umbral | ebdb426e69d0c9f964fe2180372dbb24556588c8dfb37e6cb0d5f7ea5ba0c087

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2023, 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ManualWin10 (2).exe
Size

227KB
MD5

badc4c0e18209e84ab24fe8cccb5d1c9
SHA1

736fb2619ea2bab1992b6f6f7ac34a7dc315b565
SHA256

ebdb426e69d0c9f964fe2180372dbb24556588c8dfb37e6cb0d5f7ea5ba0c087
SHA512

0cf7d30ce41005e6aede39fff624c75e875fe5c0cf20adcf202a27c5459e437e1ce4dae9f7ecf1a75f8de0913401f390da64d96f2dfddc768bc95c4ee4eabff5
SSDEEP

6144:eloZM+rIkd8g+EtXHkv/iD4UxRPdmkrHMx9YW3X2ZNb8e1mbi:IoZtL+EP8UxRPdmkrHMx9YW3X2nV

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral2/memory/2388-133-0x000002362C670000-0x000002362C6B0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133358914361573065"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2388	ManualWin10 (2).exe
Token: SeIncreaseQuotaPrivilege	2220	wmic.exe
Token: SeSecurityPrivilege	2220	wmic.exe
Token: SeTakeOwnershipPrivilege	2220	wmic.exe
Token: SeLoadDriverPrivilege	2220	wmic.exe
Token: SeSystemProfilePrivilege	2220	wmic.exe
Token: SeSystemtimePrivilege	2220	wmic.exe
Token: SeProfSingleProcessPrivilege	2220	wmic.exe
Token: SeIncBasePriorityPrivilege	2220	wmic.exe
Token: SeCreatePagefilePrivilege	2220	wmic.exe
Token: SeBackupPrivilege	2220	wmic.exe
Token: SeRestorePrivilege	2220	wmic.exe
Token: SeShutdownPrivilege	2220	wmic.exe
Token: SeDebugPrivilege	2220	wmic.exe
Token: SeSystemEnvironmentPrivilege	2220	wmic.exe
Token: SeRemoteShutdownPrivilege	2220	wmic.exe
Token: SeUndockPrivilege	2220	wmic.exe
Token: SeManageVolumePrivilege	2220	wmic.exe
Token: 33	2220	wmic.exe
Token: 34	2220	wmic.exe
Token: 35	2220	wmic.exe
Token: 36	2220	wmic.exe
Token: SeIncreaseQuotaPrivilege	2220	wmic.exe
Token: SeSecurityPrivilege	2220	wmic.exe
Token: SeTakeOwnershipPrivilege	2220	wmic.exe
Token: SeLoadDriverPrivilege	2220	wmic.exe
Token: SeSystemProfilePrivilege	2220	wmic.exe
Token: SeSystemtimePrivilege	2220	wmic.exe
Token: SeProfSingleProcessPrivilege	2220	wmic.exe
Token: SeIncBasePriorityPrivilege	2220	wmic.exe
Token: SeCreatePagefilePrivilege	2220	wmic.exe
Token: SeBackupPrivilege	2220	wmic.exe
Token: SeRestorePrivilege	2220	wmic.exe
Token: SeShutdownPrivilege	2220	wmic.exe
Token: SeDebugPrivilege	2220	wmic.exe
Token: SeSystemEnvironmentPrivilege	2220	wmic.exe
Token: SeRemoteShutdownPrivilege	2220	wmic.exe
Token: SeUndockPrivilege	2220	wmic.exe
Token: SeManageVolumePrivilege	2220	wmic.exe
Token: 33	2220	wmic.exe
Token: 34	2220	wmic.exe
Token: 35	2220	wmic.exe
Token: 36	2220	wmic.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2220	2388	ManualWin10 (2).exe	81
PID 2388 wrote to memory of 2220	2388	ManualWin10 (2).exe	81
PID 4972 wrote to memory of 4344	4972	chrome.exe	99
PID 4972 wrote to memory of 4344	4972	chrome.exe	99
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 2832	4972	chrome.exe	101
PID 4972 wrote to memory of 1664	4972	chrome.exe	100
PID 4972 wrote to memory of 1664	4972	chrome.exe	100
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102
PID 4972 wrote to memory of 3444	4972	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\ManualWin10 (2).exe
"C:\Users\Admin\AppData\Local\Temp\ManualWin10 (2).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x108,0x128,0x7ffd0de59758,0x7ffd0de59768,0x7ffd0de59778
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:2
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4748 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1932,i,16568475805427053784,13262486567608909997,131072 /prefetch:8
  2⤵
  PID:1668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0e87b29e-f428-4189-b842-d8f74ed3a720.tmp

Filesize
177KB

MD5
df879373898b46dc6bce5be40b305ab4

SHA1
0cfb2a3149ce590535c715c57e21e329d362247e

SHA256
05505ace0f88787a6b98a54a1b4f36015c45edfbc3ea1e87f59a545ea661981a

SHA512
23b929d313601cf44401666b2de2e8800badb13b9cdff1da1cbf3bf305c63bb93ad3f10074f514495ff094054dcd03490e88997a6fbdb296414f027e4bfb962a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7303f64e238f4801b82c3340fb8393ab

SHA1
f198a7bcbb9eaf6e7bd7e5f04f1811721e47ad8b

SHA256
1cf5029a4dc8b9ef5d607b9dcaa8a52ece096b6a2f16cc118ca5e1fd021b7a87

SHA512
64cf9734d5036f38316eb67dd8fb10d873b6b865d792eddfd9a3499eb3b1c46dffdb63ebd1ae82567512453bc431000606d6d16c17cfbea3999079f1d8591b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
849542266b90a27d29a66e4b785ce8d6

SHA1
461da3d1b1a08934fb2a40a057bda46e944dd349

SHA256
c8e7d677f888d25417521c97403f303b84fbdebc7341fc0d198b396a5e46decf

SHA512
244ea7c7360f11dd22242ac8835266dd4acf02a05e4229f98d184c2ea58a4984a3f11afe4f71fdababe4b2a5dcb3e6683a65872422ec17bc6f5a85dcc30cb978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
30c26502d76ec143ab4d8a64aab5b484

SHA1
e6f9224709f11cc592f465464768643314ae50b2

SHA256
1113305d1d770513882d0f18a5d0392c7077c5b2d43ace2522b7db7c23d14931

SHA512
5269cf97f73003717bed5fdb547096fde4ad776d417924814e07a662f18be861f9923a77e1e9e09ba5403808db9c546a2a571390312a36494e7ebdcb72425459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb2fd2a332837ca00a8327d8e3df5e55

SHA1
017b5b451f5d718e0318869591e53676a8ebeded

SHA256
6373050efed3737eb6b776668bc52a76b58a78456827fa388e41cc8ace9e4d5c

SHA512
6c666f9b0e88949f345b592161ccc1452dad395d1c98f268281e51cd3c4c6a367570896af8bdd337756d31e5b6819e95c281fd80a6f18906d1fc88e844ab28b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
18cc6d31e4cc042ee0c2cbfb41983ca3

SHA1
88922eac6a85c851dd10e923663ebf3198cf8574

SHA256
97c90ea15f0a6ab36b876a3818bd36fbe3b009fabd704670ea65a3260cf529c3

SHA512
aa576b0865b0e3cb1d09cd1125a66058cbbdd5f1aa3761e8cd38cc48b9a3b689f1ddc9231404a35c2cc11f9537d1097435c62370ffcfb8f3d51b35954837e6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cd71c69e-ab91-4c57-8282-88f0e40ae195.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2388-133-0x000002362C670000-0x000002362C6B0000-memory.dmp

Filesize
256KB

Download
memory/2388-134-0x00007FFD0DBC0000-0x00007FFD0E681000-memory.dmp

Filesize
10.8MB

Download
memory/2388-135-0x000002362E3A0000-0x000002362E3B0000-memory.dmp

Filesize
64KB

Download
memory/2388-137-0x00007FFD0DBC0000-0x00007FFD0E681000-memory.dmp

Filesize
10.8MB

Download