0681c37cfbb640a08028c3ba49e92dc82268f8ad2aa865b86efafc834ade3682

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0681c37cfbb640a08028c3ba49e92dc82268f8ad2aa865b86efafc834ade3682.ps1
Size

903KB
MD5

55e24e49a28d1c65ef535778982d0854
SHA1

368b76cfca253c01675533f1a9ba4756eab239b1
SHA256

0681c37cfbb640a08028c3ba49e92dc82268f8ad2aa865b86efafc834ade3682
SHA512

6aecf6a9a90083d8599da9fc1c68d9783942b6819739ceb8f03a4df58f20a92addba17561969b0e85d2243a33eceb2b28ca9571c782abc746e7f298734577067

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 8 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\FormatGet.tif => C:\Users\Admin\Pictures\FormatGet.tif.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\RestoreLimit.crw => C:\Users\Admin\Pictures\RestoreLimit.crw.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\RestoreUndo.crw => C:\Users\Admin\Pictures\RestoreUndo.crw.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\WriteSkip.raw => C:\Users\Admin\Pictures\WriteSkip.raw.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\PublishWait.raw => C:\Users\Admin\Pictures\PublishWait.raw.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\ProtectMeasure.png => C:\Users\Admin\Pictures\ProtectMeasure.png.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\RenameExit.tif => C:\Users\Admin\Pictures\RenameExit.tif.713f59	powershell.exe
File renamed	C:\Users\Admin\Pictures\FindUndo.tif => C:\Users\Admin\Pictures\FindUndo.tif.713f59	powershell.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00505_.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG	powershell.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\713F59-Readme.txt	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18253_.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2F.GIF	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar	powershell.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo	powershell.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\de.pak	powershell.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\713F59-Readme.txt	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00049_.WMF	powershell.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\713F59-Readme.txt	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\HEADINGBB.DPV	powershell.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02431_.WMF	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0313965.JPG	powershell.exe
File opened for modification	C:\Program Files\CompressJoin.mpeg3	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\JFONT.DAT	powershell.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\713F59-Readme.txt	powershell.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages.properties	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00917_.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN058.XML	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152882.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00241_.WMF	powershell.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT_F_COL.HXK	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0151581.WMF	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_COL.HXC	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGPUNCT.XML	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35B.GIF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp	powershell.exe
File opened for modification	C:\Program Files\Java\jre7\lib\classlist	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar	powershell.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187825.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\mspub.exe.manifest	powershell.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONENOTE_COL.HXT	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar	powershell.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287018.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099178.WMF	powershell.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\FLASH.NET.XML	powershell.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\713F59-Readme.txt	powershell.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan	powershell.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1828	powershell.exe
Token: SeDebugPrivilege	1828	powershell.exe
Token: SeImpersonatePrivilege	1828	powershell.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 1984	1828	powershell.exe	28
PID 1828 wrote to memory of 1984	1828	powershell.exe	28
PID 1828 wrote to memory of 1984	1828	powershell.exe	28
PID 1984 wrote to memory of 956	1984	csc.exe	29
PID 1984 wrote to memory of 956	1984	csc.exe	29
PID 1984 wrote to memory of 956	1984	csc.exe	29
PID 1828 wrote to memory of 1620	1828	powershell.exe	30
PID 1828 wrote to memory of 1620	1828	powershell.exe	30
PID 1828 wrote to memory of 1620	1828	powershell.exe	30
PID 1620 wrote to memory of 1812	1620	csc.exe	31
PID 1620 wrote to memory of 1812	1620	csc.exe	31
PID 1620 wrote to memory of 1812	1620	csc.exe	31

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\0681c37cfbb640a08028c3ba49e92dc82268f8ad2aa865b86efafc834ade3682.ps1
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wgvymfoi.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES403D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC403C.tmp"
    3⤵
    PID:956
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bwyxoonm.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4156.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4136.tmp"
    3⤵
    PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES403D.tmp

Filesize
1KB

MD5
e0e91f62e1e8b956f187f3039160a3ad

SHA1
a978ad1e4bee908e7da8866b6bb9d89b6256dead

SHA256
715b149a112bf6ea8760faf43a5574b0846b61d6a1f042464f885b14a9be35e9

SHA512
7ac1061e696a39618e1d2d63927191db028315e4751b2ee585b3c477f617718bae14b4ce96020abc9f9d0cf13e19d2234edccc358e99f6bbb8772a284cdd10f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES4156.tmp

Filesize
1KB

MD5
ad2f6fbf23eb3bbb9a6d488ddd538903

SHA1
011b986f790a64f9e1c54104f2f1e2dd5c69c1cf

SHA256
dba9380c92359475a282238eccad918ac5656ec5e78b871e0eb755a2693ff578

SHA512
dbb547eed10caa975f02637df0fea17aab305f43d2692cb5d99951ad2f2bbef1a4557583f69c1b3bd1422b2d3986a75bf028da59e936c5a88427b3a62cef40d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\bwyxoonm.dll

Filesize
4KB

MD5
b91954dd5e56c6bde0144ad38f09dead

SHA1
d2bf5a55c057da73e49e4a99135a3f23e266f908

SHA256
be8a0a60c39cb437421fc5de1b2b53ffe103d70aeb119e5998368855c7cbdb64

SHA512
79050e0b0b3991b3b230568496af08f7dcb2a89c9b63e3e0fafeae018eec69741204736f5fd650942a01b19d8a79d0f2ee2534cf7cce7e74330e5b3aaa2fdee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\bwyxoonm.pdb

Filesize
7KB

MD5
e6c982737655392cdae8f622e395ce0d

SHA1
bb4210faa39e9a98e822e9e3741050a2bb60fcf6

SHA256
68ad3daabdce0073d08048c1de13e3f8bf0d61a5165276be025ea6b93490285c

SHA512
6757743e49f7dcb51dd82f1b33ae0c7465d37c94f4aadf7abd3688248451f69b0f44bb66a1258c1d66226af64603969388b24e56e83e65a7c6d8d0c05afa9842

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgvymfoi.dll

Filesize
6KB

MD5
2ff543077bb57e7968f3f2290cf014d3

SHA1
64fd2cc98ebea780184eec554b4fac16da82111d

SHA256
d32de2dc841d7ab40efb09320d52eba6a93004dfd1711c3ef452a107697c5618

SHA512
ddea7ac437212b8facf84baca33adb6d6abeb574550651bc1786d6475aab73c575e1ef52c4ceeb384b73dd232d4ec41858ff9c13898a489a3a196b1710b0f4a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgvymfoi.pdb

Filesize
7KB

MD5
32bf465dbfbcbcd78fea65ed75ca997b

SHA1
38cb6c6f922a629340e1a63b84975f7abab2e85d

SHA256
ad246f16e723fc98d39ee9ea5f99e3d3804d0f0adc68178d8a46f9c1c211e0ca

SHA512
4a6ad171c0e00a9062e0e4164f2beee30d92dba5c91f14c1075b900cf3397b5aa8b5fca8bbbe3c5bee0c71e6ba14436077bcb5552bfa23410ed9e0870e24b39e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC403C.tmp

Filesize
652B

MD5
86dd1a97f3f5f5b748cfcab807eb3789

SHA1
f53852d99e32ea5b794f6ea2cbc5c59e6d9b11c1

SHA256
28ea289524d64a8ef6a84dcf9ee75b92b14bfc0bfc1463aeb409030e020c5b5b

SHA512
08b0c285030458bf857e84d4bcbf6e38388d290ec4eef067652c749d7ebe8d0317a4a42356613bd81c06f0c4ad6839fc65d33e1815dbd4413c993121a888f1fa

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC4136.tmp

Filesize
652B

MD5
a1b323c77955cecc9d47f4337821320a

SHA1
15c4a604a7b8609cfcf3a19fb3cf8855d4397305

SHA256
4875eacfb7d2a5dff2b9b7275a4991c9f4c5e4f944652dfb29cb7ded9f265ac6

SHA512
e06d16a439b62bb56e64dd6a3925b6287f832b25674ec9eb6b1d4804ad7d820dc6e705313758f053533896e94407485caba39d42e1d9ed57fa061d0a59c586e3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bwyxoonm.0.cs

Filesize
2KB

MD5
c97bbb0991bdcc70f6cd23e863029f03

SHA1
3f21d01b0970a323b090056e285b4261c784cb19

SHA256
c59ec8f208e5dd9e310b3ca6a2148c22ff52ada68d15e2cd0ade4a819a20208a

SHA512
436100ea9f52ae49a6c5179d12464a1e18bb0cbfddb4545774d582fe2d5c269efdf6bce97ad84deb3419f29f4ba0572a1ccebd5beb70ecd98c7c59ed77f4196d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bwyxoonm.cmdline

Filesize
309B

MD5
744bad5a189211c941eef767580a98e4

SHA1
fa2225f7d52ace6a735cc51358a0836742b2ee36

SHA256
c02c8a86df117a716b1ec0eb79e16837df43afb6a1f6fe9570a6e16f72b3e4e9

SHA512
11f16cf716ffb8cf8657246f597b3a914c3a7999e8d59d1965f997f85dc6846984783965dc14f3c16e8818ce2660da86d6b8be6ca3f5b58a948d205095f90bbe

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wgvymfoi.0.cs

Filesize
8KB

MD5
07086ea98fed0079427b7f0710fe62e0

SHA1
8bd780bdb9a03d88f32ebef8549509a697fe0102

SHA256
eab011089366b76f3f371a62efbe22340ed3adbd2cd5a46a5558c3faac101fff

SHA512
d1b4741ca1d09f5b8e72e43c6d08a8f6d69d14cac46bf3c42004e0105e18e892f2ea44f3b28a984779c3c047f5641431148c39bf0eb09093473d2c105c4d2d97

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wgvymfoi.cmdline

Filesize
309B

MD5
0718b03e390643aae7134c47ac91909e

SHA1
46004811f414a4d707de28187cb4ab76704e59a1

SHA256
8237c765fde85cf0143f515489971d988e981f466c08676710b7cd386d89df86

SHA512
f1f5402fe3e3abbbe31bd11b8741ab72094e93038c162f2113f535686b7cf670e31b8eae7b2c89a34beed7e8b47c3bfa866191040c6920e64897df6057e423f7

Download Submit
memory/1828-56-0x000007FEF3900000-0x000007FEF445D000-memory.dmp

Filesize
11.4MB

Download
memory/1828-59-0x00000000028AB000-0x00000000028CA000-memory.dmp

Filesize
124KB

Download
memory/1828-54-0x000007FEFC4B1000-0x000007FEFC4B3000-memory.dmp

Filesize
8KB

Download
memory/1828-58-0x000000001B7B0000-0x000000001BAAF000-memory.dmp

Filesize
3.0MB

Download
memory/1828-57-0x00000000028A4000-0x00000000028A7000-memory.dmp

Filesize
12KB

Download
memory/1828-55-0x000007FEF4460000-0x000007FEF4E83000-memory.dmp

Filesize
10.1MB

Download
memory/1828-76-0x0000000002621000-0x0000000002639000-memory.dmp

Filesize
96KB

Download