81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812

Analysis

max time kernel
143s
max time network
99s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
Size

28KB
MD5

98796e376e08ab8fce2dfb0570938751
SHA1

5a8f6bfdc7791d7c7336b225ec996fb60a90a6d3
SHA256

81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812
SHA512

a029579f3f9c6f5247521097fbccec8cdd1d196c95d8813c8da446bb33474b15a2465578a6c3c60e5533ba07e1a5515b4cde55596a14df3b7c9ca98ae2d35877
SSDEEP

768:b2FFwaMLgTzqjA4pYOUd+/u9uppQ1MZrX5iHkYmDWVcNnXwzMtc2/:bWTcvjVpzJdYWZ75hYy

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1072	sovhst.exe

Sets file execution options in registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZhuDongFangYu.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KpfwSvc.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safeup.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZhuDongFangYu.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.KXP\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KpfwSvc.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.EXE	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE\debugger = "ntsd -d"	sovhst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE\debugger = "ntsd -d"	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE	sovhst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE	sovhst.exe

Deletes itself 1 IoCs

pid	Process
1164	cmd.exe

Loads dropped DLL 3 IoCs

pid	Process
1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
1072	sovhst.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dllcache\linkinfo.dll	sovhst.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\sovhst.exe	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
File opened for modification	C:\Program Files\sovhst.exe	sovhst.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\fonts\niuxs.sys	sovhst.exe
File created	C:\Windows\fonts\fuckjss.sys	sovhst.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1192	sc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe
1072	sovhst.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
460	Process not Found
460	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1072	sovhst.exe
Token: SeDebugPrivilege	1072	sovhst.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1072	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	27
PID 1092 wrote to memory of 1072	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	27
PID 1092 wrote to memory of 1072	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	27
PID 1092 wrote to memory of 1072	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	27
PID 1072 wrote to memory of 808	1072	sovhst.exe	28
PID 1072 wrote to memory of 808	1072	sovhst.exe	28
PID 1072 wrote to memory of 808	1072	sovhst.exe	28
PID 1072 wrote to memory of 808	1072	sovhst.exe	28
PID 808 wrote to memory of 1192	808	cmd.exe	30
PID 808 wrote to memory of 1192	808	cmd.exe	30
PID 808 wrote to memory of 1192	808	cmd.exe	30
PID 808 wrote to memory of 1192	808	cmd.exe	30
PID 1092 wrote to memory of 1164	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	31
PID 1092 wrote to memory of 1164	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	31
PID 1092 wrote to memory of 1164	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	31
PID 1092 wrote to memory of 1164	1092	81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe	31

C:\Users\Admin\AppData\Local\Temp\81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe
"C:\Users\Admin\AppData\Local\Temp\81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files\sovhst.exe
  "C:\Program Files\sovhst.exe"
  2⤵
  - Executes dropped EXE
  - Sets file execution options in registry
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c sc config avp start= disabled
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:808
  - - C:\Windows\SysWOW64\sc.exe
      sc config avp start= disabled
      4⤵
      Launches sc.exe
      PID:1192
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\81fc2152f255942e1a8d0ba485d0ec6eae29fc2e1fcaa72011670fd07156d812.exe"
  2⤵
  - Deletes itself
  PID:1164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\sovhst.exe

Filesize
24KB

MD5
b6798f264cb81ca4b619ee5795194727

SHA1
15e9fd8ebac957782e3156f9776d1e0ceb7320ed

SHA256
404017f0c0773086387a3388ede20a0ebe486ab86da613d35b6627e105098c7f

SHA512
03eaef7ca5d13cffc39f7acc8cd154e7f8b9b2a93d2adff3e212a2f85af4f611eddfc57ac940e275dcb776801df7b22854da1904f825ee5e9837013ec7590cc9

Download Submit
C:\Program Files\sovhst.exe

Filesize
24KB

MD5
b6798f264cb81ca4b619ee5795194727

SHA1
15e9fd8ebac957782e3156f9776d1e0ceb7320ed

SHA256
404017f0c0773086387a3388ede20a0ebe486ab86da613d35b6627e105098c7f

SHA512
03eaef7ca5d13cffc39f7acc8cd154e7f8b9b2a93d2adff3e212a2f85af4f611eddfc57ac940e275dcb776801df7b22854da1904f825ee5e9837013ec7590cc9

Download Submit
\Program Files\sovhst.exe

Filesize
24KB

MD5
b6798f264cb81ca4b619ee5795194727

SHA1
15e9fd8ebac957782e3156f9776d1e0ceb7320ed

SHA256
404017f0c0773086387a3388ede20a0ebe486ab86da613d35b6627e105098c7f

SHA512
03eaef7ca5d13cffc39f7acc8cd154e7f8b9b2a93d2adff3e212a2f85af4f611eddfc57ac940e275dcb776801df7b22854da1904f825ee5e9837013ec7590cc9

Download Submit
\Program Files\sovhst.exe

Filesize
24KB

MD5
b6798f264cb81ca4b619ee5795194727

SHA1
15e9fd8ebac957782e3156f9776d1e0ceb7320ed

SHA256
404017f0c0773086387a3388ede20a0ebe486ab86da613d35b6627e105098c7f

SHA512
03eaef7ca5d13cffc39f7acc8cd154e7f8b9b2a93d2adff3e212a2f85af4f611eddfc57ac940e275dcb776801df7b22854da1904f825ee5e9837013ec7590cc9

Download Submit
\Users\Admin\AppData\Local\Temp\dll79C3.tmp

Filesize
17KB

MD5
639e7403b60d35fd9fb7474d756bdb68

SHA1
d5f625170104b3599824d915e16ac7d8f8e72e50

SHA256
b23feac5c0a9b51848e41beef12e68c70a9266aa966f93bb884d4e7383813ef1

SHA512
cac3802c7eb2d1e64079d484c508f3538f33d46f87c1ee9636748ae866ff3d36994822b6be2b5950d7dce78d9d010a77d497588edcda325e096489189e87d6ef

Download Submit
memory/1072-61-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/1072-66-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1092-54-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1092-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download