49a4a4641cbffaafce34a35cd4c74d486935db28906fc4acd71400f26d853cd0

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

969KB
MD5

b8a07270ae910250a280a14eee35b80f
SHA1

c4c4a15fb067d11324c028cb36fbd4cb04cb26ce
SHA256

49a4a4641cbffaafce34a35cd4c74d486935db28906fc4acd71400f26d853cd0
SHA512

c1fda7adb3324c3e697124520b50d852a1e7b3d238d2f7fb23311c4767de3babc6a4653f901e91a4d4fdf6fde3c464b0299a3b986875fb38dad16d036c3020b2
SSDEEP

24576:zYmtbhG5rt/PmeggdP8/L52miMaCn5FNF:bkxt/OeZP8/NDiMLTN

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Loads dropped DLL 1 IoCs

pid	Process
1472	SolaraBootstrapper.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1472 set thread context of 4936	1472	SolaraBootstrapper.exe	86

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4936	MSBuild.exe
448	msedge.exe
448	msedge.exe
5260	msedge.exe
5260	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeBackupPrivilege	4936	MSBuild.exe
Token: SeSecurityPrivilege	4936	MSBuild.exe
Token: SeSecurityPrivilege	4936	MSBuild.exe
Token: SeSecurityPrivilege	4936	MSBuild.exe
Token: SeSecurityPrivilege	4936	MSBuild.exe
Token: SeDebugPrivilege	4936	MSBuild.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 1472 wrote to memory of 4936	1472	SolaraBootstrapper.exe	86
PID 3048 wrote to memory of 1472	3048	msedge.exe	109
PID 3048 wrote to memory of 1472	3048	msedge.exe	109
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 3176	3048	msedge.exe	110
PID 3048 wrote to memory of 448	3048	msedge.exe	111
PID 3048 wrote to memory of 448	3048	msedge.exe	111
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112
PID 3048 wrote to memory of 3236	3048	msedge.exe	112

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault82601646hb7a5h4110hade5hf2e7b86b2734
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xac,0x128,0x7ff9d15146f8,0x7ff9d1514708,0x7ff9d1514718
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17478203683573746328,7005601983483700073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17478203683573746328,7005601983483700073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17478203683573746328,7005601983483700073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3044 /prefetch:8
  2⤵
  PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb61fa5d7h665eh4876h8534hbfd23d600909
1⤵
PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d15146f8,0x7ff9d1514708,0x7ff9d1514718
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17258661120494305881,17066108566995628726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17258661120494305881,17066108566995628726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17258661120494305881,17066108566995628726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:5280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2476f4a951da707e517f21ffe7324ff5

SHA1
6218614bd3b2b2d1e0184110e1893d9fa6e0d415

SHA256
8a7d431228905aaf254fc60123c936fd8fe2ed9aacbe4fe6aefdf73bccd00678

SHA512
41c2f72e4ab46911b4107c140c024e9986632281abebd9212072e24013f07e64a9057e6e90d7079ac93fbe3e62fd83b992eb02734d5de8786018ac5907cc23ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c2af6463d16368ce18d90fcf15e7e607

SHA1
f4fd2039db8caa05ac4471794620f3017b61f152

SHA256
08036732fa0d611041e4ee472efde0d0ce6c7a3aed9561834cbbac440845a71e

SHA512
c4ec4812341b3286659cdb330a4b1a448634edc721cf8377a329af15650e36fc0f05b9eaf5841a0a1c39861b54f6b6633e153e8b5187b8a42acf1ef0dbf8ebc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f6fb6b77470a8db6a19046a0eccab340

SHA1
3a11c15f778bdf0aa431077bdc7d39edc804ee33

SHA256
09b38f022051cfc740c2a07c2a33d8388f4fc452323ec75fb36686249ca72a7c

SHA512
5e9638d901924f016d6f8194c4379ecefca56e0b321caec78be72151ec366bdb9087642f6829c10c445bc1328e9dd95043f488a8db9b6d580c94600356ab9c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8d1bb690059315b209c7c280967e31f3

SHA1
eb10c65414258b3d195e31669aa52537ccd3985c

SHA256
0143a3aad1be5e2d9df86074224d721df49887e22e6e5025fa0a9ba6d4ef73bf

SHA512
0ccaf6405a94bf85ec44f9adaff1541f8de57544d0280b17d1f6f490a8d5ba77001a3dd362a87035e76f5d9e9e6c37ad3a680f66c9c93468d0f85eb138693c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
1.2MB

MD5
7c5d02c92dab64e27974e0f42a4711ab

SHA1
df39c4b9d2425a776696fb6b2409dd06caecd851

SHA256
d2ca01c8ed8eba30cdbdcf418653c8ac367a7e088234bc99a8d75ed5eda64195

SHA512
f2ed615490c3736852c55bd9cdd36cdbab23fc0eec9c05d418c0f5933403eb490accba6a749aa31be283c13a896c318c03fee7a4874460051ad7e0c75157d233

Download Submit
memory/1472-11-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/1472-12-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/1472-2-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/1472-0-0x000000007492E000-0x000000007492F000-memory.dmp

Filesize
4KB

Download
memory/1472-1-0x0000000000AD0000-0x0000000000BC8000-memory.dmp

Filesize
992KB

Download
memory/4936-22-0x0000000007DC0000-0x0000000007E0C000-memory.dmp

Filesize
304KB

Download
memory/4936-21-0x0000000007C40000-0x0000000007C7C000-memory.dmp

Filesize
240KB

Download
memory/4936-26-0x0000000008B10000-0x0000000008B76000-memory.dmp

Filesize
408KB

Download
memory/4936-27-0x0000000008E40000-0x0000000008EB6000-memory.dmp

Filesize
472KB

Download
memory/4936-28-0x0000000008E10000-0x0000000008E2E000-memory.dmp

Filesize
120KB

Download
memory/4936-29-0x0000000009760000-0x0000000009922000-memory.dmp

Filesize
1.8MB

Download
memory/4936-30-0x0000000009E60000-0x000000000A38C000-memory.dmp

Filesize
5.2MB

Download
memory/4936-31-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/4936-33-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/4936-23-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/4936-20-0x0000000007BE0000-0x0000000007BF2000-memory.dmp

Filesize
72KB

Download
memory/4936-19-0x0000000007CB0000-0x0000000007DBA000-memory.dmp

Filesize
1.0MB

Download
memory/4936-18-0x0000000008180000-0x0000000008798000-memory.dmp

Filesize
6.1MB

Download
memory/4936-17-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/4936-16-0x0000000004DB0000-0x0000000004DBA000-memory.dmp

Filesize
40KB

Download
memory/4936-15-0x0000000004DD0000-0x0000000004E62000-memory.dmp

Filesize
584KB

Download
memory/4936-14-0x0000000005270000-0x0000000005814000-memory.dmp

Filesize
5.6MB

Download
memory/4936-13-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/4936-9-0x0000000000780000-0x000000000087A000-memory.dmp

Filesize
1000KB

Download