redline | b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d

Analysis

max time kernel
56s
max time network
146s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27-03-2023 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe
Size

695KB
MD5

bd61c76837b0bfe214297bfb76f1eef0
SHA1

474688cb7f9daee4b56d4d39d83c0dfb07be84a6
SHA256

b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d
SHA512

889d5316db01cc8cba6ab237f1065163795773a725df27969bcc16c8225627fd90311fd8f73cc479e76cffd2a4c0544a77f8e6b491a79a5cf3a52d923b0bfeab
SSDEEP

12288:5MrPy90by0l9sRb/6qwBPTxDtKMuU4SuPl28XBMvPSbz4uRJluqwtQo:KyOMRWqwB7xxSSel2yBMyX4+xwyo

Score

10^/10

redline from rosn discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro2898.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro2898.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro2898.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro2898.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro2898.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 20 IoCs

resource	yara_rule
behavioral1/memory/2736-177-0x0000000002270000-0x00000000022B6000-memory.dmp	family_redline
behavioral1/memory/2736-178-0x0000000002500000-0x0000000002544000-memory.dmp	family_redline
behavioral1/memory/2736-179-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-182-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-180-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-184-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-186-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-188-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-190-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-192-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-194-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-196-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-198-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-200-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-202-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-204-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-206-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-208-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-210-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline
behavioral1/memory/2736-212-0x0000000002500000-0x000000000253F000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
4116	un603549.exe
4112	pro2898.exe
2736	qu1367.exe
3776	si728008.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro2898.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro2898.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un603549.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un603549.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4112	pro2898.exe
4112	pro2898.exe
2736	qu1367.exe
2736	qu1367.exe
3776	si728008.exe
3776	si728008.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4112	pro2898.exe
Token: SeDebugPrivilege	2736	qu1367.exe
Token: SeDebugPrivilege	3776	si728008.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 352 wrote to memory of 4116	352	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe	66
PID 352 wrote to memory of 4116	352	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe	66
PID 352 wrote to memory of 4116	352	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe	66
PID 4116 wrote to memory of 4112	4116	un603549.exe	67
PID 4116 wrote to memory of 4112	4116	un603549.exe	67
PID 4116 wrote to memory of 4112	4116	un603549.exe	67
PID 4116 wrote to memory of 2736	4116	un603549.exe	68
PID 4116 wrote to memory of 2736	4116	un603549.exe	68
PID 4116 wrote to memory of 2736	4116	un603549.exe	68
PID 352 wrote to memory of 3776	352	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe	70
PID 352 wrote to memory of 3776	352	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe	70
PID 352 wrote to memory of 3776	352	b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe	70

C:\Users\Admin\AppData\Local\Temp\b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe
"C:\Users\Admin\AppData\Local\Temp\b6f75b292cc62728b4eb2c43412464dd1e5fe73464b98a475b2e0d82a0087f3d.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:352
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un603549.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un603549.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2898.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2898.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu1367.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu1367.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2736
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si728008.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si728008.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si728008.exe

Filesize
175KB

MD5
27f7e55278b5c23881c2ca26c915032f

SHA1
a8c986be33b572e7ca8295f96a8eef49a9850227

SHA256
abcea29dd4a9c5122861f6198d36203927285a1799ccedfcfbfacbed69f4d7e2

SHA512
09c44f762eaea044ece4b476b61704b9e298daa267c4d682dfd16461dabdfbbd1e3af16f3d02ce104cfd2679658ca5fc1336b0a2cf3906163db35f70048b5fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si728008.exe

Filesize
175KB

MD5
27f7e55278b5c23881c2ca26c915032f

SHA1
a8c986be33b572e7ca8295f96a8eef49a9850227

SHA256
abcea29dd4a9c5122861f6198d36203927285a1799ccedfcfbfacbed69f4d7e2

SHA512
09c44f762eaea044ece4b476b61704b9e298daa267c4d682dfd16461dabdfbbd1e3af16f3d02ce104cfd2679658ca5fc1336b0a2cf3906163db35f70048b5fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un603549.exe

Filesize
553KB

MD5
37eb6fc0778240596112c87dbccece2d

SHA1
bd4a067e6c91a4e612907eeee0cbe02097365566

SHA256
9e95ff1641cb35d3bf4c96f21ea3c31602dbb7f61522c34aa45f89f7b97c28da

SHA512
0f0dd0a2691651f97be674055e858fa854c8fc051ac14b9f747e1b894c1e65fed1652e6e382076fd4d003d77fe2e38add2e1053ae922d2465761819c25c37c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un603549.exe

Filesize
553KB

MD5
37eb6fc0778240596112c87dbccece2d

SHA1
bd4a067e6c91a4e612907eeee0cbe02097365566

SHA256
9e95ff1641cb35d3bf4c96f21ea3c31602dbb7f61522c34aa45f89f7b97c28da

SHA512
0f0dd0a2691651f97be674055e858fa854c8fc051ac14b9f747e1b894c1e65fed1652e6e382076fd4d003d77fe2e38add2e1053ae922d2465761819c25c37c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2898.exe

Filesize
308KB

MD5
67cdbfb17f341dd149b960bd4ab0ea8d

SHA1
15b02249e4b80e74ab19789c86f0064153576265

SHA256
305331730030431ee755f21ec0dbaaea34aeec9915f3f3d84a545d14fa2881af

SHA512
967681921a84d722308310c0d239df2b8a87dd8fad50e7346897b235ada4b18254ccf09787bbab8af33cf4a25f4ead24f906e179338bbed2d00290608a003222

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2898.exe

Filesize
308KB

MD5
67cdbfb17f341dd149b960bd4ab0ea8d

SHA1
15b02249e4b80e74ab19789c86f0064153576265

SHA256
305331730030431ee755f21ec0dbaaea34aeec9915f3f3d84a545d14fa2881af

SHA512
967681921a84d722308310c0d239df2b8a87dd8fad50e7346897b235ada4b18254ccf09787bbab8af33cf4a25f4ead24f906e179338bbed2d00290608a003222

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu1367.exe

Filesize
366KB

MD5
d2c078d8e637156db24a18892c975f93

SHA1
477bf08b71ddab379307d218be7b12f7b4cdcc10

SHA256
3f13c34c0c787e875ec9aa1188ed54d4d265d888c1edf3f38b57186fa057eded

SHA512
03757e32e238e43740be5680044deeb86ecbd2d4e60974280415d9a288433857a0d5f2e48e712304aa6335007492bac08a9e755ccb5ec402855d6d7a1c959c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu1367.exe

Filesize
366KB

MD5
d2c078d8e637156db24a18892c975f93

SHA1
477bf08b71ddab379307d218be7b12f7b4cdcc10

SHA256
3f13c34c0c787e875ec9aa1188ed54d4d265d888c1edf3f38b57186fa057eded

SHA512
03757e32e238e43740be5680044deeb86ecbd2d4e60974280415d9a288433857a0d5f2e48e712304aa6335007492bac08a9e755ccb5ec402855d6d7a1c959c35

Download Submit
memory/2736-1089-0x0000000005530000-0x0000000005B36000-memory.dmp

Filesize
6.0MB

Download
memory/2736-1092-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-210-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-192-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-208-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-194-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-206-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-204-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-1105-0x0000000006C30000-0x000000000715C000-memory.dmp

Filesize
5.2MB

Download
memory/2736-1104-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-1103-0x0000000006A60000-0x0000000006C22000-memory.dmp

Filesize
1.8MB

Download
memory/2736-1102-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-1101-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-1100-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-1098-0x0000000006640000-0x0000000006690000-memory.dmp

Filesize
320KB

Download
memory/2736-1097-0x00000000065A0000-0x0000000006616000-memory.dmp

Filesize
472KB

Download
memory/2736-1096-0x0000000006500000-0x0000000006592000-memory.dmp

Filesize
584KB

Download
memory/2736-1095-0x0000000005E40000-0x0000000005EA6000-memory.dmp

Filesize
408KB

Download
memory/2736-196-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-1094-0x0000000004E90000-0x0000000004EDB000-memory.dmp

Filesize
300KB

Download
memory/2736-1093-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/2736-212-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-1091-0x00000000028D0000-0x00000000028E2000-memory.dmp

Filesize
72KB

Download
memory/2736-1090-0x0000000005B40000-0x0000000005C4A000-memory.dmp

Filesize
1.0MB

Download
memory/2736-221-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-177-0x0000000002270000-0x00000000022B6000-memory.dmp

Filesize
280KB

Download
memory/2736-178-0x0000000002500000-0x0000000002544000-memory.dmp

Filesize
272KB

Download
memory/2736-179-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-182-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-180-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-184-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-186-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-188-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-190-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-219-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-216-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/2736-215-0x00000000007F0000-0x000000000083B000-memory.dmp

Filesize
300KB

Download
memory/2736-198-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-200-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/2736-202-0x0000000002500000-0x000000000253F000-memory.dmp

Filesize
252KB

Download
memory/3776-1111-0x0000000000930000-0x0000000000962000-memory.dmp

Filesize
200KB

Download
memory/3776-1112-0x0000000005370000-0x00000000053BB000-memory.dmp

Filesize
300KB

Download
memory/3776-1113-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/3776-1114-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/4112-167-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/4112-137-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/4112-142-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-139-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-136-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/4112-134-0x00000000024B0000-0x00000000024C8000-memory.dmp

Filesize
96KB

Download
memory/4112-135-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/4112-172-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/4112-170-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/4112-169-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/4112-168-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/4112-166-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-164-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-162-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-160-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-158-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-156-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-154-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-152-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-150-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-148-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-133-0x0000000004EF0000-0x00000000053EE000-memory.dmp

Filesize
5.0MB

Download
memory/4112-132-0x00000000009B0000-0x00000000009CA000-memory.dmp

Filesize
104KB

Download
memory/4112-146-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-144-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-140-0x00000000024B0000-0x00000000024C2000-memory.dmp

Filesize
72KB

Download
memory/4112-138-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download