redline | 640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e

Analysis

max time kernel
54s
max time network
72s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
03/04/2023, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe
Size

666KB
MD5

bbd6067310f80ada8716a8f0493d837b
SHA1

9e595d10f96791bb2e13bdd9e82886b5316bb6c3
SHA256

640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e
SHA512

600357b882cc94151ff79a4a89c7d53d31fd46dcbcf999243882fd9f90c94dd685db5cfdedff1264ab38ecd599428a72aa6907d42799d299d6895926e8d9be23
SSDEEP

12288:uMruy90NEKkWxWuVpoJRUwm/w88T9bsLSzx8uwrU9ib/wBfKH5qj4Z:Ey5WpoJRdmIH+3uwrFjwtKH4a

Score

10^/10

redline rosn spora discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

176.113.115.145:4125

Attributes

auth_value
441b39ab37774b2ca9931c31e1bc6071

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro0118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro0118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro0118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro0118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro0118.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 20 IoCs

resource	yara_rule
behavioral1/memory/3160-179-0x00000000023D0000-0x0000000002416000-memory.dmp	family_redline
behavioral1/memory/3160-180-0x00000000027A0000-0x00000000027E4000-memory.dmp	family_redline
behavioral1/memory/3160-182-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-181-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-184-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-186-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-188-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-190-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-192-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-194-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-196-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-198-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-202-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-206-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-208-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-210-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-212-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-216-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-214-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline
behavioral1/memory/3160-218-0x00000000027A0000-0x00000000027DF000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
3372	un289804.exe
4168	pro0118.exe
3160	qu8878.exe
1500	si712938.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro0118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro0118.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un289804.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un289804.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4168	pro0118.exe
4168	pro0118.exe
3160	qu8878.exe
3160	qu8878.exe
1500	si712938.exe
1500	si712938.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4168	pro0118.exe
Token: SeDebugPrivilege	3160	qu8878.exe
Token: SeDebugPrivilege	1500	si712938.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 3372	3240	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe	66
PID 3240 wrote to memory of 3372	3240	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe	66
PID 3240 wrote to memory of 3372	3240	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe	66
PID 3372 wrote to memory of 4168	3372	un289804.exe	67
PID 3372 wrote to memory of 4168	3372	un289804.exe	67
PID 3372 wrote to memory of 4168	3372	un289804.exe	67
PID 3372 wrote to memory of 3160	3372	un289804.exe	68
PID 3372 wrote to memory of 3160	3372	un289804.exe	68
PID 3372 wrote to memory of 3160	3372	un289804.exe	68
PID 3240 wrote to memory of 1500	3240	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe	70
PID 3240 wrote to memory of 1500	3240	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe	70
PID 3240 wrote to memory of 1500	3240	640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe	70

C:\Users\Admin\AppData\Local\Temp\640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe
"C:\Users\Admin\AppData\Local\Temp\640e60ea06134d46cdf36b91a85032d85b28ba9efcb5d6cac4fa9d73d401b60e.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un289804.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un289804.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3372
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro0118.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro0118.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu8878.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu8878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3160
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si712938.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si712938.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si712938.exe

Filesize
176KB

MD5
befe740435f61ccaec446b425890e653

SHA1
3a9edfd54b0bb3d441f102b87492910eec3d93c9

SHA256
9ee453df98faefe44065a873a8e3f11434a8e928c816e9181d65ad6685965240

SHA512
e0c1bf690197806b3802da192d92026f8f486a24f24a133e2c6349cc28f9c7f656373824cc29c4fc051ccef4d6fc89f70801e87b564001c29c4429e7076269a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si712938.exe

Filesize
176KB

MD5
befe740435f61ccaec446b425890e653

SHA1
3a9edfd54b0bb3d441f102b87492910eec3d93c9

SHA256
9ee453df98faefe44065a873a8e3f11434a8e928c816e9181d65ad6685965240

SHA512
e0c1bf690197806b3802da192d92026f8f486a24f24a133e2c6349cc28f9c7f656373824cc29c4fc051ccef4d6fc89f70801e87b564001c29c4429e7076269a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un289804.exe

Filesize
524KB

MD5
19c2c78b22c8b16289e0bc3ea186d850

SHA1
5297857673323e36f521bc65ee4925ea73e65821

SHA256
be3c41b496e157e30cc2e341c85d3891966474a43b865d27045420a8a053c565

SHA512
3f4fe77d53525d7f8007f3665093ebb5d53cffc889a51db9d76c4ae194e6dbae586a29c192c7189aecaa3d20a9e4127c1e574639d306d2ed225f99fb6be9f72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un289804.exe

Filesize
524KB

MD5
19c2c78b22c8b16289e0bc3ea186d850

SHA1
5297857673323e36f521bc65ee4925ea73e65821

SHA256
be3c41b496e157e30cc2e341c85d3891966474a43b865d27045420a8a053c565

SHA512
3f4fe77d53525d7f8007f3665093ebb5d53cffc889a51db9d76c4ae194e6dbae586a29c192c7189aecaa3d20a9e4127c1e574639d306d2ed225f99fb6be9f72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro0118.exe

Filesize
294KB

MD5
44c585dfebb8be08bebca5169c793f30

SHA1
df3341287940528d42f26b3e6e057419de435018

SHA256
276bf002c0ff1d5c54f8f7c7abbbc6747eb2a6981599929b25642d4fa9786b97

SHA512
5df9df97239b41edc66c16483ae4207727ae54bb44ae6660072d48a67057e4c5fd12415152e0a149f64b26809bbd0142bb96e498bb15124017a363d55c1410f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro0118.exe

Filesize
294KB

MD5
44c585dfebb8be08bebca5169c793f30

SHA1
df3341287940528d42f26b3e6e057419de435018

SHA256
276bf002c0ff1d5c54f8f7c7abbbc6747eb2a6981599929b25642d4fa9786b97

SHA512
5df9df97239b41edc66c16483ae4207727ae54bb44ae6660072d48a67057e4c5fd12415152e0a149f64b26809bbd0142bb96e498bb15124017a363d55c1410f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu8878.exe

Filesize
352KB

MD5
d467645b01f420af0a9ebdc4ef816c4b

SHA1
92daf86940aafe4b950cff66cbc24090be9e94a6

SHA256
f28231209755bf93ddd4fc12cb89378631119c5f450fc850670c0fe901d0c9a1

SHA512
8fd559bcdd0d71c3a17e4de737ce0aa8cd1382086a52824f5b09fc75fa9c1a6a6b552dd594f04f90ec7ccbd04750979964e82df262fd35cc96e56bdff92bb7f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu8878.exe

Filesize
352KB

MD5
d467645b01f420af0a9ebdc4ef816c4b

SHA1
92daf86940aafe4b950cff66cbc24090be9e94a6

SHA256
f28231209755bf93ddd4fc12cb89378631119c5f450fc850670c0fe901d0c9a1

SHA512
8fd559bcdd0d71c3a17e4de737ce0aa8cd1382086a52824f5b09fc75fa9c1a6a6b552dd594f04f90ec7ccbd04750979964e82df262fd35cc96e56bdff92bb7f2

Download Submit
memory/1500-1116-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/1500-1115-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/1500-1114-0x0000000005410000-0x000000000545B000-memory.dmp

Filesize
300KB

Download
memory/1500-1113-0x0000000000B90000-0x0000000000BC2000-memory.dmp

Filesize
200KB

Download
memory/3160-1092-0x00000000053A0000-0x00000000054AA000-memory.dmp

Filesize
1.0MB

Download
memory/3160-1096-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-1107-0x0000000006BE0000-0x000000000710C000-memory.dmp

Filesize
5.2MB

Download
memory/3160-1106-0x0000000006A10000-0x0000000006BD2000-memory.dmp

Filesize
1.8MB

Download
memory/3160-1105-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-1104-0x0000000006840000-0x0000000006890000-memory.dmp

Filesize
320KB

Download
memory/3160-1103-0x00000000067B0000-0x0000000006826000-memory.dmp

Filesize
472KB

Download
memory/3160-1102-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-1101-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-1100-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-1098-0x0000000005880000-0x00000000058E6000-memory.dmp

Filesize
408KB

Download
memory/3160-1097-0x00000000057E0000-0x0000000005872000-memory.dmp

Filesize
584KB

Download
memory/3160-1095-0x0000000005650000-0x000000000569B000-memory.dmp

Filesize
300KB

Download
memory/3160-1094-0x0000000005500000-0x000000000553E000-memory.dmp

Filesize
248KB

Download
memory/3160-1093-0x00000000054E0000-0x00000000054F2000-memory.dmp

Filesize
72KB

Download
memory/3160-1091-0x0000000005930000-0x0000000005F36000-memory.dmp

Filesize
6.0MB

Download
memory/3160-218-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-214-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-216-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-212-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-179-0x00000000023D0000-0x0000000002416000-memory.dmp

Filesize
280KB

Download
memory/3160-180-0x00000000027A0000-0x00000000027E4000-memory.dmp

Filesize
272KB

Download
memory/3160-182-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-181-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-184-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-186-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-188-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-190-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-192-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-194-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-196-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-199-0x0000000000AB0000-0x0000000000AFB000-memory.dmp

Filesize
300KB

Download
memory/3160-198-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-201-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-203-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-202-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-205-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/3160-206-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-208-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/3160-210-0x00000000027A0000-0x00000000027DF000-memory.dmp

Filesize
252KB

Download
memory/4168-161-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-138-0x0000000002600000-0x0000000002618000-memory.dmp

Filesize
96KB

Download
memory/4168-174-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/4168-172-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4168-171-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4168-140-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4168-170-0x0000000000400000-0x00000000007FE000-memory.dmp

Filesize
4.0MB

Download
memory/4168-169-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-167-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-145-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-165-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-163-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-143-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-142-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-149-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-155-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-153-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-151-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-157-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-147-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-139-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4168-141-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4168-159-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/4168-137-0x0000000004F20000-0x000000000541E000-memory.dmp

Filesize
5.0MB

Download
memory/4168-136-0x0000000002450000-0x000000000246A000-memory.dmp

Filesize
104KB

Download
memory/4168-135-0x0000000000800000-0x000000000082D000-memory.dmp

Filesize
180KB

Download