redline | 298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a

Analysis

max time kernel
109s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe
Size

689KB
MD5

7b2da37d630c7e072bcacd89e6d38c63
SHA1

618f6972240ed84e788d309bcd9173ee9485f645
SHA256

298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a
SHA512

2442cceef0810cab9c0c8904789169634ff5124a059a52d4d40c05494c9849f24727b6367427531dbfa805ecd7f137a38767e58a4887476f2bd37f72088f7e73
SSDEEP

12288:wMrgy90xH6DYmgiDqjie+y765hLudX0MSKI3VLuVZsK6L+uCv1FprfigQV0go18K:AyTi77mfad0LZ3VLu7sDL7C3pragBOVs

Score

10^/10

redline from rosn discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro7813.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro7813.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro7813.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro7813.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection	pro7813.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro7813.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 19 IoCs

resource	yara_rule
behavioral1/memory/4792-191-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-190-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-193-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-195-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-197-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-199-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-201-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-203-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-205-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-207-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-209-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-211-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-213-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-215-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-217-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-219-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-221-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-223-0x00000000038E0000-0x000000000391F000-memory.dmp	family_redline
behavioral1/memory/4792-1111-0x0000000003600000-0x0000000003610000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
4192	un067402.exe
2204	pro7813.exe
4792	qu6853.exe
4740	si004560.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro7813.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro7813.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un067402.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un067402.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4392	2204	WerFault.exe	85
2204	4792	WerFault.exe	94

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2204	pro7813.exe
2204	pro7813.exe
4792	qu6853.exe
4792	qu6853.exe
4740	si004560.exe
4740	si004560.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2204	pro7813.exe
Token: SeDebugPrivilege	4792	qu6853.exe
Token: SeDebugPrivilege	4740	si004560.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4192	4592	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe	84
PID 4592 wrote to memory of 4192	4592	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe	84
PID 4592 wrote to memory of 4192	4592	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe	84
PID 4192 wrote to memory of 2204	4192	un067402.exe	85
PID 4192 wrote to memory of 2204	4192	un067402.exe	85
PID 4192 wrote to memory of 2204	4192	un067402.exe	85
PID 4192 wrote to memory of 4792	4192	un067402.exe	94
PID 4192 wrote to memory of 4792	4192	un067402.exe	94
PID 4192 wrote to memory of 4792	4192	un067402.exe	94
PID 4592 wrote to memory of 4740	4592	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe	99
PID 4592 wrote to memory of 4740	4592	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe	99
PID 4592 wrote to memory of 4740	4592	298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe	99

C:\Users\Admin\AppData\Local\Temp\298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe
"C:\Users\Admin\AppData\Local\Temp\298d2ca2e1130159934819c5f7d52d4c9e0d95a3700ef26a17596a721ffe189a.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un067402.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un067402.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4192
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro7813.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro7813.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2204
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 1080
      4⤵
      Program crash
      PID:4392
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu6853.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu6853.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 1336
      4⤵
      Program crash
      PID:2204
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si004560.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si004560.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2204 -ip 2204
1⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4792 -ip 4792
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si004560.exe

Filesize
175KB

MD5
ad6b06a35e88c833f6eddbca8b390c7d

SHA1
bc6f8494a2e4d69ed7dc497a6ee0900fa08e3e8d

SHA256
f0608cdd737728a074eacaf98afb8e5626968c4f0321abd6a4c51cc4db374c43

SHA512
47e7196f0aae376276a9dbb97f4cf9202241218d1d1f2907fb6f5cb5a72b85cf631a81d663ffb15300ada769fa090eae593d060cf4060f8ce453890214a8f920

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si004560.exe

Filesize
175KB

MD5
ad6b06a35e88c833f6eddbca8b390c7d

SHA1
bc6f8494a2e4d69ed7dc497a6ee0900fa08e3e8d

SHA256
f0608cdd737728a074eacaf98afb8e5626968c4f0321abd6a4c51cc4db374c43

SHA512
47e7196f0aae376276a9dbb97f4cf9202241218d1d1f2907fb6f5cb5a72b85cf631a81d663ffb15300ada769fa090eae593d060cf4060f8ce453890214a8f920

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un067402.exe

Filesize
547KB

MD5
915df67d4a72b0dd614dadf3a5d46507

SHA1
6d7bb85fbf8d3b41409bb84ae4901b2cd393735a

SHA256
3fda9d6d396ac78c21f3434e22309c27e1dcb587bf59f2d5330f54a753d01a5c

SHA512
371065f665aa6f1f327157e0dbd05ec89748ea43ad9a15c9ac6051a6377edeef3a86c5580fa02b28810da9620e5f672b1a3634b8289211970093246d9040b7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un067402.exe

Filesize
547KB

MD5
915df67d4a72b0dd614dadf3a5d46507

SHA1
6d7bb85fbf8d3b41409bb84ae4901b2cd393735a

SHA256
3fda9d6d396ac78c21f3434e22309c27e1dcb587bf59f2d5330f54a753d01a5c

SHA512
371065f665aa6f1f327157e0dbd05ec89748ea43ad9a15c9ac6051a6377edeef3a86c5580fa02b28810da9620e5f672b1a3634b8289211970093246d9040b7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro7813.exe

Filesize
291KB

MD5
f571028467614fa9e2ebe5646b6b06e9

SHA1
00110f71ce17d96e1cd7b48347798aa91f496545

SHA256
2c2efbe725dd7ceaf634cda4d0fee97b0de8ab43ffb4494b72571947409a64c0

SHA512
d7419fe9f0db97b5c5ae1242159119c760a8a6dfcbf5719589a81fb11d201827cacd8873d0c6671675f2e8c949776135c90206ebcc17bd87b0035cb8f673af68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pro7813.exe

Filesize
291KB

MD5
f571028467614fa9e2ebe5646b6b06e9

SHA1
00110f71ce17d96e1cd7b48347798aa91f496545

SHA256
2c2efbe725dd7ceaf634cda4d0fee97b0de8ab43ffb4494b72571947409a64c0

SHA512
d7419fe9f0db97b5c5ae1242159119c760a8a6dfcbf5719589a81fb11d201827cacd8873d0c6671675f2e8c949776135c90206ebcc17bd87b0035cb8f673af68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu6853.exe

Filesize
345KB

MD5
78f4306add6aeb63a8aca3d2ee76440a

SHA1
fc11d656f5fd9cedfca4e61055bb707fca94f0ea

SHA256
c69075cd66fa5f58ea0d91bd021a88c4b84472450c153c3e0018c543cf4fd874

SHA512
5b4107ad73c72c6333b5977b683a6ae8abaf22e7c6c65e418f3e8fd81a64b46b8506263ffc67904fd399390630a373d6f1c92ce47366f9bd91312c225c3011d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qu6853.exe

Filesize
345KB

MD5
78f4306add6aeb63a8aca3d2ee76440a

SHA1
fc11d656f5fd9cedfca4e61055bb707fca94f0ea

SHA256
c69075cd66fa5f58ea0d91bd021a88c4b84472450c153c3e0018c543cf4fd874

SHA512
5b4107ad73c72c6333b5977b683a6ae8abaf22e7c6c65e418f3e8fd81a64b46b8506263ffc67904fd399390630a373d6f1c92ce47366f9bd91312c225c3011d1

Download Submit
memory/2204-148-0x0000000004CF0000-0x0000000005294000-memory.dmp

Filesize
5.6MB

Download
memory/2204-150-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/2204-149-0x0000000000710000-0x000000000073D000-memory.dmp

Filesize
180KB

Download
memory/2204-151-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/2204-152-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-153-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-155-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-157-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-159-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-161-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-163-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-165-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-167-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-169-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-171-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-173-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-175-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-177-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-179-0x0000000002330000-0x0000000002342000-memory.dmp

Filesize
72KB

Download
memory/2204-180-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2204-181-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/2204-182-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/2204-183-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/2204-185-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4740-1120-0x00000000008D0000-0x0000000000902000-memory.dmp

Filesize
200KB

Download
memory/4740-1121-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download
memory/4792-190-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-226-0x0000000001B00000-0x0000000001B4B000-memory.dmp

Filesize
300KB

Download
memory/4792-195-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-197-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-199-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-201-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-203-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-205-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-207-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-209-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-211-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-213-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-215-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-217-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-219-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-221-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-223-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-193-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-229-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/4792-227-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/4792-1099-0x0000000006630000-0x0000000006C48000-memory.dmp

Filesize
6.1MB

Download
memory/4792-1100-0x0000000006CD0000-0x0000000006DDA000-memory.dmp

Filesize
1.0MB

Download
memory/4792-1101-0x0000000006E10000-0x0000000006E22000-memory.dmp

Filesize
72KB

Download
memory/4792-1102-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/4792-1103-0x0000000006E30000-0x0000000006E6C000-memory.dmp

Filesize
240KB

Download
memory/4792-1104-0x0000000007120000-0x00000000071B2000-memory.dmp

Filesize
584KB

Download
memory/4792-1105-0x00000000071C0000-0x0000000007226000-memory.dmp

Filesize
408KB

Download
memory/4792-1107-0x0000000007A20000-0x0000000007BE2000-memory.dmp

Filesize
1.8MB

Download
memory/4792-1108-0x0000000007C00000-0x000000000812C000-memory.dmp

Filesize
5.2MB

Download
memory/4792-1109-0x0000000008250000-0x00000000082C6000-memory.dmp

Filesize
472KB

Download
memory/4792-1110-0x00000000082F0000-0x0000000008340000-memory.dmp

Filesize
320KB

Download
memory/4792-1111-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/4792-191-0x00000000038E0000-0x000000000391F000-memory.dmp

Filesize
252KB

Download
memory/4792-1112-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/4792-1113-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download
memory/4792-1114-0x0000000003600000-0x0000000003610000-memory.dmp

Filesize
64KB

Download