DOCSLIB.ORG

The Spyrats of Oceanlotus Malware Analysis White Paper Contents

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Spyrats of Oceanlotus Malware Analysis White Paper Contents The SpyRATs of OceanLotus Malware Analysis White Paper Contents Introduction ............................................................................................4 C2 .............................................................................................................. 32 Protocol ............................................................................................ 32 Components ............................................................................................4 Commands ...................................................................................... 33 Backdoor Error Codes ................................................................. 34 Roland RAT ..............................................................................................4 CobaltStrike Beacon #1 ................................................................... 35 Overview ...................................................................................................4 Overview ................................................................................................ 35 Features ....................................................................................................4 Deployment .......................................................................................... 36 Behavior ....................................................................................................5 C2 .................................................................................................................7 CobaltStrike Beacon #2 ................................................................... 36 Protocol ...............................................................................................7 Overview ................................................................................................ 36 Commands ...................................................................................... 10 Deployment .......................................................................................... 36 CamCapture Plugin ............................................................................14 Behavior ................................................................................................. 37 Overview ................................................................................................ 14 Rizzo ........................................................................................................ 39 Features ................................................................................................. 15 Overview ................................................................................................ 39 Exported Functions ........................................................................... 15 Screenshot Grabbing Exports .................................................. 15 Behavior ................................................................................................. 39 VIDEO Capture Exports ............................................................... 16 C2 .............................................................................................................. 41 Helper Exports ............................................................................... 17 Protocol ............................................................................................ 41 Unused Exports ............................................................................. 17 Commands ...................................................................................... 42 ...............................................................................................18 Remy RAT Denis .........................................................................................................42 ................................................................................................ 18 Overview Overview ................................................................................................ 42 ................................................................................................. 18 Features Behavior ................................................................................................. 42 Deployment .......................................................................................... 18 Network Intelligence ........................................................................ 45 Behavior ................................................................................................. 18 167.114.44.146 .................................................................................. 45 C2 .............................................................................................................. 23 Whois ................................................................................................ 45 Protocol ............................................................................................ 23 Domains ........................................................................................... 46 Commands ...................................................................................... 29 First seen ......................................................................................... 46 Splinter RAT .......................................................................................... 30 87.117.234.172 .................................................................................. 47 Whois ................................................................................................ 47 Overview ................................................................................................ 30 Domains ........................................................................................... 47 Features ................................................................................................. 30 First seen ......................................................................................... 47 Behavior ................................................................................................. 30 27.102.67.42 ........................................................................................ 48 Whois ................................................................................................ 48 Malware Analysis White Paper : The SpyRATs of OceanLotus 2 89.249.65.134 ..................................................................................... 48 Domains ........................................................................................... 50 Whois ................................................................................................ 48 First seen ......................................................................................... 50 Domains ........................................................................................... 49 First Seen ......................................................................................... 49 Conclusions........................................................................................... 50 185.244.213.28 ................................................................................. 49 Appendix ................................................................................................ 50 Whois ................................................................................................ 49 Malware Analysis White Paper : The SpyRATs of OceanLotus 3 Introduction During an incident response investigation in the final quarter share subtle code similarities with “Backdoor.Win32.Denis” of 2017, Cylance® incident responders and threat researchers (Kaspersky), “WINDSHIELD” and “KOMPROGO” (FireEye). uncovered several bespoke backdoors deployed by OceanLotus Roland was of particular interest in that it was carefully Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the developed to mimic legitimate software DLLs developed by threat actor using obfuscated CobaltStrike Beacon payloads the victim organization. to perform C2. The malware C2 protocols were largely tailored for each target, The threat actor routinely leveraged PowerShell within the and supported a range of communication methods, from environment, using one-liners to download/deploy malware, raw data over TCP sockets to HTTP/S proxying. In addition, as well as obfuscators and reflective PE/shellcode loaders the threat actor relied heavily upon CobaltStrike Beacon for from various exploit kits (including MSFvenom, Veil, and providing malleable C2 communications. DKMC), allowing much of the malware to operate in-memory, with no on-disk footprint. The remaining white paper is dedicated to in-depth technical analysis of the malware, C2 protocols, TTPs, and general The remote access trojans developed by OceanLotus Group observations. (Roland, Remy, and Splinter, named after famous rodents) Components During the investigation, the following backdoors were uncovered: File Name Classification Details certcredprovider.dll.mui Malware/Backdoor Roland RAT underwears.png Malware/Backdoor Remy RAT wpfgfx_v0300.dll Malware/Backdoor Splinter RAT plugin.lst Malware/Infostealer CamCapture plugin user.ico Malware/Backdoor Obfuscated CobaltStrike Beacon img.png Malware/Backdoor Obfuscated named pipe backdoor (from CobaltStrike) mobsync.exe Malware/Backdoor Rizzo varies Malware/Backdoor Denis Roland RAT Classification Malware/Backdoor Aliases Size 245 KB (250,880 bytes) Type Win32 PE (DLL) File Name certcredprovider.dll.mui Timestamp
Load more

Recommended publications
  • Through the Looking Glass: Webcam Interception and Protection in Kernel
    VIRUS BULLETIN www.virusbulletin.com Covering the global threat landscape THROUGH THE LOOKING GLASS: and WIA (Windows Image Acquisition), which provides a WEBCAM INTERCEPTION AND still image acquisition API. PROTECTION IN KERNEL MODE ATTACK VECTORS Ronen Slavin & Michael Maltsev Reason Software, USA Let’s pretend for a moment that we’re the bad guys. We have gained control of a victim’s computer and we can run any code on it. We would like to use his camera to get a photo or a video to use for our nefarious purposes. What are our INTRODUCTION options? When we talk about digital privacy, the computer’s webcam The simplest option is just to use one of the user-mode APIs is one of the most relevant components. We all have a tiny mentioned previously. By default, Windows allows every fear that someone might be looking through our computer’s app to access the computer’s camera, with the exception of camera, spying on us and watching our every move [1]. And Store apps on Windows 10. The downside for the attackers is while some of us think this scenario is restricted to the realm that camera access will turn on the indicator LED, giving the of movies, the reality is that malware authors and threat victim an indication that somebody is watching him. actors don’t shy away from incorporating such capabilities A sneakier method is to spy on the victim when he turns on into their malware arsenals [2]. the camera himself. Patrick Wardle described a technique Camera manufacturers protect their customers by incorporating like this for Mac [8], but there’s no reason the principle into their devices an indicator LED that illuminates when can’t be applied to Windows, albeit with a slightly different the camera is in use.
    [Show full text]
  • Download Windows Media App How to Download Windows Media Center
    download windows media app How to Download Windows Media Center. wikiHow is a “wiki,” similar to Wikipedia, which means that many of our articles are co-written by multiple authors. To create this article, 16 people, some anonymous, worked to edit and improve it over time. This article has been viewed 208,757 times. Windows Media Center was Microsoft's media PC interface, and allowed you to record live TV, manage and playback your media, and more. Media Center has been discontinued, but you can still get it for Windows 7 or 8.1. If you are using Windows 10, you'll need to use an enthusiast- made hacked version, as Windows Media Center has been completely disabled. How to Download Windows Media Center. wikiHow is a “wiki,” similar to Wikipedia, which means that many of our articles are co-written by multiple authors. To create this article, 16 people, some anonymous, worked to edit and improve it over time. This article has been viewed 208,757 times. Windows Media Center was Microsoft's media PC interface, and allowed you to record live TV, manage and playback your media, and more. Media Center has been discontinued, but you can still get it for Windows 7 or 8.1. If you are using Windows 10, you'll need to use an enthusiast- made hacked version, as Windows Media Center has been completely disabled. Download this free app to get Windows Media Center back in Windows 10. With the release of Windows 10, Microsoft waved farewell to Windows Media Center. There are some excellent free alternatives around, but if you miss the classic video recorder and media player there's a free download that brings its suite of streaming and playback tools to the new operating system.
    [Show full text]
  • SLDXA /T /L1 – SLX Component List
    SLDXA /T /L1 – SLX Component List SLDXA.exe ver 1.0 Copyright (c) 2004-2006 SJJ Embedded Micro Solutions, LLC All Rights Reserved SLXDiffC.exe ver 2.0 / SLXtoTXTC.exe ver 2.0 www.sjjmicro.com Processing... File1 to TXT file. Opening XSL File Reading RTF for final conversion F:\SLXTEST\LOCKDOWN_DEMO2.SLX has the following Components Total Count is: 577 -------------------------------------------------- .NET Framework 1.1 - Security Update KB887998 Accessibility Control Panel Accessibility Core ACPI Fixed Feature Button Active Directory Service Interface (ADSI) Core Active Directory Service Interface (ADSI) LDAP Provider Active Directory Service Interface (ADSI) Windows NT Provider Active Template Library (ATL) Add Hardware Control Panel Add/Remove Programs Control Panel Administration Support Tools Administrator Account Advanced Configuration and Power Interface (ACPI) PC Analog TV Application Compatibility Core Audio Codecs Audio Control Panel Base Component Base Performance Counters Base Support Binaries CD-ROM Drive Certificate Request Client & Certificate Autoenrollment Certificate User Interface Services Class Install Library - Desk Class Install Library - Mdminst Class Install Library - Mmsys Class Install Library - Msports Class Install Library - Netcfgx Class Install Library - Storprop Class Install Library - System Devices Class Installer - Computer Class Installer - Disk drives Class Installer - Display adapters Class Installer - DVD/CD-ROM drives Class Installer - Floppy disk controllers Class Installer - Floppy disk drives
    [Show full text]
  • IBM Thinkpad Notebooks 1992 to 2001 - Withdrawn January 2001 - Version 214 IBM Thinkpad 240 - Withdrawn
    IBM PC Institute IBM Personal Systems Reference IBM ThinkPad Notebooks 1992 to 2001 - withdrawn January 2001 - Version 214 IBM ThinkPad 240 - withdrawn IBM ThinkPad Processor Intel Mobile Celeron 300, 366, or 400MHz1 / 66MHz system bus Processor features No upgrade / processor on Ball Grid Array (H-PBGA) L2 cache 128KB / onboard (full speed) / synchronous pipelined burst / ECC / write-back Diskette drive External 3.5" 1.44MB / connects to left side with FDD port / includes case and cable CD-ROM Option: External CD-ROM / via Portable Drive Bay and 24X-10X5 CD-ROM UltraslimBay Drive DVD-ROM Option: External DVD-ROM / via Portable Drive Bay and DVD-ROM UltraslimBay Drive Type-model ✂ 2609-21U ✂ 2609-31U ✂ 2609-41U Processor Celeron 300MHz Celeron 366MHz Celeron 400MHz Disk - size / ms 6.4GB4 / 13ms read / Ultra DMA/33 or PIO Mode 4 12.0GB / 12ms read / ATA-66 or PIO4 Preload (see side) Windows 987 Windows 987 SE Windows 987 SE Avail / withdrawn date June 1999 / February 2000 November 1999 / February 2000 February 2000 / February 2001 Display - size and type 10.4" TFT color (264.16mm) / Active Matrix Display - technology SVGA / 800x600 / 15ms refresh (typical) / 50 to 110 nits 16.7 million simultaneous colors / 250 to 1 contrast (typical) Graphics - controller NeoMagic MagicMedia128XD (NM2160C) / 128-bit accelerator / DDC2B / 2MB / SGRAM (embedded) / color space conversion Graphics - features Simultaneous LCD and CRT26 / 180 degree tilt / no multiple-monitor support / ext SVGA to 1024x768 with 65,536 colors Memory - std / max 64MB / 192MB33
    [Show full text]
  • Internet Explorer 9 Features
    m National Institute of Information Technologies NIIT White Paper On “What is New in Internet Explorer 9” Submitted by: Md. Yusuf Hasan Student ID: S093022200027 Year: 1st Quarter: 2nd Program: M.M.S Date - 08 June 2010 Dhaka - Bangladesh Internet Explorer History Abstract: In the early 90s—the dawn of history as far as the World Wide Web is concerned—relatively few users were communicating across this Internet Explorer 9 (abbreviated as IE9) is the upcoming global network. They used an assortment of shareware and other version of the Internet Explorer web browser from software for Microsoft Windows operating system. In 1995, Microsoft Microsoft. It is currently in development, but developer hosted an Internet Strategy Day and announced its commitment to adding Internet capabilities to all its products. In fulfillment of that previews have been released. announcement, Microsoft Internet Explorer arrived as both a graphical Web browser and the name for a set of technologies. IE9 will have complete or nearly complete support for all 1995: Internet Explorer 1.0: In July 1995, Microsoft released the CSS 3 selectors, border-radius CSS 3 property, faster Windows 95 operating system, which included built-in support for JavaScript and embedded ICC v2 or v4 color profiles dial-up networking and TCP/IP (Transmission Control support via Windows Color System. IE9 will feature Protocol/Internet Protocol), key technologies for connecting to the hardware accelerated graphics rendering using Direct2D, Internet. In response to the growing public interest in the Internet, Microsoft created an add-on to the operating system called Internet hardware accelerated text rendering using Direct Write, Explorer 1.0.
    [Show full text]
  • 3Dp-V264gt/Pro 3Dp-V264gt2/Tv User's Manual
    R 3DP-V264GT/PRO R 3DP-V264GT2/TV 3D Graphic Cards USER'S MANUAL Hardware & Video Drivers USER'S NOTICE No part of this product, including the product and software may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any lan- guage in any form by any means without the express written permission of ASUSTeK COMPUTER INC. (hereinafter referred to as ASUS) except documentation kept by the purchaser for backup purposes. Specifications are subject to change without notice. ASUS provides this manual “as is” without warranty of any kind, either express or implied, including but not limited to the implied warranties or conditions of merchantability or fitness for a particular purpose. In no event shall ASUS be liable for any loss or profits, loss of business, loss of use or data, interruption of business, or for indirect, special, inci- dental, or consequential damages of any kind, even if ASUS has been advised of the possibility of such damages arising from any defect or error in this manual or product. ASUS may revise this manual from time to time without notice. Products mentioned in this manual are mentioned for identification purposes only. Product names appearing in this manual may or may not be registered trademarks or copyrights of their respective companies. • IBM is a registered trademark of International Business Machines Corp. • Windows and MS-DOS are registered trademarks of Microsoft Corporation. • Sound Blaster AWE32 and SB16 are trademarks of Creative Technology Ltd. • Adobe and Acrobat are registered trademarks of Adobe Systems Incorporated. The product name and revision number are both printed on the board itself.
    [Show full text]
  • Security Policy Page 1 of 20
    Security Policy Page 1 of 20 Security Policy This security policy contains data to configure services and network security based on the server’s role, as well as data to configure registry and auditing settings. Server: VENGWIN207 Services Service Name Startup Mode Description Issues, manages, and removes X.509 certificates for such applications such as Active Directory Certificate S/MIME and SSL. If the service is stopped, Disabled Services certificates will not be issued. If this service is disabled, any services that explicitly depend on it will fail to start. AD DS Domain Controller service. If this service is stopped, users will be unable to log Active Directory Domain Services Disabled on to the network. If this service is disabled, any services that explicitly depend on it will fail to start. AD FS Web Agent Authentication The AD FS Web Agent Authentication Service Disabled Service validates incoming tokens and cookies. Adobe Acrobat Updater keeps your Adobe Adobe Acrobat Update Service Automatic software up to date. Sends logging messages to the logging database when logging is enabled for the Active Directory Rights Management Services role. If this service is disabled or stopped AdRmsLoggingService Disabled when logging is enabled, logging messages will be stored in local message queues and sent to the logging database when the service is started. Processes application compatibility cache Application Experience Disabled requests for applications as they are launched Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this Application Host Helper Service Disabled service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
    [Show full text]
  • Software License and Limited Warranty
    Software License and Limited Warranty LEASE READ CAREFULLY BEFORE INSTALLING THIS SOFTWARE. BY INSTALLING THIS SOFTWARE, PYOU AGREE TO BECOME BOUND BY THE TERMS OF THIS LICENSE. IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE, RETURN THIS PACKAGE TO THE PLACE WHERE YOU OBTAINED IT WITHIN 15 DAYS FOR A FULL REFUND. 1. Grant of License The enclosed computer program(s) (the “Software”) is licensed, not sold, to you by NewTek for use only under the terms of this License, and NewTek reserves any rights not expressly granted to you. You own the disk(s) on which the Software is recorded or fixed, but the Software is owned by NewTek or its suppliers and is protected by United States copyright laws and international treaty provisions. The copyright restrictions of this license extend to any further updates, software patches, or bug fixes made available to you by Newtek, whether distributed by floppy disc, CD ROM, or in an electronic format via BBS, ftp, email, etc. This License allows you to use one copy of the Software on a single computer at a time. To “use” the Software means that the Software is either loaded in the temporary memory (i.e., RAM) of a computer, or installed on the permanent memory of a computer (i.e., hard disk, CD ROM, etc.). You may use at one time as many copies of the Software as you have licenses for. You may install the Software on a common storage device shared by multiple computers, provided that if you have more computers having access to the common storage device than the number of licensed copies of the Software, you must have some software mechanism which locks out any concurrent user in excess of the number of licensed copies of the Software (an additional license is not needed for the one copy of Software stored on the common storage device accessed by multiple computers).
    [Show full text]
  • Javascript Client Reference
    World Wide Web security URLmerchant systemChat community system server navigator TCP/IP HTML Publishing Personal Client-Side JavaScript Reference Inter ww Version 1.3 Proxy SSL Mozilla IStore Publishing Internet secure sockets layer mail encryption HTMLhttp://www comp.syselectronic commerce JavaScript directory server news certificate Proxy Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement accompanying the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations, or compilation works is prohibited and constitutes a punishable violation of the law. Netscape may revise this documentation from time to time without notice. THIS DOCUMENTATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERROR IN THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE, OR DATA. The Software and documentation are copyright ©1994-1999 Netscape Communications Corporation. All rights reserved. Netscape, Netscape Navigator, Netscape Certificate Server, Netscape DevEdge, Netscape FastTrack Server, Netscape ONE, SuiteSpot and the Netscape N and Ship’s Wheel logos are registered trademarks of Netscape Communications Corporation in the United States and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries. JavaScript is a trademark of Sun Microsystems, Inc.
    [Show full text]
  • V3000 Series USER's MANUAL
    R V3000 Series AGP&PCI Graphics Cards USER’S MANUAL Hardware & Video Drivers AGP-V3000 AGP-V3000/TV 3DP-V3000/TV AGP-V3000ZXTV AGP-V3000ZX USER’S NOTICE No part of this manual, including the products and software described in it, may be repro- duced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except documentation kept by the purchaser for backup pur- poses, without the express written permission of ASUSTeK COMPUTER INC. (“ASUS”). ASUS PROVIDES THIS MANUAL “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PAR- TICULAR PURPOSE. IN NO EVENT SHALL ASUS, ITS DIRECTORS, OFFICERS, EM- PLOYEES OR AGENTS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROF- ITS, LOSS OF BUSINESS, LOSS OF USE OR DATA, INTERRUPTION OF BUSINESS AND THE LIKE), EVEN IF ASUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ARISING FROM ANY DEFECT OR ERROR IN THIS MANUAL OR PRODUCT. Product warranty or service will not be extended if: (1) the product is repaired, modified or altered, unless such repair, modification of alteration is authorized in writing by ASUS; or (2) the serial number of the product is defaced or missing. Products and corporate names appearing in this manual may or may not be registered trade- marks or copyrights of their respective companies, and are used only for identification or explanation and to the owners’ benefit, without intent to infringe.
    [Show full text]
  • Tweakhound, Windows 7 Beta Default Services
    Sheet1 Name Startup Type Adaptive Brightness Manual AppID Service Manual Application Experience Manual Application Information Manual Application Layer Gateway Service Manual Application Management Manual Background Intelligent Transfer Service Automatic (Delayed Start) Base Filtering Engine Automatic BitLocker Drive Encryption Service Manual Block Level Backup Engine Service Manual Bluetooth Support Service Manual BranchCache Manual Certificate Propagation Manual CNG Key Isolation Manual COM+ Event System Automatic COM+ System Application Manual Computer Browser Automatic Credential Manager Service Manual Cryptographic Services Automatic DCOM Server Process Launcher Automatic Desktop Window Manager Session Manager Automatic DHCP Client Automatic Diagnostic Policy Service Automatic Diagnostic Service Host Manual Diagnostic System Host Manual Disk Defragmenter Manual Distributed Link Tracking Client Automatic Distributed Transaction Coordinator Manual DNS Client Automatic Encrypting File System (EFS) Manual Extensible Authentication Protocol Manual Fax Manual Function Discovery Provider Host Manual Function Discovery Resource Publication Automatic Group Policy Client Automatic Health Key and Certificate Management Manual HomeGroup Listener Manual HomeGroup Provider Manual Human Interface Device Access Manual IKE and AuthIP IPsec Keying Modules Automatic Interactive Services Detection Manual Internet Connection Sharing (ICS) Disabled IP Helper Automatic IPsec Policy Agent Manual KtmRm for Distributed Transaction Coordinator Manual Link-Layer
    [Show full text]
  • 3Dexplorer® 3000 USER's MANUAL
    R 3DexPlorer® 3000 AGP-V3000 Graphics Card USER’S MANUAL Hardware & Video Drivers USER’S NOTICE No part of this manual, including the products and softwares described in it, may be repro- duced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except documentation kept by the purchaser for backup pur- poses, without the express written permission of ASUSTeK COMPUTER INC. (“ASUS”). ASUS PROVIDES THIS MANUAL “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PAR- TICULAR PURPOSE. IN NO EVENT SHALL ASUS, ITS DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDEN- TAL, OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE OR DATA, INTERRUPTION OF BUSI- NESS AND THE LIKE), EVEN IF ASUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES ARISING FROM ANY DEFECT OR ERROR IN THIS MANUAL OR PRODUCT. Products and corporate names appearing in this manual may or may not be registered trade- marks or copyrights of their respective companies, and are used only for identification or explanation and to the owners’ benefit, without intent to infringe. • Intel, LANDesk, and Pentium are registered trademarks of Intel Corporation. • IBM and OS/2 are registered trademarks of International Business Machines. • Symbios is a registered trademark of Symbios Logic Corporation. • Windows and MS-DOS are registered trademarks of Microsoft Corporation. • Sound Blaster AWE32 and SB16 are trademarks of Creative Technology Ltd.
    [Show full text]