seen:2021-10-02 01:30:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32569d67dc210c5cb9a759b08da2bdb3 (122 x RedLineStealer, 42 x DiamondFox, 37 x RaccoonStealer)
ssdeep 98304:xfCvLUBsg8jXjpoRK9ZuN6z0F0BQIAwwiyWfRw5v9H5zvyd/mfs:xsLUCgojpoRKW64SBLADiyWfRcv/LyNl
Threatray 585 similar samples on MalwareBazaar
TLSH T1364633943E62C4BBD6D24432EF847FB000F5C3A8263709DB37B5DA295F5C48592AE867
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter abuse_ch
Tags:Amadey exe


Avatar
abuse_ch
Amadey C2:
65.108.5.215:54452

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://91.219.236.63/ https://threatfox.abuse.ch/ioc/229384/
65.108.5.215:54452 https://threatfox.abuse.ch/ioc/229421/
91.121.67.60:62102 https://threatfox.abuse.ch/ioc/229498/
135.125.40.64:15456 https://threatfox.abuse.ch/ioc/229499/
http://185.215.113.45/g4MbvE/index.php https://threatfox.abuse.ch/ioc/229555/

Intelligence

File Origin
# of uploads :
1
# of downloads :
338
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a0d966c2ff40b2f4d70f25d26b5b6a06.exe
Verdict:
No threats detected
Analysis date:
2021-10-02 01:32:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bfc63724-88d8-4f64-8657-982f028ac961

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DLInjector04
Create hunting rule
Link:
https://www.capesandbox.com/analysis/194068/
Detection(s):
Win.Packed.Barys-9859531-0
Create hunting rule

Win.Malware.Generic-9863888-0
Create hunting rule

Win.Packed.Jaik-9863991-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Malware family:
Socelars
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1cba0b45-60cb-40bc-86c3-5fc04c92e138
Result
Threat name:
RedLine SmokeLoader Socelars Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/862962
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code contains very large strings
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Antivirus detection for dropped file
Antivirus detection for URL or domain
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to steal Chrome passwords or cookies
Creates HTML files with .exe extension (expired dropper behavior)
Creates processes via WMI
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Disable Windows Defender real time protection (registry)
Drops PE files to the document folder of the user
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has a writeable .text section
PE file has nameless sections
Queries sensitive share information (via WMI, WIN32_SHARE, often done to detect sandboxes)
Queries sensitive share information (via WMI, Win32_Share, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Sigma detected: Copying Sensitive Files with Credential Data
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected RedLine Stealer
Yara detected SmokeLoader
Yara detected Socelars
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 495386 Sample: YkFtBeP6Yd.exe Startdate: 02/10/2021 Architecture: WINDOWS Score: 100 78 162.255.117.78 NAMECHEAP-NETUS United States 2->78 80 52.168.117.173 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 2->80 82 3 other IPs or domains 2->82 104 Antivirus detection for URL or domain 2->104 106 Antivirus detection for dropped file 2->106 108 Multi AV Scanner detection for dropped file 2->108 110 20 other signatures 2->110 10 YkFtBeP6Yd.exe 22 2->10         started        signatures3 process4 file5 50 C:\Users\user\AppData\...\setup_install.exe, PE32 10->50 dropped 52 C:\Users\user\...\Mon08f95447749ec1fb.exe, PE32 10->52 dropped 54 C:\Users\user\...\Mon08ed6f0adcde49.exe, PE32 10->54 dropped 56 17 other files (10 malicious) 10->56 dropped 13 setup_install.exe 1 10->13         started        process6 dnsIp7 98 172.67.142.91 CLOUDFLARENETUS United States 13->98 100 127.0.0.1 unknown unknown 13->100 144 Adds a directory exclusion to Windows Defender 13->144 17 cmd.exe 13->17         started        19 cmd.exe 13->19         started        21 cmd.exe 13->21         started        23 13 other processes 13->23 signatures8 process9 signatures10 26 Mon08ed6f0adcde49.exe 17->26         started        31 Mon082c016eebeb5374.exe 19->31         started        33 Mon08e6ad0446c33a99f.exe 21->33         started        112 Adds a directory exclusion to Windows Defender 23->112 35 Mon08dcaa886e16fb5.exe 23->35         started        37 Mon08f95447749ec1fb.exe 23->37         started        39 Mon0855f7a3414be708.exe 23->39         started        41 7 other processes 23->41 process11 dnsIp12 84 37.0.10.244 WKD-ASIE Netherlands 26->84 86 37.0.8.119 WKD-ASIE Netherlands 26->86 92 9 other IPs or domains 26->92 58 C:\Users\...\n4Foix7Grb98kV_oWq3Cw1ES.exe, PE32 26->58 dropped 60 C:\Users\...\l22SGqXFFKd4vd2JkqgHov4K.exe, PE32 26->60 dropped 62 C:\Users\...\hWzVAUvMTtI1644qxyhorKwX.exe, PE32 26->62 dropped 68 25 other files (21 malicious) 26->68 dropped 118 Antivirus detection for dropped file 26->118 120 Drops PE files to the document folder of the user 26->120 122 Creates HTML files with .exe extension (expired dropper behavior) 26->122 138 2 other signatures 26->138 94 2 other IPs or domains 31->94 124 Detected unpacking (changes PE section rights) 31->124 126 Detected unpacking (overwrites its own PE header) 31->126 128 Machine Learning detection for dropped file 31->128 140 2 other signatures 33->140 142 3 other signatures 35->142 88 46.16.13.201 MGNHOST-ASRU Russian Federation 37->88 130 Found evasive API chain (trying to detect sleep duration tampering with parallel thread) 37->130 43 mshta.exe 39->43         started        90 208.95.112.1 TUT-ASUS United States 41->90 96 7 other IPs or domains 41->96 64 C:\Users\user\AppData\Local\Temp\sqlite.dll, PE32 41->64 dropped 66 C:\Users\user\...\Mon0818321cdac13.tmp, PE32 41->66 dropped 132 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 41->132 134 Contains functionality to steal Chrome passwords or cookies 41->134 136 Creates processes via WMI 41->136 46 Mon0818321cdac13.tmp 41->46         started        file13 signatures14 process15 dnsIp16 114 Queries sensitive share information (via WMI, Win32_Share, often done to detect virtual machines) 43->114 116 Queries sensitive share information (via WMI, WIN32_SHARE, often done to detect sandboxes) 43->116 102 162.0.214.42 ACPCA Canada 46->102 70 C:\Users\user\AppData\Local\Temp\...\idp.dll, PE32 46->70 dropped 72 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 46->72 dropped 74 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 46->74 dropped 76 C:\Users\user\AppData\...talevzaJet.exe, PE32 46->76 dropped file17 signatures18
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3507dc0b236809b00d1e1b8481607e75b2085a6cfeebab4d50ba816502adb29/
Threat name:
Win32.Trojan.Fabookie
Create hunting rule
Status:
Malicious
First seen:
2021-09-27 14:45:06 UTC
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=unih3qfsg2ajwagr4g4eqfqh45nsbbngz7xlvngvboubmubk3muq._file
Verdict:
malicious
Similar samples:
077ac4018bc25a85796c54e06872071d561df272188dde34daca7e5d01e950fd
Amadey
093c40a96a55be0cc76dd3f234eebc8e66f453626f0d217fce4bb91d5e5afa5c
Amadey
3b15547e53d7254ec42974dc5a1d7b72cffd722a41114944b5606a845be7b76d
Amadey
96b3a6f88bebb213230bd38f95804466296c238e0774861ceec6ad4424dcfb45
Amadey
987a2417a285a7e885e5acdd635d3e2dfa1cf00bb98b6a39fbc17bc7c3fb4993
Amadey
a8d8a6f9478a60a05d3b8c57a616da20c83b99bc7877c46163fcd126bbb25409
Amadey
e151a929c69d6b05b9326bdae2679e828cd8c0c6e27bfe9866976e7943630e24
Amadey
+ 575 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:redline family:smokeloader family:socelars family:vidar botnet:706 botnet:933 botnet:jamesoldd botnet:media26 aspackv2 backdoor evasion infostealer spyware stealer trojan
Link:
https://tria.ge/reports/211002-bxenysdcg7/
Behaviour
Checks SCSI registry key(s)
Creates scheduled task(s)
Kills process with taskkill
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
ASPack v2.12-2.42
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Modifies Windows Firewall
Vidar Stealer
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
RedLine
RedLine Payload
SmokeLoader
Socelars
Socelars Payload
Vidar
Malware Config
C2 Extraction:
65.108.20.195:6774
https://mas.to/@killern0
91.121.67.60:62102
http://govsurplusstore.com/upload/
http://best-forsale.com/upload/
http://chmxnautoparts.com/upload/
http://kwazone.com/upload/
Unpacked files
SH256 hash:
e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4
MD5 hash:
0dedd909aae9aa0a89b4422106310e9e
SHA1 hash:
271d36afa5b729ee590cf8066166ca5e9c9d0340
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
ce2fb413c1967c8ac8fe054d912d7476d6361a7d57db42a6740a7fc85998d9fc
MD5 hash:
ae3f1c6f86768467210446678b8e0a11
SHA1 hash:
7d3275ff05b8ad2b9b141b48f22a8a0e9c53eb29
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
0bb9bb0248ff89fac4e513cc1891f8aabbcc076446790c68d849e5a6c007c1ca
MD5 hash:
2fbf0040b06b8719902326d9584c29c3
SHA1 hash:
f2983c7b2d3d91722fb88198ac2441c5e098c2cf
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
393447aa843f148cd22e887d1eda74062785f0b4a6f098fbcb0d024b5aa23e4e
MD5 hash:
07f99f9e2df157ae78339603186ac280
SHA1 hash:
cb295687ae130d85061676471abcaa5f60df4198
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
4413ed75935b9f14dfc0552c995965ab9a56a3017e4cef97ce95fd97000c5dbf
MD5 hash:
82f42e8233a78f81d3f67cc5861b5278
SHA1 hash:
f34aae9ee8fbf32747a3c6b3849b281ad07f75fe
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
43e38f251dbca9aa20f3470167e5427a7e7a7cdcd25f0b6b045ae8577cd3e345
MD5 hash:
f62ab5d3528d5a3b9e270ea1f9347868
SHA1 hash:
6a74e87711c615adbd9145f829a33f55b7e42dd6
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
0261a5efd7937ddde71e959c1040aa57f84e62f3546370a2541c28782b652d2d
MD5 hash:
0dcea35b0b4e273fd2cc5a647ec287ed
SHA1 hash:
4ddb9256fa7b48c7b2724499d324126206565093
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
155e37cea60bf66a5f5a5fdb888508a4030028d605e78855f5a37c9a936137d2
MD5 hash:
62b3db30630cd49a45be25e30fac5504
SHA1 hash:
ee14f269a1d449d5c79ffdaa7092f7b31ed681cb
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
a506a5a5a3ab1a396b13f900e6163bcdda51ca85c1e80569e5672be39590431c
MD5 hash:
ba9143c5817853b8690386acb30e5222
SHA1 hash:
e98494cbaa81eea45b3b18d72e9f6825895c8851
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
52587a260b384278c789b134c8f08d8af9997aedd818c3c6a280d00aaaa77d2d
MD5 hash:
2c509753fac93810c09574a8b56af1e4
SHA1 hash:
e53da7ff5a9cfc3bda21794d639ed1f02cd7a881
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
d7172829b5d80ec447ac943d999b251c715489ae55ddc5ce982810569637267d
MD5 hash:
295488882cece566b887c9b44ceec1b7
SHA1 hash:
a61f15fb42cc7964c6557ce3f5bc8f88fc01a7c8
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
e8e4cb96f958e7205a90052f13cdf0d63f0018345152eb4ef552b8d796481cee
MD5 hash:
57e3a53d7576635f94c0b7ea6b9fad43
SHA1 hash:
a43b28cd48d9efcbccc12ad2a644d6186acbd968
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
15c2c816d6b4b0b89e984b67581ad3c6a7b693c1dded1fbcdee056e2e7eff689
MD5 hash:
38e44391788598be9ac2a7edb96c188e
SHA1 hash:
749a07d4e5cfbf951736ebfcbebad17ae5ea169d
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
2a0d64eee5d235a853df455c7afb4eb9c7ab920f7723075650f3f5d4150e0628
MD5 hash:
1b1ca1f9e31a4fdf3636295b263e9382
SHA1 hash:
603ee41467631c4753592c91cf31de965ef5b17e
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
4d52e684943cc9844630ed82ac01fa9a82ea60580624a80dd04cf9d889d63d33
MD5 hash:
2c77fe088914ea540542b9dd2cd574ce
SHA1 hash:
5dbfccaae31c862a76181fa2901403a611bfc7a3
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
03ee42b60cd004609e8fc272d3b46693d29ee08c51f2b8ea09d5c4b6283e030b
MD5 hash:
071c435658d9bfa4034d4b2544751595
SHA1 hash:
5d561ac5ed4aa7db648002622421dc03f18b8a8c
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
905c1f1f1948e17f2a7e3c58219180390a0e87144417177be4cd34b705eb0f46
MD5 hash:
ed0ab4046863624b46010e5aadf21af1
SHA1 hash:
4c36b9abba74f2a48f425e1f348ada36758e9a3b
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
d5fa1e5bf4c35ad7ed3cd12e88270519dcc945a2d89af2375af56046c9b79ca1
MD5 hash:
7bb1e1b62b410660b43ee295a4868824
SHA1 hash:
1d2ff1bcd9c3a93fbb677c3ba28a18c218a3d589
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
bc945e03237641e79cb1a9b5399fffafce68daa318430e959b701aa3f4628c05
MD5 hash:
5275ae278e347d83fb061a92e979fe86
SHA1 hash:
6c1118b87f366df72a25f1988f740ea6753984cd
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
cc40fc4502d705d9698fd9d9493efdd39f6fcd0f0e03678eef29773b80e51ff9
MD5 hash:
bf8b0c8e992a344ce312c8a939fa1c9e
SHA1 hash:
3e207a18a539ab6ec17737e6fe79562f59502718
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
2cf67278ce63932f7efabdee1be667555c408718fca6622de2456b8e59db69cf
MD5 hash:
7b9e5d37881a3e58e26e22c79de09d47
SHA1 hash:
0cf699c041c6f7ad485b77f25403776aab99c057
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
acabc8c0b937f9c4a47c40d753e53f313cae88e699328de9ad66fdd217237713
MD5 hash:
7eef5e5f5a814920d3a2235a18d9e912
SHA1 hash:
96466beba0f891ded53e4ce445854f8e8037f088
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
b1920edd533a39e340a58a6e720a38b6fd703d91ec097b9f2b1a69ce9d7fbbf8
MD5 hash:
8b78a03d45ea20b55ad506929729ec1d
SHA1 hash:
c0c2b7ce1f68b41d1d72f07939387dabf9ffc597
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
66d9e7d002b91df4aa572228d3c4a1d41997fff54555d0aa2e903f993f307814
MD5 hash:
17df2b7340cf3291107bfd454d0ca856
SHA1 hash:
00458e02751bb0e2cc268730a0cac2689249b1a7
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
ceb24cc1546ca7f85f147022d539e084db27b8e085db13407ba6d98b1cb57630
MD5 hash:
38535e421ba590882dab9da8a2ddf9fa
SHA1 hash:
f5219b4a08d4552a3deb657abbf086dff798ba14
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
9cd376dc10863af7ac00c691a88faddfe5594ec5ea3e80a2060f9b711f8ab450
MD5 hash:
050f854f7423b96fcb3cc6eaeff80b6b
SHA1 hash:
4c970a2509ad557db9a8fce4dd3806aa93937aca
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
4c615f3bb1cfe1c012716a8eedd3ae294097eb068611ca65dadb1ef29dfed38a
MD5 hash:
453da988a6e1910cf7a757cc6253e440
SHA1 hash:
b9cea8ce496e347ce1b8862afe6c09896bf5a7f2
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
SH256 hash:
a3507dc0b236809b00d1e1b8481607e75b2085a6cfeebab4d50ba816502adb29
MD5 hash:
a0d966c2ff40b2f4d70f25d26b5b6a06
SHA1 hash:
f7bfb05cadf646aa2076561321a28ea32ce3572f
Link:
https://www.unpac.me/results/c07abb0d-0570-49ce-b007-e2e905edd599/
Malware family:
Mal/HTMLGen-A
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/a3507dc0b236/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a3507dc0b236809b00d1e1b8481607e75b2085a6cfeebab4d50ba816502adb29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/194068/

Comments