redline | 0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119

Analysis

max time kernel
50s
max time network
58s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01/04/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe
Size

530KB
MD5

f3650ff883fb71e9f8941f7d938691b9
SHA1

f67dcfa8a53e57cec16acb1675bd45637503dfbe
SHA256

0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119
SHA512

a248c1b3cfc4ea31da1baa3ff62ddff91e0ddd10f72ec20debbc76af9dac7e8881843cf3f20068e033dcb33600619113940e0b5d2c465c6352391077b07757e5
SSDEEP

12288:kMrcy90ncyT9jNgFadvAUJUXwZE8excy12OA3luSd8Cz:Ayfy9pgIxnJUXwZE80Hi8oN

Score

10^/10

redline rosn spora discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

176.113.115.145:4125

Attributes

auth_value
441b39ab37774b2ca9931c31e1bc6071

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	jr388446.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	jr388446.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	jr388446.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	jr388446.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	jr388446.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 34 IoCs

resource	yara_rule
behavioral1/memory/5036-141-0x0000000004A80000-0x0000000004AC6000-memory.dmp	family_redline
behavioral1/memory/5036-143-0x0000000007660000-0x00000000076A4000-memory.dmp	family_redline
behavioral1/memory/5036-144-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-145-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-147-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-149-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-153-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-155-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-157-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-159-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-161-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-163-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-165-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-167-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-169-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-171-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-175-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-173-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-177-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-181-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-185-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-183-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-179-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-187-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-191-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-189-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-193-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-195-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-199-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-201-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-207-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-205-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-203-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline
behavioral1/memory/5036-197-0x0000000007660000-0x000000000769F000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
3584	ziLh3923.exe
4136	jr388446.exe
5036	ku447253.exe
2768	lr562481.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	jr388446.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	ziLh3923.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	ziLh3923.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4136	jr388446.exe
4136	jr388446.exe
5036	ku447253.exe
5036	ku447253.exe
2768	lr562481.exe
2768	lr562481.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4136	jr388446.exe
Token: SeDebugPrivilege	5036	ku447253.exe
Token: SeDebugPrivilege	2768	lr562481.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 3584	3192	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe	66
PID 3192 wrote to memory of 3584	3192	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe	66
PID 3192 wrote to memory of 3584	3192	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe	66
PID 3584 wrote to memory of 4136	3584	ziLh3923.exe	67
PID 3584 wrote to memory of 4136	3584	ziLh3923.exe	67
PID 3584 wrote to memory of 5036	3584	ziLh3923.exe	68
PID 3584 wrote to memory of 5036	3584	ziLh3923.exe	68
PID 3584 wrote to memory of 5036	3584	ziLh3923.exe	68
PID 3192 wrote to memory of 2768	3192	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe	70
PID 3192 wrote to memory of 2768	3192	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe	70
PID 3192 wrote to memory of 2768	3192	0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe	70

C:\Users\Admin\AppData\Local\Temp\0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe
"C:\Users\Admin\AppData\Local\Temp\0fa5c5e82e4555d9aa8b497b1798ddd504f877afceaaed6fad0236d0c266c119.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziLh3923.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziLh3923.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3584
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr388446.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr388446.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4136
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku447253.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku447253.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5036
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr562481.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr562481.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr562481.exe

Filesize
175KB

MD5
14b2b8adbc052eb564208aab5cb245be

SHA1
af57047c8a190c6464945d68ee8316ecf778e258

SHA256
02cda8a7fd6a92b0414e99b58ca4e57fc3ff7ba690a8fc057d6bc08e1d8a0e12

SHA512
86aa07db1e7453a5b29fc66350ab3b212d2b46283380a59ae80cb732ebdd64e9d7c9854cd3ad99cb4a95ce8944ba6533bf66096547f445fe67f043b83a1545bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr562481.exe

Filesize
175KB

MD5
14b2b8adbc052eb564208aab5cb245be

SHA1
af57047c8a190c6464945d68ee8316ecf778e258

SHA256
02cda8a7fd6a92b0414e99b58ca4e57fc3ff7ba690a8fc057d6bc08e1d8a0e12

SHA512
86aa07db1e7453a5b29fc66350ab3b212d2b46283380a59ae80cb732ebdd64e9d7c9854cd3ad99cb4a95ce8944ba6533bf66096547f445fe67f043b83a1545bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziLh3923.exe

Filesize
388KB

MD5
d185f1417ebb45d990d66546439031e5

SHA1
6078ff9188d8203bafff5ff4a6ac4a909871e0b8

SHA256
96c9004adc7a1f7c45d5ac7327578c22ccb6a7825b5b002d0bc37b4d4f534d20

SHA512
36d7b8e686cbbe5cb8a4ef27ce556d174f862e5e8f1c3fd7748bcc69e81572ea49419c2d7a2dd1d71605ee60eb7fa7d51bc8b82fe2477e2d7fe2ff8581149f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziLh3923.exe

Filesize
388KB

MD5
d185f1417ebb45d990d66546439031e5

SHA1
6078ff9188d8203bafff5ff4a6ac4a909871e0b8

SHA256
96c9004adc7a1f7c45d5ac7327578c22ccb6a7825b5b002d0bc37b4d4f534d20

SHA512
36d7b8e686cbbe5cb8a4ef27ce556d174f862e5e8f1c3fd7748bcc69e81572ea49419c2d7a2dd1d71605ee60eb7fa7d51bc8b82fe2477e2d7fe2ff8581149f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr388446.exe

Filesize
11KB

MD5
b01c973d25fb6f06a62fbe4989e2dfe9

SHA1
eb73051d6a04748343539bd3811315df479e834e

SHA256
bbe6cc4d34e1d829f1858ed8f247b915c979b51adf891b306c7530d752898e6b

SHA512
4060be8dc1e9e890fcf7fa99a4a2a3aeee76b65e06acd29313dfb5e3659dd3ae05dd685403d333ba196b12379b8618f5cd5f57b3d4e73edaa54baa6a297f22cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr388446.exe

Filesize
11KB

MD5
b01c973d25fb6f06a62fbe4989e2dfe9

SHA1
eb73051d6a04748343539bd3811315df479e834e

SHA256
bbe6cc4d34e1d829f1858ed8f247b915c979b51adf891b306c7530d752898e6b

SHA512
4060be8dc1e9e890fcf7fa99a4a2a3aeee76b65e06acd29313dfb5e3659dd3ae05dd685403d333ba196b12379b8618f5cd5f57b3d4e73edaa54baa6a297f22cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku447253.exe

Filesize
354KB

MD5
40426c5223f772ce366283e5910ad243

SHA1
9b22b2dd973254e0ac69e91b30cf7707f0f129d3

SHA256
1c0a4c682a22ea875213b9484e1b0f0b65a54557b7db07f017b925d2320d2618

SHA512
71642bda15691dba72f733e3b794fda7084972b091c847c8f686371233aca3dd430f00539808debf8f00b08cd0e8d6d889266886ea120708c7f46fcb6e75abab

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku447253.exe

Filesize
354KB

MD5
40426c5223f772ce366283e5910ad243

SHA1
9b22b2dd973254e0ac69e91b30cf7707f0f129d3

SHA256
1c0a4c682a22ea875213b9484e1b0f0b65a54557b7db07f017b925d2320d2618

SHA512
71642bda15691dba72f733e3b794fda7084972b091c847c8f686371233aca3dd430f00539808debf8f00b08cd0e8d6d889266886ea120708c7f46fcb6e75abab

Download Submit
memory/2768-1073-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download
memory/2768-1075-0x00000000059B0000-0x00000000059FB000-memory.dmp

Filesize
300KB

Download
memory/2768-1074-0x0000000005B40000-0x0000000005B50000-memory.dmp

Filesize
64KB

Download
memory/4136-132-0x0000000000A80000-0x0000000000A8A000-memory.dmp

Filesize
40KB

Download
memory/4136-133-0x0000000001080000-0x0000000001109000-memory.dmp

Filesize
548KB

Download
memory/4136-135-0x0000000001080000-0x0000000001109000-memory.dmp

Filesize
548KB

Download
memory/5036-175-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-187-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-144-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-145-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-147-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-149-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-152-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/5036-153-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-151-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/5036-155-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-157-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-159-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-161-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-163-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-165-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-167-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-169-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-171-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-142-0x0000000007120000-0x000000000761E000-memory.dmp

Filesize
5.0MB

Download
memory/5036-173-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-177-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-181-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-185-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-183-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-179-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-143-0x0000000007660000-0x00000000076A4000-memory.dmp

Filesize
272KB

Download
memory/5036-191-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-189-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-193-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-195-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-199-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-201-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-207-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-205-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-203-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-197-0x0000000007660000-0x000000000769F000-memory.dmp

Filesize
252KB

Download
memory/5036-1052-0x00000000076A0000-0x0000000007CA6000-memory.dmp

Filesize
6.0MB

Download
memory/5036-1053-0x0000000007D30000-0x0000000007E3A000-memory.dmp

Filesize
1.0MB

Download
memory/5036-1054-0x0000000007E70000-0x0000000007E82000-memory.dmp

Filesize
72KB

Download
memory/5036-1055-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/5036-1056-0x0000000007E90000-0x0000000007ECE000-memory.dmp

Filesize
248KB

Download
memory/5036-1057-0x0000000007FE0000-0x000000000802B000-memory.dmp

Filesize
300KB

Download
memory/5036-1059-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/5036-1060-0x0000000008170000-0x00000000081D6000-memory.dmp

Filesize
408KB

Download
memory/5036-1061-0x0000000008840000-0x00000000088D2000-memory.dmp

Filesize
584KB

Download
memory/5036-1062-0x0000000008930000-0x0000000008AF2000-memory.dmp

Filesize
1.8MB

Download
memory/5036-1063-0x0000000008B00000-0x000000000902C000-memory.dmp

Filesize
5.2MB

Download
memory/5036-141-0x0000000004A80000-0x0000000004AC6000-memory.dmp

Filesize
280KB

Download
memory/5036-140-0x0000000002C60000-0x0000000002CAB000-memory.dmp

Filesize
300KB

Download
memory/5036-1064-0x0000000009140000-0x00000000091B6000-memory.dmp

Filesize
472KB

Download
memory/5036-1065-0x00000000091D0000-0x0000000009220000-memory.dmp

Filesize
320KB

Download
memory/5036-1066-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download