redline | 62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3

Analysis

max time kernel
137s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe
Size

695KB
MD5

888093fb536e28aff1207ba2ee3470bd
SHA1

205142f16b857f4eb7c2216881877fed7af7860e
SHA256

62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3
SHA512

673e3ba734fb2f56628ff55429b7b988bdd3e7526200286eeda1e46a4b55212f2124fd8b8eb2d9008ae1be2ad9305ead7cedd434cefd0519247301d60df98591
SSDEEP

12288:iMrHy90jkdiOpFQnN3EHECOyj8XAEgq8uan0pJYenhVvQs6uIcooHNz:tyNdxsEbOdwEgEpSshVvQsDv5

Score

10^/10

redline from rosn discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro9626.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection	pro9626.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro9626.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro9626.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro9626.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro9626.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 18 IoCs

resource	yara_rule
behavioral1/memory/4196-189-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-191-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-188-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-193-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-198-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-201-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-203-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-205-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-207-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-209-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-211-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-213-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-215-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-217-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-219-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-221-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-223-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline
behavioral1/memory/4196-225-0x0000000005280000-0x00000000052BF000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
1364	un239568.exe
880	pro9626.exe
4196	qu3267.exe
4780	si203009.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro9626.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro9626.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un239568.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un239568.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
916	sc.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3536	880	WerFault.exe	84
1516	4196	WerFault.exe	90

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
880	pro9626.exe
880	pro9626.exe
4196	qu3267.exe
4196	qu3267.exe
4780	si203009.exe
4780	si203009.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	880	pro9626.exe
Token: SeDebugPrivilege	4196	qu3267.exe
Token: SeDebugPrivilege	4780	si203009.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 1364	1880	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe	83
PID 1880 wrote to memory of 1364	1880	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe	83
PID 1880 wrote to memory of 1364	1880	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe	83
PID 1364 wrote to memory of 880	1364	un239568.exe	84
PID 1364 wrote to memory of 880	1364	un239568.exe	84
PID 1364 wrote to memory of 880	1364	un239568.exe	84
PID 1364 wrote to memory of 4196	1364	un239568.exe	90
PID 1364 wrote to memory of 4196	1364	un239568.exe	90
PID 1364 wrote to memory of 4196	1364	un239568.exe	90
PID 1880 wrote to memory of 4780	1880	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe	94
PID 1880 wrote to memory of 4780	1880	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe	94
PID 1880 wrote to memory of 4780	1880	62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe	94

C:\Users\Admin\AppData\Local\Temp\62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe
"C:\Users\Admin\AppData\Local\Temp\62907b6b027da98ef1e736777d44363752286ebbb14dc096d8641fc41e7fb9f3.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un239568.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un239568.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro9626.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro9626.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:880
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 1088
      4⤵
      Program crash
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu3267.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu3267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 2032
      4⤵
      Program crash
      PID:1516
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si203009.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si203009.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 880 -ip 880
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4196 -ip 4196
1⤵
PID:2324

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start wuauserv
1⤵
- Launches sc.exe
PID:916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si203009.exe

Filesize
175KB

MD5
52bb135e55195d707447355d5397c184

SHA1
286180e1273db79e261409e03d882a5685b9ecf6

SHA256
2467e99e3db729f6300faea4e8aed042b1a4df76ec91d7198135d6d05e7c9440

SHA512
bc9bba2aee2ee693387f22fd28fe7b974d8f62a9507b6c3b2efd6d31445b0103a0c6e168f84c28d1d6ccefecc027e944e62bc77da335fa334a780ce911b0c2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si203009.exe

Filesize
175KB

MD5
52bb135e55195d707447355d5397c184

SHA1
286180e1273db79e261409e03d882a5685b9ecf6

SHA256
2467e99e3db729f6300faea4e8aed042b1a4df76ec91d7198135d6d05e7c9440

SHA512
bc9bba2aee2ee693387f22fd28fe7b974d8f62a9507b6c3b2efd6d31445b0103a0c6e168f84c28d1d6ccefecc027e944e62bc77da335fa334a780ce911b0c2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un239568.exe

Filesize
553KB

MD5
4a3dbb23a5ee90cab4126a5e297d01d6

SHA1
b5dadfe28e8d64bce8d3957e7fee6aefc5ac1281

SHA256
8a8602bb32a6eb30a55fdd3328da6f4dbd5d7ee6ce185c4e89825ab9d709d7eb

SHA512
e64001794f9b3f1cd58d209893fff07583021024961f57051f3f651f58113793c164064a41c19a119d5ead676f5bcffa713dfbfa59537706ee7091b65c42aaf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un239568.exe

Filesize
553KB

MD5
4a3dbb23a5ee90cab4126a5e297d01d6

SHA1
b5dadfe28e8d64bce8d3957e7fee6aefc5ac1281

SHA256
8a8602bb32a6eb30a55fdd3328da6f4dbd5d7ee6ce185c4e89825ab9d709d7eb

SHA512
e64001794f9b3f1cd58d209893fff07583021024961f57051f3f651f58113793c164064a41c19a119d5ead676f5bcffa713dfbfa59537706ee7091b65c42aaf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro9626.exe

Filesize
308KB

MD5
503d6d70bc4370a2ef5f35510df4d8c9

SHA1
eefea653ccb9d74ae5cfd5c7b72cf60ca26cb4cb

SHA256
727ba918f732b362ae9f7309d7cd83614d85e91eb5da4b2adc7f5e9e2e746887

SHA512
ffeeeb164bfb0087d99afeadacedaec51684d7d7658509e0b92112cc17af19e533ed500de5114812abce2ab47a998486234ce7d13142798c2068a7fff9db58b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro9626.exe

Filesize
308KB

MD5
503d6d70bc4370a2ef5f35510df4d8c9

SHA1
eefea653ccb9d74ae5cfd5c7b72cf60ca26cb4cb

SHA256
727ba918f732b362ae9f7309d7cd83614d85e91eb5da4b2adc7f5e9e2e746887

SHA512
ffeeeb164bfb0087d99afeadacedaec51684d7d7658509e0b92112cc17af19e533ed500de5114812abce2ab47a998486234ce7d13142798c2068a7fff9db58b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu3267.exe

Filesize
366KB

MD5
77ffedf53bfe0d09f10e9ff3968d2cb5

SHA1
03b5ea2192307f138b324962efa490e687cd3527

SHA256
e03de05bf08dcc44e8c71df1b8d38f3fca807d32c326c684cad434d0cd57bc72

SHA512
5dcc47ebb214b8927acab2377e24286c98c1cfc4e1ccb985cb15f42d7efd3618d73882e6af4888c1cb4d6081ebc9bb656980bd27a35caa21ff9ac62f4448146a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu3267.exe

Filesize
366KB

MD5
77ffedf53bfe0d09f10e9ff3968d2cb5

SHA1
03b5ea2192307f138b324962efa490e687cd3527

SHA256
e03de05bf08dcc44e8c71df1b8d38f3fca807d32c326c684cad434d0cd57bc72

SHA512
5dcc47ebb214b8927acab2377e24286c98c1cfc4e1ccb985cb15f42d7efd3618d73882e6af4888c1cb4d6081ebc9bb656980bd27a35caa21ff9ac62f4448146a

Download Submit
memory/880-148-0x0000000004C40000-0x00000000051E4000-memory.dmp

Filesize
5.6MB

Download
memory/880-149-0x00000000007E0000-0x000000000080D000-memory.dmp

Filesize
180KB

Download
memory/880-150-0x0000000002340000-0x0000000002350000-memory.dmp

Filesize
64KB

Download
memory/880-151-0x0000000002340000-0x0000000002350000-memory.dmp

Filesize
64KB

Download
memory/880-152-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-153-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-155-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-157-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-159-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-161-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-163-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-165-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-167-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-169-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-171-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-173-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-175-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-177-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-179-0x0000000005230000-0x0000000005242000-memory.dmp

Filesize
72KB

Download
memory/880-180-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/880-181-0x0000000002340000-0x0000000002350000-memory.dmp

Filesize
64KB

Download
memory/880-183-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/4196-189-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-191-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-188-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-194-0x00000000009A0000-0x00000000009EB000-memory.dmp

Filesize
300KB

Download
memory/4196-193-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-197-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-199-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-198-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-196-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-201-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-203-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-205-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-207-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-209-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-211-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-213-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-215-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-217-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-219-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-221-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-223-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-225-0x0000000005280000-0x00000000052BF000-memory.dmp

Filesize
252KB

Download
memory/4196-1098-0x0000000005460000-0x0000000005A78000-memory.dmp

Filesize
6.1MB

Download
memory/4196-1099-0x0000000005B00000-0x0000000005C0A000-memory.dmp

Filesize
1.0MB

Download
memory/4196-1100-0x0000000005C40000-0x0000000005C52000-memory.dmp

Filesize
72KB

Download
memory/4196-1101-0x0000000005C60000-0x0000000005C9C000-memory.dmp

Filesize
240KB

Download
memory/4196-1102-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-1103-0x0000000005F50000-0x0000000005FB6000-memory.dmp

Filesize
408KB

Download
memory/4196-1104-0x0000000006740000-0x00000000067D2000-memory.dmp

Filesize
584KB

Download
memory/4196-1106-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-1107-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-1108-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-1109-0x0000000007570000-0x0000000007732000-memory.dmp

Filesize
1.8MB

Download
memory/4196-1110-0x0000000007760000-0x0000000007C8C000-memory.dmp

Filesize
5.2MB

Download
memory/4196-1111-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/4196-1112-0x0000000006B20000-0x0000000006B96000-memory.dmp

Filesize
472KB

Download
memory/4196-1113-0x0000000006BA0000-0x0000000006BF0000-memory.dmp

Filesize
320KB

Download
memory/4780-1119-0x00000000002C0000-0x00000000002F2000-memory.dmp

Filesize
200KB

Download
memory/4780-1120-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download