MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c078dce40d291a6f6dd723c4096102c89ea27b89c8353f57f08d2d239182e5d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socelars


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c078dce40d291a6f6dd723c4096102c89ea27b89c8353f57f08d2d239182e5d6
SHA3-384 hash: bde57c35b15b1d593dd8bfbf69f060d758efb757bdd2db5ff45c674fbf1893abb41ba132b348684b7b18d6115265a8dd
SHA1 hash: 4e690232fb917674018a7ca14482ee9a2d550bd1
MD5 hash: 92979f74f99efbfbe6bee66e185ff1d6
humanhash: speaker-zulu-hawaii-georgia
File name:i864x__setup__62413e9629622.exe
Download: download sample
Signature Socelars
Create hunting rule
File size:9'555'589 bytes
First seen:2022-03-28 05:32:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c05041e01f84e1ccca9c4451f3b6a383 (141 x RedLineStealer, 101 x GuLoader, 64 x DiamondFox)
ssdeep 196608:JypCRNnuLH7T6ta+Rom95+5M9nCJbv21KHj9IfOr8+x1r97be:J9Ryr+Rom9A5MyvLnh7y
Threatray 7'328 similar samples on MalwareBazaar
TLSH T198A633AC9F1A84FFD510CE3D01B23FBF62964EF11AC1D90D18EE026C1A9B7D196B5285
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter adm1n_usa32
Tags:exe Smoke Loader Socelars

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
i864x__setup__62413e9629622.exe
Verdict:
Malicious activity
Analysis date:
2022-03-28 05:28:32 UTC
Tags:
loader evasion trojan opendir stealer
Link:
https://app.any.run/tasks/cdd7a963-84ce-4ea7-a99b-f9dcea20adc0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
QuilClipper
Create hunting rule
Link:
https://www.capesandbox.com/analysis/258327/
Detection(s):
Win.Dropper.Pswtool-9857487-0
Create hunting rule

Win.Packed.Barys-9859531-0
Create hunting rule

Win.Packed.Jaik-9863991-0
Create hunting rule

Win.Packed.Tiny-9901377-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Сreating synchronization primitives
Creating a process from a recently created file
Creating a file
Searching for the window
Running batch commands
Launching a process
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11753/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/624148589253b276b78c2d2c/reports/f719a92c-5396-4579-9f7d-ef371c410986/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Socelars
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/658687c9-2c91-472c-9bd1-ac97d9b9c0f5
Result
Threat name:
SmokeLoader Socelars
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/965496
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Adds a directory exclusion to Windows Defender
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Benign windows process drops PE files
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Creates HTML files with .exe extension (expired dropper behavior)
Detected unpacking (changes PE section rights)
Detected VMProtect packer
Disables Windows Defender (via service or powershell)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Machine Learning detection for dropped file
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
PE file contains section with special chars
PE file has a writeable .text section
PE file has nameless sections
Sigma detected: Suspicious Script Execution From Temp Folder
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Yara detected SmokeLoader
Yara detected Socelars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 597974 Sample: i864x__setup__62413e9629622.exe Startdate: 28/03/2022 Architecture: WINDOWS Score: 100 110 52.182.143.212 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 2->110 112 v.xyzgamev.com 172.67.188.70, 443, 49769, 49773 CLOUDFLARENETUS United States 2->112 114 162.0.210.44 ACPCA Canada 2->114 152 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->152 154 Multi AV Scanner detection for domain / URL 2->154 156 Malicious sample detected (through community Yara rule) 2->156 158 14 other signatures 2->158 12 i864x__setup__62413e9629622.exe 10 2->12         started        15 WmiPrvSE.exe 2->15         started        signatures3 process4 file5 96 C:\Users\user\AppData\...\setup_installer.exe, PE32 12->96 dropped 17 setup_installer.exe 19 12->17         started        process6 file7 62 C:\Users\user\AppData\...\setup_install.exe, PE32 17->62 dropped 64 C:\...\62413e8e62a9a_Mon0401f7e4a11b.exe, PE32 17->64 dropped 66 C:\Users\...\62413e8cb1687_Mon049756859e.exe, PE32 17->66 dropped 68 14 other files (8 malicious) 17->68 dropped 20 setup_install.exe 1 17->20         started        process8 signatures9 168 Adds a directory exclusion to Windows Defender 20->168 23 cmd.exe 1 20->23         started        25 cmd.exe 20->25         started        27 cmd.exe 1 20->27         started        29 10 other processes 20->29 process10 signatures11 32 62413e8589e59_Mon047a875f.exe 23->32         started        35 62413e8cb1687_Mon049756859e.exe 25->35         started        39 62413e7b3644f_Mon046238b753.exe 1 27->39         started        170 Adds a directory exclusion to Windows Defender 29->170 172 Disables Windows Defender (via service or powershell) 29->172 41 62413e896010c_Mon0487283d0a.exe 29->41         started        43 62413e8bacbb8_Mon04329408d.exe 29->43         started        45 62413e8e62a9a_Mon0401f7e4a11b.exe 29->45         started        47 6 other processes 29->47 process12 dnsIp13 128 Multi AV Scanner detection for dropped file 32->128 130 Detected unpacking (changes PE section rights) 32->130 132 Machine Learning detection for dropped file 32->132 150 4 other signatures 32->150 49 explorer.exe 32->49 injected 116 zonasertaneja.com.br 50.116.86.44, 49772, 49774, 49775 UNIFIEDLAYER-AS-1US United States 35->116 118 blackhk1.beget.tech 5.101.153.227, 49771, 80 BEGET-ASRU Russian Federation 35->118 82 C:\Users\user\AppData\Local\Temp\MBA51.exe, PE32 35->82 dropped 84 C:\Users\user\AppData\Local\Temp\81A37.exe, PE32 35->84 dropped 86 C:\Users\user\AppData\...\JGM68FG78BGEDGL.exe, PE32+ 35->86 dropped 134 Tries to detect sandboxes and other dynamic analysis tools (window names) 35->134 136 Creates HTML files with .exe extension (expired dropper behavior) 35->136 138 Hides threads from debuggers 35->138 140 Disables Windows Defender (via service or powershell) 39->140 54 cmd.exe 39->54         started        120 ip-api.com 208.95.112.1, 49766, 80 TUT-ASUS United States 41->120 142 Antivirus detection for dropped file 41->142 144 May check the online IP address of the machine 41->144 146 Tries to detect virtualization through RDTSC time measurements 41->146 88 C:\Users\...\62413e8bacbb8_Mon04329408d.tmp, PE32 43->88 dropped 148 Obfuscated command line found 43->148 56 62413e8bacbb8_Mon04329408d.tmp 43->56         started        122 iplogger.org 148.251.234.83, 443, 49768 HETZNER-ASDE Germany 45->122 124 www.icodeps.com 149.28.253.196, 443, 49767 AS-CHOOPAUS United States 45->124 126 fashion-academy.net 104.21.45.60, 49776, 80 CLOUDFLARENETUS United States 47->126 90 C:\...\62413e80149b8_Mon04109a756493.tmp, PE32 47->90 dropped 92 C:\Users\user\AppData\Local\Temp\_StA36.cpl, PE32 47->92 dropped 94 4db98ed5-f5ba-40af...d9920fda5017793.exe, PE32 47->94 dropped 58 62413e8a9fb97_Mon048687ef57b.exe 47->58         started        file14 signatures15 process16 dnsIp17 98 146.70.87.230 TENET-1ZA United Kingdom 49->98 100 45.147.229.175 COMBAHTONcombahtonGmbHDE Germany 49->100 108 5 other IPs or domains 49->108 70 C:\Users\user\AppData\Roaming\tgegfad, PE32 49->70 dropped 72 C:\Users\user\AppData\Local\Temp\BF3.exe, PE32 49->72 dropped 160 System process connects to network (likely due to code injection or exploit) 49->160 162 Benign windows process drops PE files 49->162 164 Hides that the sample has been downloaded from the Internet (zone.identifier) 49->164 166 Disables Windows Defender (via service or powershell) 54->166 60 powershell.exe 54->60         started        102 s3.pl-waw.scw.cloud 151.115.10.1, 49770, 80 OnlineSASFR United Kingdom 56->102 104 192.168.2.1 unknown unknown 56->104 106 ookla-insights.s3.pl-waw.scw.cloud 56->106 74 C:\Users\user\AppData\Local\Temp\...\idp.dll, PE32 56->74 dropped 76 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 56->76 dropped 78 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 56->78 dropped 80 C:\Users\user\AppData\...\5(6665____.exe, PE32 56->80 dropped file18 signatures19 process20
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c078dce40d291a6f6dd723c4096102c89ea27b89c8353f57f08d2d239182e5d6/
Threat name:
Win32.Backdoor.Manuscrypt
Create hunting rule
Status:
Malicious
First seen:
2022-03-28 05:34:32 UTC
File Type:
PE (Exe)
Extracted files:
228
AV detection:
27 of 42 (64.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
42f948f52ddd00b51cb6a12de8a90ed30a40defa8e30ce6246a4f6fcce100f49
Socelars
7010e15402dd81b0e1501490be034e92dc706ba28c38b6925dbd33e9ff45a5ad
Socelars
7ba745d20db94b41924bd88906cbc2e813c95c586232b5659ad0679a3cac2813
Socelars
b8319b0b5b554b983279cc8ceb7c23ba8a6a46446a06a6902b1b15eee964b010
Socelars
c5061cf2961513f91ee1b2c0f50bf8a11928ac068b02ba825b3b0410de507224
Socelars
d23c6e45bb29e2aba8b63bcd30e7aa86b5069d26c4e4441c1224a524a90fc67a
Socelars
+ 7'318 additional samples on MalwareBazaar
Result
Malware family:
socelars
Create hunting rule
Score:
  10/10
Tags:
family:smokeloader family:socelars aspackv2 backdoor discovery persistence spyware stealer trojan vmprotect
Link:
https://tria.ge/reports/220328-f8allagdf7/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Kills process with taskkill
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
ASPack v2.12-2.42
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
VMProtect packed file
Process spawned unexpected child process
SmokeLoader
Socelars
Socelars Payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
https://sa-us-bucket.s3.us-east-2.amazonaws.com/jhvre24/
http://host-data-coin-11.com/
http://file-coin-host-12.com/
Unpacked files
SH256 hash:
6d33b4c5593ff2bfbbd33b56209b8c88c7650d41ddfe29c551ef0c7e0396ea77
MD5 hash:
a862ee9219a59671c3c8a1d25157bd1f
SHA1 hash:
40228c2fcdc42b76ddef0f77ed03d866890f520e
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4
MD5 hash:
0dedd909aae9aa0a89b4422106310e9e
SHA1 hash:
271d36afa5b729ee590cf8066166ca5e9c9d0340
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
4cadb815631efc1281e45ffffbb6aefb8fee91e43035ff719b21f8b887396ac0
MD5 hash:
802b28853c4750236214fb7d5bcd0bea
SHA1 hash:
f4956e69c1ecc61a9bb751e79e4adadcb7991b49
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
e7a783e0f333257cb1be5d62560920ec4e7635dfc1afe53de0e0e98632a6d56e
MD5 hash:
49ba80064ffacc070ab0e630a07147c4
SHA1 hash:
e511047f997024b761851de55da22c3247236548
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
90c6c77e522e2c17eb1f69f1239d2ee9c5e563da71f77c7ec7ec02205cc5d42e
MD5 hash:
689d0d9be7aab0b05924b6486b841bbe
SHA1 hash:
d0d5681894013e78d41b8a06fe53c902315449ea
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
44f8383d12f09ca0b3d600577c33074dc77102fd87df4eb1e6b0dab666f2415c
MD5 hash:
ce8fd67ed81cb5bbfbd0a83303e18351
SHA1 hash:
62b55624bc04359a993fc8c0d28a855ab0a454d7
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
9f869433b9edc0054fa071608e3a61c670199ca50af9b00453672245e23615f2
MD5 hash:
571b18d63485a707c773762fdf5f7cbf
SHA1 hash:
4101ea8d507ca9c1650b3d645853064c7feec874
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
652fe1eb4d2423221ed6df459e9ea49352153bb337ad07efd5aab76e42120857
MD5 hash:
9fa07ee81c6b743ec509c8fb20fb2ac8
SHA1 hash:
37f5607313814b723dbf9035339a88318a793a1c
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
fecc95dc2f9c376beee52433e9ffe915b6cff1e6d45ea04bdcfd93325a342b0b
MD5 hash:
00b9ece8b186097a6e470c8ef7661093
SHA1 hash:
181802e40591b59299923b87c63807dfcd6511c8
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
6719f7cd93f52d4a68f18b5257779dfca14ffbccec81d57df93fc7ab6d35e219
MD5 hash:
c2df22740f9c189cc1bca0f7a7da293a
SHA1 hash:
67a318397df6454749de34485e093bf726c15ac7
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
721d393191597d49d856baef2fbde75e48f52d0465e2cfabf1a41848b0e05589
MD5 hash:
b984a027c8a2abf874f3eb306a831613
SHA1 hash:
d3b3f8890adc840b0bd411cf304eef15d415ed48
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
Parent samples :
fb9b41efdc7c2d9e8cfda4be223831a9d2f4d21366759da64e04bbbb9e662766
bc9d49f4f0d51c57b34515616d5e6a23a37fec03f8884d8305db0806bd6138fc
ecb96fec4db4a1eecef04c8ef12b260bb419407111c1263664749481b7fa5387
98c920233869ce802fb4722f982fc1a8c2461e2a01ea4a619a9532a660acf285
2fde1682e006e27b2deb49595ab3baf37a836577fbe9efdfae59d4b6b682d8b7
2374069183727dd5904a26027c80032f30dcff60d25019578876c0b37fa9c224
bd3030832602591f05fe01ef11feaa3b9fe776b2a184eb454f02cae3ab73340b
a0f15f4665835bb7f3b07d5e96d2b08af8e88614c9b22fc9fff86f4f60ee1a8e
c91dec1cd5b97079481c76d5d597dde67b60c301ea900eab7db99776d52b465a
SH256 hash:
af1ed8bc92f9ac26980e6ee5eb06a3cbaf1f0e90b55cf232979b3ae0c2cb521d
MD5 hash:
d7eb5c5999dbf529fae1e968a5bc7d1f
SHA1 hash:
a12a198153a73f97c259be4fef60fa907e950e60
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
30bdf38f6ffa7e674f25bccd1897bbf1eda970a551f45bb524672a25a0baef42
MD5 hash:
36f31e30c228b470483c17bc7ef4c9fe
SHA1 hash:
b00d2de42bdcd65a297b6e388590ae21b6b0d71e
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
963e4c3846a38b757a918ec3d1c2f72c4b73f1b8e6af44a26ed70894deb07a46
MD5 hash:
3783b04f1d20a6caaf08c8db399145a0
SHA1 hash:
0d43df60123b1f5575a49f677fa87a5ee20e52ed
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
0258233a520f1fd7a426da2eb62fc4ec6f0da0dd03ed12bd5faf6050a8a8ff46
MD5 hash:
be46853ffb120693229eb7da440155fb
SHA1 hash:
f57e2a28c7c0cae43d9c3d3769cb0cb7a85b5706
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
17eba5a8fc60b5e62fbbea29e971691988da98a98db3a2c2bf9aad00b1b72dc4
MD5 hash:
e74d9b73743dfbb9f025a7908c85da37
SHA1 hash:
8a5b323b090cb0d2c4ff59f0ef520d323dd86097
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
a6e619636b2e70469955ccfdc5d4849fbcebeeba221dc1e2c999dbeabcaeaf82
MD5 hash:
1ee23c254e1fc2a48c4c5fdc6880d325
SHA1 hash:
86f0e44dfefd6d04d7188edaf089abe2fbcaae20
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
598248c469d0f50d6b9c26dd0cd9735d480502c681e711175f1f55ddf649e89c
MD5 hash:
35a35e07dfd9081cb9d27d83226849e6
SHA1 hash:
7476a9080a25d3f7d42ee299e999bc822e0e5ead
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
b800b70cfa69fb085e5a76f99c394609e58eb47065f8810a78fc26c56d3d78ce
MD5 hash:
e7dca4c0230da2c5a8516fe0db6be853
SHA1 hash:
57b587123a96d3993f0cfd9f170032232b951228
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
1a1ad17ac04313baf2d667d824eb12ba0b7a97dcb14adfdeb806bd67c39733f2
MD5 hash:
47e48db504d573bf43508ac9d5e92c23
SHA1 hash:
fbdc2fa3380ab0f68d440deb1f977e6a99e4a317
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
975b4579bfe8348a6ba5e36c9bcebe65a2618caae77d840e916c68ca1d18aee9
MD5 hash:
0486c14ec4e9b045a755f1beaeb14aa1
SHA1 hash:
e60b690f04452f0e7fbcda55f6026cdd6b0d5083
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
SH256 hash:
c078dce40d291a6f6dd723c4096102c89ea27b89c8353f57f08d2d239182e5d6
MD5 hash:
92979f74f99efbfbe6bee66e185ff1d6
SHA1 hash:
4e690232fb917674018a7ca14482ee9a2d550bd1
Link:
https://www.unpac.me/results/616c8365-9aef-4c15-bf1d-0d8b4646c6b1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c078dce40d291a6f6dd723c4096102c89ea27b89c8353f57f08d2d239182e5d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/cdd7a963-84ce-4ea7-a99b-f9dcea20adc0
Cape
Cape
https://www.capesandbox.com/analysis/258327/

Comments