Analysis

  • max time kernel
    0s
  • max time network
    71s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 14:46

General

  • Target

    SolaraB/Solara/SolaraBootstrapper.exe

  • Size

    13KB

  • MD5

    6557bd5240397f026e675afb78544a26

  • SHA1

    839e683bf68703d373b6eac246f19386bb181713

  • SHA256

    a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

  • SHA512

    f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

  • SSDEEP

    192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

Score
7/10

Malware Config

Signatures

  • Themida packer 13 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3728
    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
      "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
      2⤵
        PID:5084
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
        PID:2756
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
            PID:3768
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.0.1179053611\1145084917" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c0a44a4-10d2-4d97-bbad-52fd222bdf9b} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 1836 22191716d58 gpu
              3⤵
                PID:4956
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.1.162945662\785262636" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de80a34-8660-4df3-aea3-788ad6732229} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2404 22184a89358 socket
                3⤵
                  PID:3756
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.2.1759716429\292699726" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fe2bcc-e936-4d8c-8603-637edc86917b} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2996 2219450ce58 tab
                  3⤵
                    PID:372
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.3.1614237144\1390886681" -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 3828 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e52c5c9-cc9e-44fe-9b3f-0e183c2faab5} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 3856 221962c5358 tab
                    3⤵
                      PID:5112
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.4.1731217342\1423780405" -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2678ed1-00c0-43cf-9115-8c12664f9b19} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5188 221970f7e58 tab
                      3⤵
                        PID:1264
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.5.1149922110\1608304677" -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c40498-e142-470a-a3d7-3467ff0a01fa} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5316 22198408e58 tab
                        3⤵
                          PID:3472
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.6.1564947225\1225354899" -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3226e7-434f-443b-981e-a4c1497268ef} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5508 2219966b858 tab
                          3⤵
                            PID:4684

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp

                        Filesize

                        32KB

                        MD5

                        6fc297a3e1fbd95386fd1cb287c7c1e4

                        SHA1

                        90a5d9eb2411ad4e9c2eef40fc155d5c192fd8da

                        SHA256

                        581b5c305d04efd05a333c9d72789bd8903c50bf6d0c0e3b00347e27f48ce228

                        SHA512

                        4453b57c454f2682f18ae804b9f5174b7e3bc90b2cd3bffc24b4ff63b9718c968c2a14b19f23b5828f0b793a826a3b478aa2972a2ed2fd8dad37d3d97a5612f8

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

                        Filesize

                        488KB

                        MD5

                        851fee9a41856b588847cf8272645f58

                        SHA1

                        ee185a1ff257c86eb19d30a191bf0695d5ac72a1

                        SHA256

                        5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

                        SHA512

                        cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

                        Filesize

                        43KB

                        MD5

                        34ec990ed346ec6a4f14841b12280c20

                        SHA1

                        6587164274a1ae7f47bdb9d71d066b83241576f0

                        SHA256

                        1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

                        SHA512

                        b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

                        Filesize

                        139B

                        MD5

                        d0104f79f0b4f03bbcd3b287fa04cf8c

                        SHA1

                        54f9d7adf8943cb07f821435bb269eb4ba40ccc2

                        SHA256

                        997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

                        SHA512

                        daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

                        Filesize

                        43B

                        MD5

                        c28b0fe9be6e306cc2ad30fe00e3db10

                        SHA1

                        af79c81bd61c9a937fca18425dd84cdf8317c8b9

                        SHA256

                        0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

                        SHA512

                        e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

                        Filesize

                        216B

                        MD5

                        c2ab942102236f987048d0d84d73d960

                        SHA1

                        95462172699187ac02eaec6074024b26e6d71cff

                        SHA256

                        948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

                        SHA512

                        e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

                        Filesize

                        1KB

                        MD5

                        13babc4f212ce635d68da544339c962b

                        SHA1

                        4881ad2ec8eb2470a7049421047c6d076f48f1de

                        SHA256

                        bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

                        SHA512

                        40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

                        Filesize

                        133KB

                        MD5

                        a0bd0d1a66e7c7f1d97aedecdafb933f

                        SHA1

                        dd109ac34beb8289030e4ec0a026297b793f64a3

                        SHA256

                        79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                        SHA512

                        2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

                        Filesize

                        4.4MB

                        MD5

                        b689169b2956fff21f686f39106fa7fc

                        SHA1

                        0bf7c393b9820813527f44956bc245cfe4d25a41

                        SHA256

                        4f10137da039041165ce3c6eea382da44908e20a531a461512946c894b1fcf77

                        SHA512

                        194a7a501e9524a6fb12a766c2ef3c9ab3f518bc72c888581e55955a88ee3a423cf3f59c10c5341603ff20e0d18df42653d8940f84459b8137879f2727a91fb9

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

                        Filesize

                        49B

                        MD5

                        6b09afc61af8884f2fc6204922e970be

                        SHA1

                        fe3da40f27e8dc2b8e2392c9590666982fff3398

                        SHA256

                        f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6

                        SHA512

                        69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

                        Filesize

                        3.9MB

                        MD5

                        cb21dd3353ec9d9b9b24d2736bd91317

                        SHA1

                        acf87c778072b55baecd0fc1018ba5df0cafc8bd

                        SHA256

                        79322cabf204a2bfb5fa1a1f622badf50756bb6d9619e9db515a0006f31602b2

                        SHA512

                        04ddbe1c5fb6c5b441b0173fe3b301990e554986ae419e08e3fc189c782fa6a2b5b0c1aed08d394c3b15c0026ada235fb3aa148e692b7cc3ff2b9c4359435256

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

                        Filesize

                        4.6MB

                        MD5

                        c4ce570d3d045f1d2a5a279bdb4e79aa

                        SHA1

                        ecea98e2e66c0949c6e67df51c31cc13155316b2

                        SHA256

                        d9ece044d2d85392e78d7e75d378b66d6ce0f57e20c53a2a5fa69cf3798fcbcb

                        SHA512

                        30ae49c0ac9403374c5ae376c2f2fa224af62c55ffb0c4d2d0db209c87c445b7ac05628132242e8a3b0505dcb0488e6edf300a7accf18ec6bebc3149d45a0fb9

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

                        Filesize

                        85KB

                        MD5

                        f8f4522d11178a26e97e2046f249dfa7

                        SHA1

                        8b591d9a37716e235260fb6b3f601e4ccbebf15d

                        SHA256

                        3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0

                        SHA512

                        52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

                        Filesize

                        522KB

                        MD5

                        e31f5136d91bad0fcbce053aac798a30

                        SHA1

                        ee785d2546aec4803bcae08cdebfd5d168c42337

                        SHA256

                        ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

                        SHA512

                        a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll

                        Filesize

                        99KB

                        MD5

                        7a2b8cfcd543f6e4ebca43162b67d610

                        SHA1

                        c1c45a326249bf0ccd2be2fbd412f1a62fb67024

                        SHA256

                        7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

                        SHA512

                        e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

                        Filesize

                        113KB

                        MD5

                        75365924730b0b2c1a6ee9028ef07685

                        SHA1

                        a10687c37deb2ce5422140b541a64ac15534250f

                        SHA256

                        945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

                        SHA512

                        c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

                        Filesize

                        7KB

                        MD5

                        a1d41a077d5d96850afebf92a77b7eae

                        SHA1

                        745b8b36630a554e4441e88bfbf999cf6c0f92a2

                        SHA256

                        626321f685bce132ba76481b412434290f46381d05617228c9098e8d9fbedf77

                        SHA512

                        63cbe54824e99180ccda661b054157f1890313192ed30a4f4251bd9709f3d1ccbfef23f3df1d35bc54327270398239a44aeeee75a3dcc6a27f387e67fe01abfb

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

                        Filesize

                        6KB

                        MD5

                        1e16344bd24b516adf18665a9a8e5351

                        SHA1

                        d5615614ef532490076a3ecb043a959c2abfef5e

                        SHA256

                        cab22da46737828d06c31e221aaa95e5c9c3848d11edf94775fe67b4a15e578b

                        SHA512

                        b01fc5c81f348abffc56002ce38c76efa1e0b1ce5faa01e78b756bdc1e60a05df15fcd8d9ef3f9ca38d2d8c584215a6626717ed5c653dee515877eabfcefd7d8

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        1KB

                        MD5

                        76ab0987ec505d828adc45088deb715f

                        SHA1

                        4805dcfb26dff2c1139c9af476c48da5211a2635

                        SHA256

                        58c9dc658af3cb1bc5781708d384b1d46feb577ea8aa76b35cfda23268e31ef1

                        SHA512

                        c65d477aea47763b7f949ba7ac45a5584cf1dce67f33683f24bbef8b9e380da19238899dcd01cdb712e8582789e8c17d094fb48124be89042693579274854992

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                        Filesize

                        192KB

                        MD5

                        17359981162cb4a159bda50d1b207fe5

                        SHA1

                        ef1b560f9cfc1bb74cc392390417611dbb9b9e69

                        SHA256

                        4549729a353050d45a28e8b7e23c8038239b2d887a242fb149eb56fdc6d2b412

                        SHA512

                        8de8313a4fc519bfffee0f990d09cefb7174fc182e68f9c2ff37f272e9f0f0ea13f96d6b71d2cc139f30fe0992ae6dbea28bb5ff633cf3755c36f899e467a80b

                      • memory/3728-1473-0x00000000744B0000-0x0000000074C60000-memory.dmp

                        Filesize

                        7.7MB

                      • memory/3728-1-0x00000000007C0000-0x00000000007CA000-memory.dmp

                        Filesize

                        40KB

                      • memory/3728-2-0x0000000005190000-0x000000000519A000-memory.dmp

                        Filesize

                        40KB

                      • memory/3728-3-0x00000000744B0000-0x0000000074C60000-memory.dmp

                        Filesize

                        7.7MB

                      • memory/3728-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

                        Filesize

                        4KB

                      • memory/3728-5-0x0000000005C80000-0x0000000005C92000-memory.dmp

                        Filesize

                        72KB

                      • memory/5084-1472-0x000001F2E8A10000-0x000001F2E8A2A000-memory.dmp

                        Filesize

                        104KB

                      • memory/5084-1492-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1493-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1479-0x000001F2EC920000-0x000001F2EC99E000-memory.dmp

                        Filesize

                        504KB

                      • memory/5084-1495-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1494-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1497-0x000001F2F1280000-0x000001F2F1288000-memory.dmp

                        Filesize

                        32KB

                      • memory/5084-1499-0x000001F2F1830000-0x000001F2F183E000-memory.dmp

                        Filesize

                        56KB

                      • memory/5084-1498-0x000001F2F1860000-0x000001F2F1898000-memory.dmp

                        Filesize

                        224KB

                      • memory/5084-1500-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1501-0x00007FFA96E70000-0x00007FFA96E94000-memory.dmp

                        Filesize

                        144KB

                      • memory/5084-1481-0x000001F2EA7A0000-0x000001F2EA7AE000-memory.dmp

                        Filesize

                        56KB

                      • memory/5084-1477-0x000001F2EC860000-0x000001F2EC91A000-memory.dmp

                        Filesize

                        744KB

                      • memory/5084-1550-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1552-0x00007FFA87653000-0x00007FFA87655000-memory.dmp

                        Filesize

                        8KB

                      • memory/5084-1554-0x00007FFA87650000-0x00007FFA88111000-memory.dmp

                        Filesize

                        10.8MB

                      • memory/5084-1557-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1559-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1475-0x000001F2ECBB0000-0x000001F2ED0EC000-memory.dmp

                        Filesize

                        5.2MB

                      • memory/5084-1566-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1476-0x00007FFA87650000-0x00007FFA88111000-memory.dmp

                        Filesize

                        10.8MB

                      • memory/5084-1471-0x00007FFA87653000-0x00007FFA87655000-memory.dmp

                        Filesize

                        8KB

                      • memory/5084-1581-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB

                      • memory/5084-1587-0x0000000180000000-0x0000000180E54000-memory.dmp

                        Filesize

                        14.3MB