hxxps://tracking[.]doctors-digest[.]com/?ref=5jkAAM5_YVHHK9zCJnr9GsldTOklW81zAQAAAAidTIS6B7YbZUAYrClTraSgdl-OaGfo3fxHyAcwbO_zD1g4RhD2JBRXgFjkVDvaDwlp0mdqpFwdquduqxXiNfBOFdwdZjJPw4GRTpYavaPG4ITGrzN3b29wGg2TCiHL6ikCYc1y4jbbsbj6wPLRKiYXzqXP2IyxLnreXckRc0AS8paLBAlQwppOer4mmryl3jjA51QSiAA__jYFiLWdABhL8vdp5mPk22X0R0pWDDp8NXmtO1tVGGBHAQwh3Rd2c_gyy5rhIc5NG-Lw_RKCQXpOhT5cmRbWERvmi1dGU6Q40sX1aSd2qapF7lPMj5ddWYrnoSmAJHP_xs566FxSfYZDcmmbIGkD0faGZOuTnuDznreMxWJFpgH4rdavf3LSHyDAH93dARaW_7jQgrXqTA1KtxIJMSWlMgUPkQDjjFuZmTHH_gz7ymfWauU-q9VExHInRF9XvsZNGb0b3CVEWygKLquqJwHq96JBjJKYmCqd564TB82RYBajwtoSB6N52lg7IZgmD8AOniL31SmdYHqlll8dqr0wxTeUwmT_5We7mm7YAaXGgH2WW-p3mb6Eebm1GTs5cO-3aOilClZrnshIBeigHn1eKeg7M3CVfyKo_UCuNK8gviJEFxapRsJMJzWnAhi7At-E9WeVpjTEK46iWu0Zg_HNiMsXinD0yKBP

General

Target

https://tracking.doctors-digest.com/?ref=5jkAAM5_YVHHK9zCJnr9GsldTOklW81zAQAAAAidTIS6B7YbZUAYrClTraSgdl-OaGfo3fxHyAcwbO_zD1g4RhD2JBRXgFjkVDvaDwlp0mdqpFwdquduqxXiNfBOFdwdZjJPw4GRTpYavaPG4ITGrzN3b29wGg2TCiHL6ikCYc1y4jbbsbj6wPLRKiYXzqXP2IyxLnreXckRc0AS8paLBAlQwppOer4mmryl3jjA51QSiAA__jYFiLWdABhL8vdp5mPk22X0R0pWDDp8NXmtO1tVGGBHAQwh3Rd2c_gyy5rhIc5NG-Lw_RKCQXpOhT5cmRbWERvmi1dGU6Q40sX1aSd2qapF7lPMj5ddWYrnoSmAJHP_xs566FxSfYZDcmmbIGkD0faGZOuTnuDznreMxWJFpgH4rdavf3LSHyDAH93dARaW_7jQgrXqTA1KtxIJMSWlMgUPkQDjjFuZmTHH_gz7ymfWauU-q9VExHInRF9XvsZNGb0b3CVEWygKLquqJwHq96JBjJKYmCqd564TB82RYBajwtoSB6N52lg7IZgmD8AOniL31SmdYHqlll8dqr0wxTeUwmT_5We7mm7YAaXGgH2WW-p3mb6Eebm1GTs5cO-3aOilClZrnshIBeigHn1eKeg7M3CVfyKo_UCuNK8gviJEFxapRsJMJzWnAhi7At-E9WeVpjTEK46iWu0Zg_HNiMsXinD0yKBP
Sample

210504-3afecspq4n

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "347"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e4500000000002000000000010660000000100002000000024a2e666e794073e8359d5ccd361584ae81d3707d7123c099234def50b4f20d7000000000e8000000002000020000000c115547d215a19094babaaf4a6b2f5a61d744fe157adff3ccfbb13121b5b60fd90000000c4b9581de2a9aeb45f467b941b2779724babaed0b82fa143da24c9919535682a1d19c5738d409fe7ef012379e84a82e71dd953939bfde7f3c4c717e0fc6f67460f6d10f524b4979dec498fe92d755c1e8e1dbe5d5601ea41aeb3c3de3565462d4ffd57d51ba04028b59e41c0b23acd3f119fffe2f466c8d3265e590eb2776be96403e3507724a9bbdf0921854ad24ed6400000009ebf0a9f649ba22c3d2bcd0a7b11bbc3278c7e97bf5642a602990436c3410c9c0ccd612bae9b1f1689b55db9ce4d9b6b032a69374eafaf08169aca1521702212	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "409"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "372"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "277"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD9272A1-ACF5-11EB-8C4D-4A399A711051} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "409"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "404"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "439"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "215"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "277"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "519"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "519"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "618"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "404"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "519"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "554"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "277"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "401"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "554"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "584"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "347"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "554"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "584"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "401"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "618"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\sciencealert.com\Total = "618"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "439"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e450000000000200000000001066000000010000200000004512d15ffb5eee9d2a4cb36f58978ed7d93e8476c4bd68d305a78ebe7be0cacc000000000e8000000002000020000000bb27dec9b8fea330d398d954037422db7196fd61adffe48ff288efb2e9082be7200000003af46ee4fd882b5a34d86c47a761a4a9a656e6f30fc7e1126dd440300b5eac26400000000c715389d3e599bb8ab84b64d143ad4485a49f7756e5074fadf65ef1550ad1551aa33592c09968a53b3ce51eba0750b88e078bd67eaa21fd866288240bd45dd2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "404"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "326910677"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sciencealert.com\ = "215"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

784 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

784 iexplore.exe
784 iexplore.exe
1984 IEXPLORE.EXE
1984 IEXPLORE.EXE
1984 IEXPLORE.EXE
1984 IEXPLORE.EXE

pid	process
784	iexplore.exe

pid	process
784	iexplore.exe
784	iexplore.exe
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 784 wrote to memory of 1984	784	iexplore.exe	IEXPLORE.EXE
PID 784 wrote to memory of 1984	784	iexplore.exe	IEXPLORE.EXE
PID 784 wrote to memory of 1984	784	iexplore.exe	IEXPLORE.EXE
PID 784 wrote to memory of 1984	784	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://tracking.doctors-digest.com/?ref=5jkAAM5_YVHHK9zCJnr9GsldTOklW81zAQAAAAidTIS6B7YbZUAYrClTraSgdl-OaGfo3fxHyAcwbO_zD1g4RhD2JBRXgFjkVDvaDwlp0mdqpFwdquduqxXiNfBOFdwdZjJPw4GRTpYavaPG4ITGrzN3b29wGg2TCiHL6ikCYc1y4jbbsbj6wPLRKiYXzqXP2IyxLnreXckRc0AS8paLBAlQwppOer4mmryl3jjA51QSiAA__jYFiLWdABhL8vdp5mPk22X0R0pWDDp8NXmtO1tVGGBHAQwh3Rd2c_gyy5rhIc5NG-Lw_RKCQXpOhT5cmRbWERvmi1dGU6Q40sX1aSd2qapF7lPMj5ddWYrnoSmAJHP_xs566FxSfYZDcmmbIGkD0faGZOuTnuDznreMxWJFpgH4rdavf3LSHyDAH93dARaW_7jQgrXqTA1KtxIJMSWlMgUPkQDjjFuZmTHH_gz7ymfWauU-q9VExHInRF9XvsZNGb0b3CVEWygKLquqJwHq96JBjJKYmCqd564TB82RYBajwtoSB6N52lg7IZgmD8AOniL31SmdYHqlll8dqr0wxTeUwmT_5We7mm7YAaXGgH2WW-p3mb6Eebm1GTs5cO-3aOilClZrnshIBeigHn1eKeg7M3CVfyKo_UCuNK8gviJEFxapRsJMJzWnAhi7At-E9WeVpjTEK46iWu0Zg_HNiMsXinD0yKBP
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:784

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:784 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1984

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
b1dce79b373bb0e4c4fa3ea410eb96ee

SHA1
ae8e2630cef7382f624b8505fc8fbee82ff41f14

SHA256
41768abd9fdda4654c2af4b521329c998cdc391531b6885ed8e2666ccb2e839f

SHA512
db715de54280632bf90d6d9af123ae54cbf4f4e6d982a7c4b68e64f83911f0dae1324b691661cf4a847032e90f4f47491f8f1d9a356c08ec4066cadc102d4094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bq3gxmw\imagestore.dat
MD5
548588aa2ab8273e84091137f728db3e

SHA1
7712717c8af14b7a87be2dc05c7d160cd40af3de

SHA256
1e569e908bf357869bc3e8aba2f7c4e0788e05085ed2a88b5b41593b90219dba

SHA512
07f79037556b2c8d4803f9789be3cab4ca2b1803fba045b43d56789ed487e850ca02b72cc22ad8b459661548840efd669d092bbe0ac90b92449c33fa9f15acf1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WXJYDYC8.txt
MD5
d7a5e93c8cc3279d1a0d4b413cdb7f4e

SHA1
cfcd5e2000b3c3585065453bdab52a9418f6aae7

SHA256
a034e33be4e40a63c28de388eeb9910143cefcfe09ea2e48f675d7547130216b

SHA512
0b169ee3aa1615d372e8ae0b3902557d29228f7bf35730a54756109d4efcd28e39aecef243279692d272501ebc303f47ca1d2529808b68cbcc7ef2b249387e77

Download Submit
memory/1984-60-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing