redline | fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23

Analysis

max time kernel
50s
max time network
80s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27-03-2023 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe
Size

700KB
MD5

84e46a9e66351df9b074939253181e94
SHA1

edd2c7de01d448f37995ccbcae30c5b63209f0f0
SHA256

fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23
SHA512

83387c35316a39c98adc6dc106da89b9b71070518bdeee21760420615e91c5c3c59f7a90f393c06fc15bb06466d5980213f9e4e653be3ac5328026ef8f57b391
SSDEEP

12288:hMr5y90LwjjMcUA7qXcK4ufxw4FPkpTNG+it1m0pI2BRvXbW4/EZ3p:cysIUmYRO4FPETNGBt/I2lMp

Score

10^/10

redline nice sony discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

sony

193.233.20.33:4125

Attributes

auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

nice

193.233.20.33:4125

Attributes

auth_value
a7371b75699e8bc7c51fb960e8ac9e81

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro2083.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro2083.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro2083.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro2083.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro2083.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 20 IoCs

resource	yara_rule
behavioral1/memory/2068-181-0x00000000027C0000-0x0000000002806000-memory.dmp	family_redline
behavioral1/memory/2068-182-0x0000000002840000-0x0000000002884000-memory.dmp	family_redline
behavioral1/memory/2068-184-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-183-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-188-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-190-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-192-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-196-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-198-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-194-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-186-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-200-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-204-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-206-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-202-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-208-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-211-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-215-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-218-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline
behavioral1/memory/2068-220-0x0000000002840000-0x000000000287E000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
2296	un027866.exe
2604	pro2083.exe
2068	qu5363.exe
3640	si037293.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro2083.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro2083.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un027866.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un027866.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2604	pro2083.exe
2604	pro2083.exe
2068	qu5363.exe
2068	qu5363.exe
3640	si037293.exe
3640	si037293.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2604	pro2083.exe
Token: SeDebugPrivilege	2068	qu5363.exe
Token: SeDebugPrivilege	3640	si037293.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2296	2076	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe	66
PID 2076 wrote to memory of 2296	2076	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe	66
PID 2076 wrote to memory of 2296	2076	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe	66
PID 2296 wrote to memory of 2604	2296	un027866.exe	67
PID 2296 wrote to memory of 2604	2296	un027866.exe	67
PID 2296 wrote to memory of 2604	2296	un027866.exe	67
PID 2296 wrote to memory of 2068	2296	un027866.exe	68
PID 2296 wrote to memory of 2068	2296	un027866.exe	68
PID 2296 wrote to memory of 2068	2296	un027866.exe	68
PID 2076 wrote to memory of 3640	2076	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe	70
PID 2076 wrote to memory of 3640	2076	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe	70
PID 2076 wrote to memory of 3640	2076	fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe	70

C:\Users\Admin\AppData\Local\Temp\fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe
"C:\Users\Admin\AppData\Local\Temp\fcf96f37337f9956c431c8c0eb56462067901858f5f0e1b4a7e99a3a1fa88b23.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un027866.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un027866.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2083.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2083.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu5363.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu5363.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2068
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si037293.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si037293.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si037293.exe

Filesize
175KB

MD5
8fce7f7247b6db8d2ff387282ecc0903

SHA1
d26510d13e4fbc15e6a7ac76e612b9aaddaa563f

SHA256
4c859edf6e4c72a2783126aeeb08225e5cf8cb5910159dc7c1496c732d52e988

SHA512
1ff6fcc16ea9e6411611dff146fad965cb3417aef9e3c2aefdd649beb16bf2faea96572c60b62a4de5caafcf20e711750ac9c86a576430066c65d40822f3a453

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si037293.exe

Filesize
175KB

MD5
8fce7f7247b6db8d2ff387282ecc0903

SHA1
d26510d13e4fbc15e6a7ac76e612b9aaddaa563f

SHA256
4c859edf6e4c72a2783126aeeb08225e5cf8cb5910159dc7c1496c732d52e988

SHA512
1ff6fcc16ea9e6411611dff146fad965cb3417aef9e3c2aefdd649beb16bf2faea96572c60b62a4de5caafcf20e711750ac9c86a576430066c65d40822f3a453

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un027866.exe

Filesize
558KB

MD5
8fe6b20cb0b3cc8d055b1081b1c804b4

SHA1
5af32108e9fb7ba631336ade1be64d32440b9593

SHA256
d95d238ceb5f56eee82f6bef75ccfef19489807350baee0f19b49da5253d9e0c

SHA512
4edad37c4f9653fa28a97f5a700c06e19d6b00c8297f411cbb03c0dd36cd70ed814ae50606b168865f3e05827aef59f27923e2744eca4edae2ac7957f788aba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un027866.exe

Filesize
558KB

MD5
8fe6b20cb0b3cc8d055b1081b1c804b4

SHA1
5af32108e9fb7ba631336ade1be64d32440b9593

SHA256
d95d238ceb5f56eee82f6bef75ccfef19489807350baee0f19b49da5253d9e0c

SHA512
4edad37c4f9653fa28a97f5a700c06e19d6b00c8297f411cbb03c0dd36cd70ed814ae50606b168865f3e05827aef59f27923e2744eca4edae2ac7957f788aba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2083.exe

Filesize
308KB

MD5
3fc676548c3361a7efe096dc670d2ca4

SHA1
ed7626310740fc3bc517e89aef3c64de8c3993f2

SHA256
b5ede589955931c68a1454f5a3815e1c3e57de0f5a1c406303a6d97c4cd5c669

SHA512
0f621f2403a2f682c335d6d5d16e4a22ad5cd36aa043e962f31f8f32554ae0ee14789733a17f206b9b4d39ac0ed1e6b3aad4d5ab009d53684d6663a6ed47bb70

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2083.exe

Filesize
308KB

MD5
3fc676548c3361a7efe096dc670d2ca4

SHA1
ed7626310740fc3bc517e89aef3c64de8c3993f2

SHA256
b5ede589955931c68a1454f5a3815e1c3e57de0f5a1c406303a6d97c4cd5c669

SHA512
0f621f2403a2f682c335d6d5d16e4a22ad5cd36aa043e962f31f8f32554ae0ee14789733a17f206b9b4d39ac0ed1e6b3aad4d5ab009d53684d6663a6ed47bb70

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu5363.exe

Filesize
366KB

MD5
bf2393dfa83eb6c4d6b4ec7ae82f24bc

SHA1
041c46a5b2fabaff29b033a4f86cc5489693e032

SHA256
8c89ad3d3cc8f9d8fa133797144c0e5a0cf12c4f4364c1c3730aa4071dd93f04

SHA512
c49f496e9fd1e3dd59d0aefec98e6f60affdea54321b54f30133aebad82cd6a567ac3f256b0c6b1338bef8af27dac89de059bf2e243a9cb709f8a0788ca62efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu5363.exe

Filesize
366KB

MD5
bf2393dfa83eb6c4d6b4ec7ae82f24bc

SHA1
041c46a5b2fabaff29b033a4f86cc5489693e032

SHA256
8c89ad3d3cc8f9d8fa133797144c0e5a0cf12c4f4364c1c3730aa4071dd93f04

SHA512
c49f496e9fd1e3dd59d0aefec98e6f60affdea54321b54f30133aebad82cd6a567ac3f256b0c6b1338bef8af27dac89de059bf2e243a9cb709f8a0788ca62efc

Download Submit
memory/2068-1093-0x0000000005380000-0x0000000005986000-memory.dmp

Filesize
6.0MB

Download
memory/2068-214-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-1109-0x00000000070E0000-0x0000000007130000-memory.dmp

Filesize
320KB

Download
memory/2068-1108-0x0000000007060000-0x00000000070D6000-memory.dmp

Filesize
472KB

Download
memory/2068-1107-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-186-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-1104-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-1105-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-1106-0x0000000006680000-0x0000000006BAC000-memory.dmp

Filesize
5.2MB

Download
memory/2068-1103-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-200-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-1102-0x00000000064A0000-0x0000000006662000-memory.dmp

Filesize
1.8MB

Download
memory/2068-1101-0x00000000063C0000-0x0000000006452000-memory.dmp

Filesize
584KB

Download
memory/2068-1100-0x0000000005D00000-0x0000000005D66000-memory.dmp

Filesize
408KB

Download
memory/2068-1098-0x0000000005BA0000-0x0000000005BEB000-memory.dmp

Filesize
300KB

Download
memory/2068-1097-0x0000000004DF0000-0x0000000004E2E000-memory.dmp

Filesize
248KB

Download
memory/2068-1096-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-1095-0x0000000004DD0000-0x0000000004DE2000-memory.dmp

Filesize
72KB

Download
memory/2068-1094-0x0000000005990000-0x0000000005A9A000-memory.dmp

Filesize
1.0MB

Download
memory/2068-208-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-220-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-217-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-218-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-215-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-209-0x0000000000840000-0x000000000088B000-memory.dmp

Filesize
300KB

Download
memory/2068-181-0x00000000027C0000-0x0000000002806000-memory.dmp

Filesize
280KB

Download
memory/2068-182-0x0000000002840000-0x0000000002884000-memory.dmp

Filesize
272KB

Download
memory/2068-184-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-183-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-194-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-190-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-192-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-196-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-198-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-188-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-212-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2068-211-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-204-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-206-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2068-202-0x0000000002840000-0x000000000287E000-memory.dmp

Filesize
248KB

Download
memory/2604-171-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/2604-156-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-146-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-139-0x0000000000710000-0x000000000073D000-memory.dmp

Filesize
180KB

Download
memory/2604-140-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2604-176-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/2604-174-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2604-173-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2604-172-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2604-138-0x0000000005140000-0x0000000005158000-memory.dmp

Filesize
96KB

Download
memory/2604-141-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2604-170-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-168-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-166-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-164-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-162-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-160-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-158-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-154-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-152-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-150-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-148-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-144-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-143-0x0000000005140000-0x0000000005152000-memory.dmp

Filesize
72KB

Download
memory/2604-142-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/2604-137-0x0000000004C00000-0x00000000050FE000-memory.dmp

Filesize
5.0MB

Download
memory/2604-136-0x00000000024C0000-0x00000000024DA000-memory.dmp

Filesize
104KB

Download
memory/3640-1115-0x0000000000D80000-0x0000000000DB2000-memory.dmp

Filesize
200KB

Download
memory/3640-1116-0x00000000057C0000-0x000000000580B000-memory.dmp

Filesize
300KB

Download
memory/3640-1117-0x0000000005940000-0x0000000005950000-memory.dmp

Filesize
64KB

Download