Overview

overview

10

Static

static

3

sdffgevy.exe

windows7-x64

10

sdffgevy.exe

windows10-1703-x64

10

sdffgevy.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-10-2023 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sdffgevy.exe

  • Size

    488KB

  • MD5

    13377617ad84d99f894db1495e699192

  • SHA1

    b1e03eb8aefa1aff7ccc713cded0026829cc3a2c

  • SHA256

    696ca83e5c5eb35a2485c607b01add0cc050b8920b48aadb9163450547fe1bc5

  • SHA512

    fc32d77d21da3d9045de3375d2469bd98968cc24946248e995ae6d1eb82c724b02ee3b34141ee3b53782e6a440542b1b95de35f3a1672da22fd475694348bfaf

  • SSDEEP

    6144:gMrKvJ4ixnC0+HUcm2l97nDpJ5qpoDiZeA9SckRCA/TKJp6Fs/Yopa4TiRkdZp7P:z5ixnC07cN7nDv5qDU8A/k6FKY89lNx

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Signatures

  • Detect PurpleFox Rootkit 7 IoCs

    Detect PurpleFox Rootkit.

    rootkit
  • Gh0st RAT payload 7 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    rootkittrojanpurplefox
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 32 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sdffgevy.exe
    "C:\Users\Admin\AppData\Local\Temp\sdffgevy.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe C:\Users\Public\Music\MGzpjc
      2⤵
        PID:1720
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\Users\Admin\AppData\Roaming\VS884\dUND.exe
        "C:\Users\Admin\AppData\Roaming\VS884\dUND.exe" -n C:\Users\Admin\AppData\Roaming\VS884\EEU.zip -d C:\Users\Admin\AppData\Roaming
        2⤵
        • Drops startup file
        • Executes dropped EXE
        PID:4632
      • C:\ProgramData\1K1K4K\KH0XG0y.exe
        "C:\ProgramData\1K1K4K\KH0XG0y.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3512
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:416

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\1K1K4K\KH0XG0y.exe
        Filesize

        2.2MB

        MD5

        afd1c09b13ac9d85781c6e4fe07457c7

        SHA1

        bb559602478c9b2e96da8eaa77f0536577aca1df

        SHA256

        9a50ab40120b76695c78d45c64a97f7179033a2a05f5a2e97db36c2a81021806

        SHA512

        1f48829faef6f22836e8946fb610c73b4134f0efa6c5ce0ece6c19606506c6d7fc4db4852b06b38183b1ad58c7775ffba5f0c69f93ce57532d29bff1d88226c4

        Download Submit

      • C:\ProgramData\1K1K4K\KH0XG0y.exe
        Filesize

        2.2MB

        MD5

        afd1c09b13ac9d85781c6e4fe07457c7

        SHA1

        bb559602478c9b2e96da8eaa77f0536577aca1df

        SHA256

        9a50ab40120b76695c78d45c64a97f7179033a2a05f5a2e97db36c2a81021806

        SHA512

        1f48829faef6f22836e8946fb610c73b4134f0efa6c5ce0ece6c19606506c6d7fc4db4852b06b38183b1ad58c7775ffba5f0c69f93ce57532d29bff1d88226c4

        Download Submit

      • C:\ProgramData\1K1K4K\KH0XG0y.exe
        Filesize

        2.2MB

        MD5

        afd1c09b13ac9d85781c6e4fe07457c7

        SHA1

        bb559602478c9b2e96da8eaa77f0536577aca1df

        SHA256

        9a50ab40120b76695c78d45c64a97f7179033a2a05f5a2e97db36c2a81021806

        SHA512

        1f48829faef6f22836e8946fb610c73b4134f0efa6c5ce0ece6c19606506c6d7fc4db4852b06b38183b1ad58c7775ffba5f0c69f93ce57532d29bff1d88226c4

        Download Submit

      • C:\ProgramData\1K1K4K\info.txt
        Filesize

        119KB

        MD5

        e47ce3af60628f795b86b3c3aff8b88f

        SHA1

        88051cfdd8fbd780888aba557a35cba97635694e

        SHA256

        40e00f085b691bbf8adbef2adb0ec55d5c6dee808605be4e4fd8ccad65f59c4b

        SHA512

        7ba0870dd4817e24f13a513a3ebd1196b0994f4a54574ac44b8791c52c9cd98260c96ab8368d04889472f4cb0bf08e2affe81f9593f80af43f57762d5f4cf1db

        Download Submit

      • C:\ProgramData\1K1K4K\qqffoBase.dll
        Filesize

        484KB

        MD5

        9f06ceef05be654f331d8771c74b25f0

        SHA1

        656829c09c9b3341afc371932e53271e76f09c23

        SHA256

        6417309e97acc09cbd18f919cd7b767584649ad2867abf613a47cf502da81507

        SHA512

        ca68a814ca42f8d7ffe35e78bbaa40d3d3d49cbc3c46832719d2b4d6566d8eee031f568fbdbc0d872fd5b84bea4f21ba4633baff3513b919789790b3516af5b3

        Download Submit

      • C:\ProgramData\1K1K4K\qqffoBase.dll
        Filesize

        484KB

        MD5

        9f06ceef05be654f331d8771c74b25f0

        SHA1

        656829c09c9b3341afc371932e53271e76f09c23

        SHA256

        6417309e97acc09cbd18f919cd7b767584649ad2867abf613a47cf502da81507

        SHA512

        ca68a814ca42f8d7ffe35e78bbaa40d3d3d49cbc3c46832719d2b4d6566d8eee031f568fbdbc0d872fd5b84bea4f21ba4633baff3513b919789790b3516af5b3

        Download Submit

      • C:\ProgramData\SHELL.TXT
        Filesize

        1.2MB

        MD5

        a70e878d33aedb2062dd6dd99e340ff3

        SHA1

        a46b786c73f1751c998f00a4c41c0ea75f5e88e5

        SHA256

        a822a24f5987587a129a46e15dd905b2d09e605116689197e9222ea811a4e962

        SHA512

        78e196bd3dcbbcc43eedfb3c2cc2532537090c8b755eeeeafeb2a555f8035c14feedcddcfe991ad4c01f99889ca3dcd7e43652a1bf9a36e93400bedd363e6530

        Download Submit

      • C:\ProgramData\SHELL.ini
        Filesize

        92B

        MD5

        1213b2902b1c8b54868828c5a532811c

        SHA1

        ffe38a207b31fac5797c86e43ca3ed5667e96d0e

        SHA256

        67c9bbef4f0e63c67f09b7519f3178a820a0fcfdda5b84998dd8078c3fbd9d08

        SHA512

        3ffa49c5f45c0f2baedc5cd9c326b289b6dd608aea036235040e2f35479d62dfab6a7ecc7d66e1deac67834babee4b7272e7b7e7a0a9a4dff35fb76804c9f193

        Download Submit

      • C:\ProgramData\SHELL.ini
        Filesize

        102B

        MD5

        2e3c18cf89e3995c1caad22622a8633a

        SHA1

        1f5b89c2368f2e3974fe951fa087a3a2cd36146d

        SHA256

        0f371f46af350a287c34e785aec5b3d0a52d97e0aeabf548e612b6c3f51f5e79

        SHA512

        e349cd0e0908c7f6ca61402aebe674a34342add6dfd4a7ca03d708746d0d2039bb08aec03f3029a2180cf03ab8cdacfc3ea9bbe42dcfa6f0a70ae12a92b0575c

        Download Submit

      • C:\Users\Admin\AppData\Roaming\VS884\EEU.zip
        Filesize

        1KB

        MD5

        3a69f43119ff511e218c94bf4afa5676

        SHA1

        2588b2b480f7888481a12e386f90112eb52b802b

        SHA256

        a270353b6e6967d0004c2a83607b3e0952f1c6e5fb5c7b57e344c6d1073d1845

        SHA512

        a636c93f881c6deec6c1e327684777ebb6cf51ccf29cfdb5b4e1832ebfbac456a1ee7847ff9ec68a5c46557cd9b8c2314aa3c5c33ef9272526bf39a9bbe8b233

        Download Submit

      • C:\Users\Admin\AppData\Roaming\VS884\Embarcaderophi.lnk
        Filesize

        797B

        MD5

        a4366fa490d941dd2436fafbb00cfd4b

        SHA1

        a439b80096f403f20795262beb586e4706072b73

        SHA256

        1655bdc8d9677dcce056629afecb2f43b95c5e10f31a219fcc36cc9c84db055b

        SHA512

        7506535f8338dddff9d6fb6b545e958467e4ed391b5cc7ad9491b11b7bc32e2d76302a19c9ba953faf816f9ac82e41bdf8f3337316e28248242a0781b0b9e0e7

        Download Submit

      • C:\Users\Admin\AppData\Roaming\VS884\dUND.exe
        Filesize

        152KB

        MD5

        6ffd7c733dde81f2b6b8782e690b044d

        SHA1

        19163bb2a519b23757061333da30c734cee7e32e

        SHA256

        cafde9e7d48e330f8edb552e2c026d11a318b8c9ee49bbd1a3dc9af1436e2fbc

        SHA512

        d9a42c9b1953a607f5c65e93bcd9d263ce5bf37f5bad57517848d0e6d7ea601f3378c48b143920fde8cab8626d5abfd97c2500f21bb981441aa0ab555dd1fda3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\VS884\dUND.exe
        Filesize

        152KB

        MD5

        6ffd7c733dde81f2b6b8782e690b044d

        SHA1

        19163bb2a519b23757061333da30c734cee7e32e

        SHA256

        cafde9e7d48e330f8edb552e2c026d11a318b8c9ee49bbd1a3dc9af1436e2fbc

        SHA512

        d9a42c9b1953a607f5c65e93bcd9d263ce5bf37f5bad57517848d0e6d7ea601f3378c48b143920fde8cab8626d5abfd97c2500f21bb981441aa0ab555dd1fda3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\VS884\dUND.exe
        Filesize

        152KB

        MD5

        6ffd7c733dde81f2b6b8782e690b044d

        SHA1

        19163bb2a519b23757061333da30c734cee7e32e

        SHA256

        cafde9e7d48e330f8edb552e2c026d11a318b8c9ee49bbd1a3dc9af1436e2fbc

        SHA512

        d9a42c9b1953a607f5c65e93bcd9d263ce5bf37f5bad57517848d0e6d7ea601f3378c48b143920fde8cab8626d5abfd97c2500f21bb981441aa0ab555dd1fda3

        Download Submit

      • C:\Users\Public\K0K3J3
        Filesize

        2.8MB

        MD5

        a4545f9052e0f25d388fd08d1f8dc918

        SHA1

        14427a5dee047507d72cd4654ccc60db88fc4aae

        SHA256

        37e849c75b1904a47549335a3b72d458c9e28617f18502bdd4860365442f5f86

        SHA512

        102f3ff5784c9b0e65ba708962da79e04a77007d16e00fc67d3496b56c83fca83af65a70cba8bba84e4953659b133e51d484f9b0255205cdb080070c665599a8

        Download Submit

      • C:\Users\Public\Music\MGzpjc\9PJztj.lnk
        Filesize

        1006B

        MD5

        e635a4ea756bdf3df07e678b87a930f8

        SHA1

        23eed216789acf63730684310b322517eccf309f

        SHA256

        8dbe46c683c3da095dfed2c7eec6fd64847bb08a3de7081c3aadf504271bb117

        SHA512

        6c66e3a69564950442892cc15def3bd7a3396ddbfabed7cc402f0d539810561ce99bcc97bc94bd900f6c8884ebacf66db4d683f579338026a84c0751df379e40

        Download Submit

      • C:\Users\Public\Music\MGzpjc\Aga3TN.lnk
        Filesize

        1006B

        MD5

        539c3b2f6cd7cd6555e2912052446a78

        SHA1

        547ea8e39ceb78cc43d0ff9fa9a072be6ca47c04

        SHA256

        cc6bd833b5a99a7a96c46a0d32475557eb8cd4716ec83743e37f1a121c08e687

        SHA512

        c3c65f617a0290b7ec9db0aa389afa0acf4317ab8704078ba03d4183d111b4143766653ee72ac350affd28d9e2b88f24ef3193442b6376cd1c1b141acc0be79f

        Download Submit

      • C:\Users\Public\Music\MGzpjc\Dkd7XR.lnk
        Filesize

        1006B

        MD5

        fa7daa72e447668181164580393b8129

        SHA1

        6a7ed45afd35be89242f141395596f5c64c23b87

        SHA256

        bec5aec25489cbdb6d0213111929248e19a4abb251ef26fedb4f9677a2deda15

        SHA512

        cff99ac6c2a9a3015ea7ab10a622b44cc7c3b768fbfeb5fcc1e1774f3b512b034870c3533406c7b262977a2e7139da7ae67fcefae239b0d035133069c51b50b9

        Download Submit

      • C:\Users\Public\Music\MGzpjc\Evoi81.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\HBrlb4.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\LFypi8.lnk
        Filesize

        1006B

        MD5

        ec841c3fc351488dece7c0767246c909

        SHA1

        77a9928539888c01d88346d9cb26d66f9ed5b095

        SHA256

        2b21c03aa6dc924274882fcb5a8b52a02baa763ecf531238f1d73c0146b6cb54

        SHA512

        83d4372ea1f51f9c8a362fd0dd3d3cd6db3d315dacbd86b46bb75dbe1a9090722f86a8013dbf55b66a8c280a869d3fa9c27dcdb36ec0734445b003b14cc4d97f

        Download Submit

      • C:\Users\Public\Music\MGzpjc\c3WNGA.lnk
        Filesize

        1006B

        MD5

        9d0d57e44d18057be8edfb2119c9c66a

        SHA1

        3bbcc0532c37b97c0dcc0d1b9bcb093e0806a50d

        SHA256

        a78ecac5a8487558577d44172691eb2689e1c66ac8336d39b9239b2cbe11c0da

        SHA512

        f27ba789a7bd9695f34cb33f888dfced85920ce3b7fa2e8d46d39e1e04dfb7bf256b6af710e476c3554ae834c536a1b05f1d7ad0cef80ec6d98dd6fa1275a267

        Download Submit

      • C:\Users\Public\Music\MGzpjc\lb5YPy.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\r81SLF.lnk
        Filesize

        1006B

        MD5

        b7c9e3da8d0eca2b43911fd22e5e94f1

        SHA1

        c312e6db39fcfebb7f042fe74f2d631bcebea590

        SHA256

        d9b1c3ab635a13da4b89806cad52cdc716b894d285e199d54312d8f252b892c6

        SHA512

        4ebb1bba3c70ac5e5951105aeb02ae58e1fcfcf6b6a9714144981dd986780868494d5daba1930d9041818869ed911bb16d1157b4bc777362347ee8624c8bd7d2

        Download Submit

      • C:\Users\Public\Music\MGzpjc\tjc3WQ.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\wmf9_T.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\yslb5Y.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\zpic2W.lnk
        Filesize

        1006B

        MD5

        9fdd38f5b27efae3b6b8464342b4a6ca

        SHA1

        b642ec3b3c4af119a9e5b62e050804fe6b352399

        SHA256

        0f1f99b70f543d72a496b4db35d9e5b28aedee2f17a1334733275ca7c3cdacde

        SHA512

        0cb1316b1dabac1c9a7c96b5bd7d4e709e4deb4345f36158fc8b4959549f2115bfd3ff3152b2304d39089ccd89363208c5cd729568fb8eb68a660ca246abb1af

        Download Submit

      • C:\Users\Public\Music\MGzpjc\zsic5W.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • C:\Users\Public\Music\MGzpjc\zsic5W.url
        Filesize

        67B

        MD5

        b9e84cc6c1a69582c71332c91312f90a

        SHA1

        a6ab54fc5590239eaa994ea49bf31bce6f7580fa

        SHA256

        05d8ac64006bd66fbd154d8cb848725d46dfae768a2e3ba1e1a5dea0b0f1afd4

        SHA512

        81797e4335bddc9d3bfac9510c9ba39b532d92c3e31f7565e04849a4b25d50318bbff0d45d006731f09cb9d94ca5b02a637adb2b351350e1246b46d692fc02a0

        Download Submit

      • memory/1096-1-0x0000000010000000-0x00000000100C1000-memory.dmp

        Filesize

        772KB

        Download

      • memory/1096-10-0x0000000003840000-0x0000000003886000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3512-99-0x0000000002AA0000-0x0000000002AAA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3512-97-0x0000000000400000-0x0000000000CD0000-memory.dmp

        Filesize

        8.8MB

        Download

      • memory/3512-109-0x0000000003860000-0x000000000399B000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3512-112-0x00000000039A0000-0x0000000003B48000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3512-114-0x00000000039A0000-0x0000000003B48000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3512-122-0x00000000039A0000-0x0000000003B48000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3512-133-0x00000000039A0000-0x0000000003B48000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3512-135-0x00000000039A0000-0x0000000003B48000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/3512-137-0x00000000039A0000-0x0000000003B48000-memory.dmp

        Filesize

        1.7MB

        Download