redline | 62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6

Analysis

max time kernel
54s
max time network
70s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27-03-2023 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe
Size

700KB
MD5

5152d0d019561b65b01749eb4276ce84
SHA1

d95293451b7fd2008b5113bb70f55ca13cc96685
SHA256

62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6
SHA512

e2e479766b727e9e3eb42f2554a4ae9cc402a35f9644a656a0ac0512d26d69b9821c9b8cba9691956a1e0a29fd32f8d00f92da8e332e513d9718d623859ec216
SSDEEP

12288:KMrfy90UWjTQnt1z9D/GcAo4NkN+qOgolhe36ndRt:1yzAymo4VqWP/nPt

Score

10^/10

redline from rosn discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro2279.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro2279.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro2279.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro2279.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro2279.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 20 IoCs

resource	yara_rule
behavioral1/memory/1328-180-0x0000000002290000-0x00000000022D6000-memory.dmp	family_redline
behavioral1/memory/1328-181-0x0000000002840000-0x0000000002884000-memory.dmp	family_redline
behavioral1/memory/1328-182-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-183-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-185-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-187-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-189-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-191-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-193-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-195-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-199-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-197-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-201-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-205-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-203-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-207-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-209-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-211-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-214-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline
behavioral1/memory/1328-217-0x0000000002840000-0x000000000287F000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
4448	un400451.exe
4900	pro2279.exe
1328	qu9633.exe
3588	si204294.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro2279.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro2279.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un400451.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un400451.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4900	pro2279.exe
4900	pro2279.exe
1328	qu9633.exe
1328	qu9633.exe
3588	si204294.exe
3588	si204294.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	pro2279.exe
Token: SeDebugPrivilege	1328	qu9633.exe
Token: SeDebugPrivilege	3588	si204294.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 4448	3532	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe	66
PID 3532 wrote to memory of 4448	3532	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe	66
PID 3532 wrote to memory of 4448	3532	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe	66
PID 4448 wrote to memory of 4900	4448	un400451.exe	67
PID 4448 wrote to memory of 4900	4448	un400451.exe	67
PID 4448 wrote to memory of 4900	4448	un400451.exe	67
PID 4448 wrote to memory of 1328	4448	un400451.exe	68
PID 4448 wrote to memory of 1328	4448	un400451.exe	68
PID 4448 wrote to memory of 1328	4448	un400451.exe	68
PID 3532 wrote to memory of 3588	3532	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe	70
PID 3532 wrote to memory of 3588	3532	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe	70
PID 3532 wrote to memory of 3588	3532	62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe	70

C:\Users\Admin\AppData\Local\Temp\62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe
"C:\Users\Admin\AppData\Local\Temp\62ac5ae23210e52e5d25b84b20c156b4b8ec77a0af0b42f76ee32078a27611a6.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un400451.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un400451.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2279.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2279.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4900
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu9633.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu9633.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1328
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si204294.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si204294.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si204294.exe

Filesize
175KB

MD5
5d21cdf471b65f93b8d323e682a63e7d

SHA1
457a95043ddc4088eea5f734e3a344880566e34f

SHA256
e8e615073e5430b2dafff6b0e5844626a426d2837968c8aaa2a4ee306a640eb3

SHA512
801770d9d9f443c6d7c76fd8fabd21c545d097cb706f112fa18140ade75342d1c23fe80f2b83589d371c223040e5dfc8863b319bb3537d085c2cae0ab27b4cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si204294.exe

Filesize
175KB

MD5
5d21cdf471b65f93b8d323e682a63e7d

SHA1
457a95043ddc4088eea5f734e3a344880566e34f

SHA256
e8e615073e5430b2dafff6b0e5844626a426d2837968c8aaa2a4ee306a640eb3

SHA512
801770d9d9f443c6d7c76fd8fabd21c545d097cb706f112fa18140ade75342d1c23fe80f2b83589d371c223040e5dfc8863b319bb3537d085c2cae0ab27b4cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un400451.exe

Filesize
558KB

MD5
9f4e12818bb5b8767492cab182d1eaac

SHA1
88a24b4a3e114feac4629487fae280f3eeb439e1

SHA256
5b49080da43ad03d4cae2e2d44595923d955de2ceea4220056e2f19ad7ca55c8

SHA512
0a75a980e462fbd22d42c9eda3aadc52d75f79b37b2a502d02e189db07d6242a207fa6a78bf85500e4b6fa9c104806cacd36295a27813a703cccb7528ce8110e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un400451.exe

Filesize
558KB

MD5
9f4e12818bb5b8767492cab182d1eaac

SHA1
88a24b4a3e114feac4629487fae280f3eeb439e1

SHA256
5b49080da43ad03d4cae2e2d44595923d955de2ceea4220056e2f19ad7ca55c8

SHA512
0a75a980e462fbd22d42c9eda3aadc52d75f79b37b2a502d02e189db07d6242a207fa6a78bf85500e4b6fa9c104806cacd36295a27813a703cccb7528ce8110e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2279.exe

Filesize
307KB

MD5
3d2219686042a8b38afe8493a6b9ab07

SHA1
2c49cd4f0f8d0636ffff783b78d5e433a24b5595

SHA256
71365ff34072934beab80a95220b25486800639a50f9301638736f14da062bc0

SHA512
624f1855441d9d7b631ed57ddd10652537ba497b3c573bfe96d84690536a41b83884ef258e5688ba6390037d7f322ecc2771374020e9d3f9e5e5ebf55759d7d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro2279.exe

Filesize
307KB

MD5
3d2219686042a8b38afe8493a6b9ab07

SHA1
2c49cd4f0f8d0636ffff783b78d5e433a24b5595

SHA256
71365ff34072934beab80a95220b25486800639a50f9301638736f14da062bc0

SHA512
624f1855441d9d7b631ed57ddd10652537ba497b3c573bfe96d84690536a41b83884ef258e5688ba6390037d7f322ecc2771374020e9d3f9e5e5ebf55759d7d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu9633.exe

Filesize
365KB

MD5
3808713edcf8cd6bc3edc66d5c1eb8cd

SHA1
627c710153b30878c647143e4f88e82eca07d105

SHA256
8e9c0ce18087bb9e8bf6a94cc52b91b25fdd605e98926511d885fa99e45ebc54

SHA512
bb809414d11cfe8011e6970db23db2ccde4c76a0bba1a54b4852ac1cc659ef830d6e9cc4f585ba5811549b5ba7a9d064e9cb5a8712f1afab6edcbb2334248a8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu9633.exe

Filesize
365KB

MD5
3808713edcf8cd6bc3edc66d5c1eb8cd

SHA1
627c710153b30878c647143e4f88e82eca07d105

SHA256
8e9c0ce18087bb9e8bf6a94cc52b91b25fdd605e98926511d885fa99e45ebc54

SHA512
bb809414d11cfe8011e6970db23db2ccde4c76a0bba1a54b4852ac1cc659ef830d6e9cc4f585ba5811549b5ba7a9d064e9cb5a8712f1afab6edcbb2334248a8a

Download Submit
memory/1328-1092-0x0000000005390000-0x0000000005996000-memory.dmp

Filesize
6.0MB

Download
memory/1328-1095-0x0000000005B60000-0x0000000005B9E000-memory.dmp

Filesize
248KB

Download
memory/1328-213-0x0000000000840000-0x000000000088B000-memory.dmp

Filesize
300KB

Download
memory/1328-195-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-211-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-199-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-209-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-207-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-1108-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-1107-0x0000000006FA0000-0x0000000006FF0000-memory.dmp

Filesize
320KB

Download
memory/1328-1106-0x0000000006F20000-0x0000000006F96000-memory.dmp

Filesize
472KB

Download
memory/1328-1105-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-1103-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-1104-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-1102-0x00000000067D0000-0x0000000006CFC000-memory.dmp

Filesize
5.2MB

Download
memory/1328-1101-0x0000000006600000-0x00000000067C2000-memory.dmp

Filesize
1.8MB

Download
memory/1328-1099-0x0000000006500000-0x0000000006592000-memory.dmp

Filesize
584KB

Download
memory/1328-1098-0x0000000005E40000-0x0000000005EA6000-memory.dmp

Filesize
408KB

Download
memory/1328-197-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-1097-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-1096-0x0000000005CB0000-0x0000000005CFB000-memory.dmp

Filesize
300KB

Download
memory/1328-214-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-1094-0x0000000005B40000-0x0000000005B52000-memory.dmp

Filesize
72KB

Download
memory/1328-1093-0x0000000005A00000-0x0000000005B0A000-memory.dmp

Filesize
1.0MB

Download
memory/1328-219-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-180-0x0000000002290000-0x00000000022D6000-memory.dmp

Filesize
280KB

Download
memory/1328-181-0x0000000002840000-0x0000000002884000-memory.dmp

Filesize
272KB

Download
memory/1328-182-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-183-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-185-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-187-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-189-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-191-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-193-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-220-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-217-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-216-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/1328-201-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-205-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/1328-203-0x0000000002840000-0x000000000287F000-memory.dmp

Filesize
252KB

Download
memory/3588-1114-0x0000000000480000-0x00000000004B2000-memory.dmp

Filesize
200KB

Download
memory/3588-1115-0x0000000004EC0000-0x0000000004F0B000-memory.dmp

Filesize
300KB

Download
memory/3588-1116-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/3588-1117-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/4900-170-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/4900-140-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4900-145-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-142-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-138-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/4900-137-0x0000000004C30000-0x0000000004C48000-memory.dmp

Filesize
96KB

Download
memory/4900-139-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4900-175-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/4900-173-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4900-172-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4900-171-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4900-169-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-167-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-165-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-163-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-161-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-159-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-157-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-155-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-153-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-151-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-136-0x0000000004D60000-0x000000000525E000-memory.dmp

Filesize
5.0MB

Download
memory/4900-135-0x0000000002660000-0x000000000267A000-memory.dmp

Filesize
104KB

Download
memory/4900-149-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-147-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-143-0x0000000004C30000-0x0000000004C42000-memory.dmp

Filesize
72KB

Download
memory/4900-141-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download