PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 5,35 MBSHA-256 Hash: 2D5AD523AA6182205DA77C0EB8210638AAA8792F4E6A4BC12E1AC854C5455A68 SHA-1 Hash: 8AA01DA83F95C251FAAA20E41B3DA1BF077CC736 MD5 Hash: DEAB1964E972F9DE33CF184EA02636B1 Imphash: 5A594319A0D69DBC452E748BCF05892E MajorOSVersion: 6 MinorOSVersion: 1 CheckSum: 00565F37 EntryPoint (rva): B5EEC SizeOfHeaders: 400 SizeOfImage: D0000 ImageBase: 400000 Architecture: x86 ExportTable: C4000 ImportTable: C2000 IAT: C22E4 Characteristics: 818F TimeDateStamp: 5FB0F96E Date: 15/11/2020 9:48:30 File Type: EXE Number Of Sections: 10 ASLR: Enabled Section Names: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .rsrc Number Of Executable Sections: 2 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | B3800 | 1000 | B361C |
|
|
| .itext | 0x60000020 Code Executable Readable |
B3C00 | 1800 | B5000 | 1688 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
B5400 | 3800 | B7000 | 37A4 |
|
|
| .bss | 0xC0000000 Readable Writeable |
0 | 0 | BB000 | 6DE8 |
|
|
| .idata | 0xC0000040 Initialized Data Readable Writeable |
B8C00 | 1000 | C2000 | F36 |
|
|
| .didata | 0xC0000040 Initialized Data Readable Writeable |
B9C00 | 200 | C3000 | 1A4 |
|
|
| .edata | 0x40000040 Initialized Data Readable |
B9E00 | 200 | C4000 | 9A |
|
|
| .tls | 0xC0000000 Readable Writeable |
0 | 0 | C5000 | 18 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
BA000 | 200 | C6000 | 5D |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
BA200 | 8400 | C7000 | 8360 |
|
|
| Description |
| CompanyName: Author Software Inc. LegalCopyright: Copyright {code:GetCurrentYear} Author Software Inc., Ecor Ventures LLC, Corey Butler, and contri ProductName: nvm FileVersion: 1.2.2.0 FileDescription: Node.js version manager for Windows ProductVersion: 1.2.2 Comments: This installation was built with Inno Setup. Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Binder/Joiner/Crypter |
| Dropper code detected (EOF) - 4,54 MB |
| Entry Point |
The section number (2) - (.itext) have the Entry Point Information -> EntryPoint (calculated) - B4AEC Code -> 558BEC83C4A453565733C08945C48945C08945A48945D08945C88945CC8945D48945D88945ECB8F0104B00E8B072F5FF33C0 Assembler |PUSH EBP |MOV EBP, ESP |ADD ESP, -0X5C |PUSH EBX |PUSH ESI |PUSH EDI |XOR EAX, EAX |MOV DWORD PTR [EBP - 0X3C], EAX |MOV DWORD PTR [EBP - 0X40], EAX |MOV DWORD PTR [EBP - 0X5C], EAX |MOV DWORD PTR [EBP - 0X30], EAX |MOV DWORD PTR [EBP - 0X38], EAX |MOV DWORD PTR [EBP - 0X34], EAX |MOV DWORD PTR [EBP - 0X2C], EAX |MOV DWORD PTR [EBP - 0X28], EAX |MOV DWORD PTR [EBP - 0X14], EAX |MOV EAX, 0X4B10F0 |CALL 0XFFF582E0 |XOR EAX, EAX |
| Signatures |
| Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Detect It Easy (die) • PE: installer: Inno Setup Module(6.1.0)[unicode] • PE: compiler: Embarcadero Delphi(10.3 Rio)[-] • PE: linker: Turbo Linker(2.25*,Delphi)[-] • PE: overlay: Inno Setup Installer data(-)[-] • Entropy: 7.9231 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| Windows REG (UNICODE) |
| Software\Embarcadero\Locales Software\CodeGear\Locales Software\Borland\Locales Software\Borland\Delphi\Locales |
| File Access |
| SetupLdr.exe version.dll netutils.dll netapi32.dll mpr.dll kernel32.dll user32.dll advapi32.dll oleaut32.dll comctl32.dll dSystem.Sys System.Sys Int64EmSystem.SysUtilsSystemSystem.Internal.ExcUtilsSystem.Sys Int64EmSystem.Sys System.Sys ?System.Sys .dat Temp |
| File Access (UNICODE) |
| kernel32.dll shell32.dll ntmarta.dll clbcatq.dll comres.dll profapi.dll version.dll oleacc.dll cryptbase.dll dwmapi.dll propsys.dll apphelp.dll setupapi.dll userenv.dll uxtheme.dll oleaut32.dll NTDLL.DLL GetLogicalProcessorInformationkernel32.dll Temp UserProfile |
| Interest's Words |
| PADDINGX PassWord exec attrib start wmic shutdown systeminfo ping expand |
| Interest's Words (UNICODE) |
| PassWord exec start shutdown ping expand |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20CS%20EOC%20CA%2001.crl http://www.microsoft.com/pkiops/certs/Microsoft%20ID%20Verified%20CS%20EOC%20CA%2001.crt http://oneocsp.microsoft.com/ocsp0f http://www.microsoft.com/pkiops/Docs/Repository.htm http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crl http://www.microsoft.com/pkiops/certs/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crt http://oneocsp.microsoft.com/ocsp0 http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl http://www.microsoft.com/pkiops/certs/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crt http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl http://www.microsoft.com/pkiops/certs/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crt |
| URLs (UNICODE) |
| https://jrsoftware.org/ishelp/index.php?topic=setupcmdline |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (accept) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ExitThread) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Unicode | Privileges (SeShutdownPrivilege) |
| Text | Ascii | Process of gathering information about network resources (Enumeration) |
| Text | Unicode | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Text | Ascii | Technique used to capture communications between systems (Intercept) |
| Entry Point | Hex Pattern | Borland Delphi 4.0 |
| Entry Point | Hex Pattern | fasm - Tomasz Grysztar |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\1033 | C7438 | 5000 | BA638 | 28000000460000008C0000000100200000000000904C0000C30E0000C30E0000000000000000000000000000000000000000 | (...F......... ......L............................ |
| \STRING\4086\0 | CC438 | 360 | BF638 | 0B00570069006E0064006F0077007300200038002E0031000A00570069006E0064006F007700730020003100300019004F00 | ..W.i.n.d.o.w.s. .8...1...W.i.n.d.o.w.s. .1.0...O. |
| \STRING\4087\0 | CC798 | 260 | BF998 | 3A00250073002000530065007200760069006300650020005000610063006B002000250034003A0064002000280056006500 | :.%.s. .S.e.r.v.i.c.e. .P.a.c.k. .%.4.:.d. .(.V.e. |
| \STRING\4088\0 | CC9F8 | 45C | BFBF8 | 1500500072006F0070006500720074007900200069007300200072006500610064002D006F006E006C007900170025007300 | ..P.r.o.p.e.r.t.y. .i.s. .r.e.a.d.-.o.n.l.y...%.s. |
| \STRING\4089\0 | CCE54 | 40C | C0054 | 1A00430061006E006E006F0074002000610073007300690067006E0020006100200025007300200074006F00200061002000 | ..C.a.n.n.o.t. .a.s.s.i.g.n. .a. .%.s. .t.o. .a. . |
| \STRING\4090\0 | CD260 | 2D4 | C0460 | 06004D006F006E006400610079000700540075006500730064006100790009005700650064006E0065007300640061007900 | ..M.o.n.d.a.y...T.u.e.s.d.a.y...W.e.d.n.e.s.d.a.y. |
| \STRING\4091\0 | CD534 | B8 | C0734 | 03004D006100790004004A0075006E00650004004A0075006C00790006004100750067007500730074000900530065007000 | ..M.a.y...J.u.n.e...J.u.l.y...A.u.g.u.s.t...S.e.p. |
| \STRING\4092\0 | CD5EC | 9C | C07EC | 03004A0061006E00030046006500620003004D0061007200030041007000720003004D006100790003004A0075006E000300 | ..J.a.n...F.e.b...M.a.r...A.p.r...M.a.y...J.u.n... |
| \STRING\4093\0 | CD688 | 374 | C0888 | 140049006E00760061006C00690064002000760061007200690061006E0074002000740079007000650017004F0070006500 | ..I.n.v.a.l.i.d. .v.a.r.i.a.n.t. .t.y.p.e...O.p.e. |
| \STRING\4094\0 | CD9FC | 398 | C0BFC | 2200560061007200690061006E00740020006D006500740068006F0064002000630061006C006C00730020006E006F007400 | ".V.a.r.i.a.n.t. .m.e.t.h.o.d. .c.a.l.l.s. .n.o.t. |
| \STRING\4095\0 | CDD94 | 368 | C0F94 | 200049006E00760061006C0069006400200066006C006F006100740069006E006700200070006F0069006E00740020006F00 | .I.n.v.a.l.i.d. .f.l.o.a.t.i.n.g. .p.o.i.n.t. .o. |
| \STRING\4096\0 | CE0FC | 2A4 | C12FC | 2100270025007300270020006900730020006E006F007400200061002000760061006C0069006400200069006E0074006500 | !.'.%.s.'. .i.s. .n.o.t. .a. .v.a.l.i.d. .i.n.t.e. |
| \RCDATA\DVCLAL\0 | CE3A0 | 10 | C15A0 | A28CDF987B3C3A7926713F090F2A2517 | ....{<:y&q?..*%. |
| \RCDATA\PACKAGEINFO\0 | CE3B0 | 2C4 | C15B0 | 000010CC000000002F000000010A53657475704C64720010574D4435000081537973496E69740000C753797374656D001C0F | ......../.....SetupLdr..WMD5...SysInit...System... |
| \RCDATA\11111\0 | CE674 | 2C | C1874 | 72446C507453CDE6D77B0B2A0100000092685500AA374900003A2E006182F5955B06490000260C001074298B | rDlPtS...{.*.....hU..7I..:..a...[.I..&...t). |
| \GROUP_ICON\MAINICON\1033 | CE6A0 | 14 | C18A0 | 0000010001004646000001002000005000000100 | ......FF.... ..P.... |
| \VERSION\1\1033 | CE6B4 | 584 | C18B4 | 840534000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000200 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1033 | CEC38 | 726 | C1E38 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • kernel32.dll • version.dll • .tmp • oleaut32.dll • .bss • @.tls • NTDLL.DLL • x:\dirname" • For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline • uxtheme.dll • userenv.dll • setupapi.dll • apphelp.dll • propsys.dll • dwmapi.dll • cryptbase.dll • oleacc.dll • profapi.dll • comres.dll • clbcatq.dll • ntmarta.dll • shell32.dll • GetThreadLocalecomctl32.dll • SafeArrayCreatenetapi32.dll • advapi32.dll • user32.dll • MessageBoxAkernel32.dll • <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware> • C3pWN |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| BFB | 4200401C | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A40 | 4C22F0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A48 | 4C2318 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A50 | 4C242C | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A58 | 4C2400 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A60 | 4C23E4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A68 | 4C23A4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A70 | 4C2384 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A78 | 4C23C0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A80 | 4C2434 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A88 | 4C2340 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A90 | 4C2370 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2A98 | 4C235C | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AA0 | 4C2430 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AA8 | 4C2304 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AB0 | 4C2354 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AB8 | 4C2310 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AC0 | 4C2374 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AC8 | 4C2330 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AD0 | 4C2320 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AD8 | 4C24C0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AE0 | 4C23BC | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AE8 | 4C2334 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AF0 | 4C231C | .text | JMP [static] | Indirect jump to absolute memory address |
| 2AF8 | 4C23C4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B00 | 4C239C | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B08 | 4C2368 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B10 | 4C22E4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B18 | 4C2404 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B20 | 4C23FC | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B28 | 4C2414 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B30 | 4C23E8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B38 | 4C2450 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B40 | 4C2468 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B48 | 4C2444 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B50 | 4C24B8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B58 | 4C2344 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B80 | 4C3094 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B88 | 4C2518 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B90 | 4C2520 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2B98 | 4C250C | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BA0 | 4C2350 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BA8 | 4C23B8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BB0 | 4C2394 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BB8 | 4C23F0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BC0 | 4C2378 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BC8 | 4C24D0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BD0 | 4C24F0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BD8 | 4C24EC | .text | JMP [static] | Indirect jump to absolute memory address |
| 2BE0 | 4C23EC | .text | JMP [static] | Indirect jump to absolute memory address |
| 2C08 | 4C3090 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2C3C | 4C23B4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2C44 | 4C22FC | .text | JMP [static] | Indirect jump to absolute memory address |
| 2C4C | 4C2380 | .text | JMP [static] | Indirect jump to absolute memory address |
| 2C54 | 4C242C | .text | JMP [static] | Indirect jump to absolute memory address |
| 47DC | 4B776C | .text | CALL [static] | Indirect call to absolute memory address |
| 47F4 | 4B7760 | .text | CALL [static] | Indirect call to absolute memory address |
| 4810 | 4B7764 | .text | CALL [static] | Indirect call to absolute memory address |
| 4831 | 4B7768 | .text | CALL [static] | Indirect call to absolute memory address |
| 484A | 4B7764 | .text | CALL [static] | Indirect call to absolute memory address |
| 4863 | 4B7760 | .text | CALL [static] | Indirect call to absolute memory address |
| 48D7 | 4BB028 | .text | CALL [static] | Indirect call to absolute memory address |
| 4916 | 4BB010 | .text | CALL [static] | Indirect call to absolute memory address |
| 4B03 | 4B7040 | .text | CALL [static] | Indirect call to absolute memory address |
| 4B21 | 4B703C | .text | CALL [static] | Indirect call to absolute memory address |
| 4BC0 | 4BB03C | .text | CALL [static] | Indirect call to absolute memory address |
| 4FBE | FFC0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 6098 | 4BB01C | .text | CALL [static] | Indirect call to absolute memory address |
| 60B6 | 4BB01C | .text | CALL [static] | Indirect call to absolute memory address |
| 60CE | 4BB01C | .text | CALL [static] | Indirect call to absolute memory address |
| 6140 | 4BB01C | .text | CALL [static] | Indirect call to absolute memory address |
| 6160 | 4BB01C | .text | CALL [static] | Indirect call to absolute memory address |
| 617D | 4BB01C | .text | CALL [static] | Indirect call to absolute memory address |
| 625A | 4BB020 | .text | CALL [static] | Indirect call to absolute memory address |
| 635F | 4BB018 | .text | CALL [static] | Indirect call to absolute memory address |
| 63E2 | 4BB020 | .text | CALL [static] | Indirect call to absolute memory address |
| 6582 | 4BB01C | .text | JMP [static] | Indirect jump to absolute memory address |
| 6708 | 4BB020 | .text | CALL [static] | Indirect call to absolute memory address |
| 6ADB | 4BB35C | .text | CALL [static] | Indirect call to absolute memory address |
| 6C58 | 4BB038 | .text | CALL [static] | Indirect call to absolute memory address |
| 6D01 | 4B7034 | .text | CALL [static] | Indirect call to absolute memory address |
| 6D66 | 4B7038 | .text | CALL [static] | Indirect call to absolute memory address |
| 80F9 | 4B7010 | .text | CALL [static] | Indirect call to absolute memory address |
| 8265 | 4B7014 | .text | CALL [static] | Indirect call to absolute memory address |
| 8348 | 4B7018 | .text | CALL [static] | Indirect call to absolute memory address |
| 9667 | FF | .text | JMP [static] | Indirect jump to absolute memory address |
| 9A9B | 4BDC00 | .text | CALL [static] | Indirect call to absolute memory address |
| 9AB8 | 4BDC00 | .text | CALL [static] | Indirect call to absolute memory address |
| 9AD9 | 4BDC08 | .text | CALL [static] | Indirect call to absolute memory address |
| 9B37 | 4BDC04 | .text | CALL [static] | Indirect call to absolute memory address |
| 9B94 | 4BDC04 | .text | CALL [static] | Indirect call to absolute memory address |
| 9BC7 | 4BDC04 | .text | CALL [static] | Indirect call to absolute memory address |
| BFB0 | 4C2320 | .text | JMP [static] | Indirect jump to absolute memory address |
| BFB8 | 4C231C | .text | JMP [static] | Indirect jump to absolute memory address |
| BFC0 | 4C2458 | .text | JMP [static] | Indirect jump to absolute memory address |
| BFC8 | 4C22EC | .text | JMP [static] | Indirect jump to absolute memory address |
| BFD0 | 4C2438 | .text | JMP [static] | Indirect jump to absolute memory address |
| BFD8 | 4C2448 | .text | JMP [static] | Indirect jump to absolute memory address |
| BFE0 | 4C2330 | .text | JMP [static] | Indirect jump to absolute memory address |
| BFE8 | 4C2348 | .text | JMP [static] | Indirect jump to absolute memory address |
| C2600 | N/A | *Overlay* | 7A6C621A5D00008000000060049031050F3DEFAA | zlb.]........1..=.. |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 3794775 | 67,6154% |
| Null Byte Code | 181400 | 3,2322% |
© 2026 All rights reserved.