redline | 9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea

Analysis

max time kernel
50s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27-03-2023 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe
Size

685KB
MD5

b98cd68eeae51dca96b99b1a26ebae89
SHA1

671b4b1cc0aa34bab81874c39447c6acf6359cad
SHA256

9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea
SHA512

16aa7bd36c3de679d7aa92f4afa07bd5ffb8c76fa4ee15e0c2b419e9107dabf2ff769a33ab78e05c7ee82a44d8a2d1ec67d2611a2beb3cbfcb3aa74c19054fa6
SSDEEP

12288:zMrwy90nNHmylnHZaJ3GJBHZZl3QVlE3RGd5kAy7Bs02ECKLJtAPWh5b:XyIHmylnHZQYjl3gORGd2xG02ECKvXhl

Score

10^/10

redline nice sony discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

sony

193.233.20.33:4125

Attributes

auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

nice

193.233.20.33:4125

Attributes

auth_value
a7371b75699e8bc7c51fb960e8ac9e81

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro8341.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro8341.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro8341.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro8341.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro8341.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 21 IoCs

resource	yara_rule
behavioral1/memory/4876-178-0x00000000022E0000-0x0000000002326000-memory.dmp	family_redline
behavioral1/memory/4876-179-0x00000000027C0000-0x0000000002804000-memory.dmp	family_redline
behavioral1/memory/4876-180-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-181-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-183-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-185-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-187-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-189-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-191-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-193-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-195-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-197-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-199-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-201-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-203-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-205-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-207-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-211-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-215-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-217-0x00000000027C0000-0x00000000027FE000-memory.dmp	family_redline
behavioral1/memory/4876-1099-0x0000000004EF0000-0x0000000004F00000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
2296	un311909.exe
2408	pro8341.exe
4876	qu2957.exe
4264	si826570.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro8341.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro8341.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un311909.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un311909.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2408	pro8341.exe
2408	pro8341.exe
4876	qu2957.exe
4876	qu2957.exe
4264	si826570.exe
4264	si826570.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2408	pro8341.exe
Token: SeDebugPrivilege	4876	qu2957.exe
Token: SeDebugPrivilege	4264	si826570.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2296	1780	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe	66
PID 1780 wrote to memory of 2296	1780	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe	66
PID 1780 wrote to memory of 2296	1780	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe	66
PID 2296 wrote to memory of 2408	2296	un311909.exe	67
PID 2296 wrote to memory of 2408	2296	un311909.exe	67
PID 2296 wrote to memory of 2408	2296	un311909.exe	67
PID 2296 wrote to memory of 4876	2296	un311909.exe	68
PID 2296 wrote to memory of 4876	2296	un311909.exe	68
PID 2296 wrote to memory of 4876	2296	un311909.exe	68
PID 1780 wrote to memory of 4264	1780	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe	70
PID 1780 wrote to memory of 4264	1780	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe	70
PID 1780 wrote to memory of 4264	1780	9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe	70

C:\Users\Admin\AppData\Local\Temp\9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe
"C:\Users\Admin\AppData\Local\Temp\9256fed9e07c01bdc005dcb9aacb4781951fa4f45314dcbfbcfc319c5563bfea.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un311909.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un311909.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro8341.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro8341.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu2957.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu2957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4876
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si826570.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si826570.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4264

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si826570.exe

Filesize
175KB

MD5
63f7ff24566d630d9adffd1866f93442

SHA1
245299b1d37b41d193f6a98ca13ee8af6fbb949a

SHA256
2d566a16f544e32b9ce450d42bef7864233e18e22ef4ffc5778a0ceed9d27191

SHA512
594aadea41b9988d21712b85de658068422b43d6100e8436211d54967d4bcbb46563c675a683f27c70d22a2d9ecb3d5245e36cdad5a839692c03f6a0ef4e24e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si826570.exe

Filesize
175KB

MD5
63f7ff24566d630d9adffd1866f93442

SHA1
245299b1d37b41d193f6a98ca13ee8af6fbb949a

SHA256
2d566a16f544e32b9ce450d42bef7864233e18e22ef4ffc5778a0ceed9d27191

SHA512
594aadea41b9988d21712b85de658068422b43d6100e8436211d54967d4bcbb46563c675a683f27c70d22a2d9ecb3d5245e36cdad5a839692c03f6a0ef4e24e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un311909.exe

Filesize
543KB

MD5
4698057e294d46b959eada6c0f5edb75

SHA1
5e09cfc1193028ee75e2f5b46964e9ec5d17a05c

SHA256
1a464cda5f85a67030f349b15a97e728331c3a2d57f6588577d9ad1971e8b051

SHA512
d9dfe8e0115b871345a3f413c6af0897e956911bb3b3f819edb75f08548be616a56f8b5fc80ad86ad478c8b52d7b4d7264e3eb4d0b2809a84c91ae181df92978

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un311909.exe

Filesize
543KB

MD5
4698057e294d46b959eada6c0f5edb75

SHA1
5e09cfc1193028ee75e2f5b46964e9ec5d17a05c

SHA256
1a464cda5f85a67030f349b15a97e728331c3a2d57f6588577d9ad1971e8b051

SHA512
d9dfe8e0115b871345a3f413c6af0897e956911bb3b3f819edb75f08548be616a56f8b5fc80ad86ad478c8b52d7b4d7264e3eb4d0b2809a84c91ae181df92978

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro8341.exe

Filesize
292KB

MD5
3494f6cfdf85e1bcaa42136dfc5daa21

SHA1
3b98feb868219ec6463b1685b935b44f43fdb3d3

SHA256
ccd14a5779a73e2cf9470b435ed29e6516f8ed86f3ca8dc1913e419e84eea2c4

SHA512
749706a8ce499bf5125fd5efb8a0f9e4a62b6cbb851f792ff1938b0df078b3f6ae827af9ba40698cba747700a7064ba3d9df12be2f9ad1557869d320b98c947a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro8341.exe

Filesize
292KB

MD5
3494f6cfdf85e1bcaa42136dfc5daa21

SHA1
3b98feb868219ec6463b1685b935b44f43fdb3d3

SHA256
ccd14a5779a73e2cf9470b435ed29e6516f8ed86f3ca8dc1913e419e84eea2c4

SHA512
749706a8ce499bf5125fd5efb8a0f9e4a62b6cbb851f792ff1938b0df078b3f6ae827af9ba40698cba747700a7064ba3d9df12be2f9ad1557869d320b98c947a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu2957.exe

Filesize
350KB

MD5
d6b9fb395faabf38fe0c9bd572bb881b

SHA1
962277e90b97cab0dcd775a56f4d9a4ddbb4b784

SHA256
f2f7ac869d51469736e8732f92af30ea911162aa97252e5a8ad1d8d8729bcd68

SHA512
bdc448bb5f64ad0ee2514d1d9976a05e05c6560df4e7f5389d4db86a8bab2a76b7d411912d2be97876037374f2fc26145896424bf6751b4b1d38d646b6e2f052

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu2957.exe

Filesize
350KB

MD5
d6b9fb395faabf38fe0c9bd572bb881b

SHA1
962277e90b97cab0dcd775a56f4d9a4ddbb4b784

SHA256
f2f7ac869d51469736e8732f92af30ea911162aa97252e5a8ad1d8d8729bcd68

SHA512
bdc448bb5f64ad0ee2514d1d9976a05e05c6560df4e7f5389d4db86a8bab2a76b7d411912d2be97876037374f2fc26145896424bf6751b4b1d38d646b6e2f052

Download Submit
memory/2408-136-0x0000000000A20000-0x0000000000A3A000-memory.dmp

Filesize
104KB

Download
memory/2408-137-0x0000000004E90000-0x000000000538E000-memory.dmp

Filesize
5.0MB

Download
memory/2408-138-0x0000000002380000-0x0000000002398000-memory.dmp

Filesize
96KB

Download
memory/2408-139-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-140-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-142-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-144-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-146-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-150-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/2408-151-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-148-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/2408-153-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-155-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-147-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/2408-157-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-159-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-161-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-163-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-165-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-167-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-169-0x0000000002380000-0x0000000002392000-memory.dmp

Filesize
72KB

Download
memory/2408-170-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/2408-171-0x0000000004E80000-0x0000000004E90000-memory.dmp

Filesize
64KB

Download
memory/2408-173-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/4264-1112-0x0000000000460000-0x0000000000492000-memory.dmp

Filesize
200KB

Download
memory/4264-1114-0x00000000050E0000-0x00000000050F0000-memory.dmp

Filesize
64KB

Download
memory/4264-1113-0x0000000004D80000-0x0000000004DCB000-memory.dmp

Filesize
300KB

Download
memory/4876-181-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-213-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-183-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-185-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-187-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-189-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-191-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-193-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-195-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-197-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-199-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-201-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-203-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-205-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-208-0x0000000000720000-0x000000000076B000-memory.dmp

Filesize
300KB

Download
memory/4876-207-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-210-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-211-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-212-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-180-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-215-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-217-0x00000000027C0000-0x00000000027FE000-memory.dmp

Filesize
248KB

Download
memory/4876-1090-0x0000000005A10000-0x0000000006016000-memory.dmp

Filesize
6.0MB

Download
memory/4876-1091-0x0000000004DA0000-0x0000000004EAA000-memory.dmp

Filesize
1.0MB

Download
memory/4876-1092-0x0000000005400000-0x0000000005412000-memory.dmp

Filesize
72KB

Download
memory/4876-1093-0x0000000005420000-0x000000000545E000-memory.dmp

Filesize
248KB

Download
memory/4876-1094-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-1095-0x0000000005560000-0x00000000055AB000-memory.dmp

Filesize
300KB

Download
memory/4876-1096-0x00000000056F0000-0x0000000005756000-memory.dmp

Filesize
408KB

Download
memory/4876-1098-0x00000000063E0000-0x0000000006472000-memory.dmp

Filesize
584KB

Download
memory/4876-1099-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-1100-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-1101-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/4876-1102-0x00000000066E0000-0x00000000068A2000-memory.dmp

Filesize
1.8MB

Download
memory/4876-1103-0x00000000068D0000-0x0000000006DFC000-memory.dmp

Filesize
5.2MB

Download
memory/4876-179-0x00000000027C0000-0x0000000002804000-memory.dmp

Filesize
272KB

Download
memory/4876-178-0x00000000022E0000-0x0000000002326000-memory.dmp

Filesize
280KB

Download
memory/4876-1104-0x0000000006F40000-0x0000000006FB6000-memory.dmp

Filesize
472KB

Download
memory/4876-1105-0x0000000006FC0000-0x0000000007010000-memory.dmp

Filesize
320KB

Download
memory/4876-1106-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download