kpot | 6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579

Analysis

max time kernel
139s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe
Size

1.1MB
MD5

9ece3b3514daec13578769d51b678b72
SHA1

e3c584bc02d2a413176baafd5534181d477019ae
SHA256

6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579
SHA512

cd5664c8c4545b8e639272dc5256ed6053e0a755073d3fffcdf9c03db30256622816330ef8424b935c4fb36b90ed4dbe2fc4b293731d8fd6124b000a87aa959c
SSDEEP

24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUkhmZ9skmbyT:E5aIwC+Agr6SNbN

Score

10^/10

kpot trickbot banker stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	family_kpot

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 1 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral2/memory/3156-15-0x00000000021E0000-0x0000000002209000-memory.dmp	trickbot_loader32

Executes dropped EXE 3 IoCs

Processes:

7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

pid	process
3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

description	pid	process
Token: SeTcbPrivilege	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
Token: SeTcbPrivilege	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

pid	process
3156	6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe
3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 3156 wrote to memory of 3076	3156	6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
PID 3156 wrote to memory of 3076	3156	6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
PID 3156 wrote to memory of 3076	3156	6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 3076 wrote to memory of 2012	3076	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 2504 wrote to memory of 4172	2504	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe
PID 1272 wrote to memory of 3804	1272	7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe	svchost.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe
"C:\Users\Admin\AppData\Local\Temp\6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
  C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3076
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    3⤵
    PID:2012

C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:4172

C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\WinSocket\7d747cc4e2940489811dad73296e2b7c8c4411c22d871e9fa321897ad611a689.exe

Filesize
1.1MB

MD5
9ece3b3514daec13578769d51b678b72

SHA1
e3c584bc02d2a413176baafd5534181d477019ae

SHA256
6d646cc4e2840478711dad63295e2b6c7c4411c22d761e9fa321786ad511a579

SHA512
cd5664c8c4545b8e639272dc5256ed6053e0a755073d3fffcdf9c03db30256622816330ef8424b935c4fb36b90ed4dbe2fc4b293731d8fd6124b000a87aa959c

Download Submit
C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini

Filesize
32KB

MD5
fa1e2bfcabff74949e393d0ae794ae1f

SHA1
026fe0a0a48e2ab3e57580db99105df4af5da4f8

SHA256
a481e7bf381e9ad13c94a3a45d301ef12e8c5050608ebf583325955bdc439371

SHA512
e3d914b7bae921b670d9894a5b614a067a653d555cae0cabd83203d8b0cd615d7ab946ce172fc364f9f0f6b0f257506baf6750a4cc9689168b6fa975815e30f1

Download Submit
memory/2012-46-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2012-51-0x000002606E190000-0x000002606E191000-memory.dmp

Filesize
4KB

Download
memory/2504-58-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-67-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-62-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-64-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-59-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-65-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-66-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-61-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-68-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-69-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-63-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-60-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2504-73-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2504-72-0x0000000000421000-0x0000000000422000-memory.dmp

Filesize
4KB

Download
memory/3076-34-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-52-0x0000000003060000-0x000000000311E000-memory.dmp

Filesize
760KB

Download
memory/3076-37-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-36-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-35-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-40-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3076-53-0x0000000003160000-0x0000000003429000-memory.dmp

Filesize
2.8MB

Download
memory/3076-33-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-32-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-31-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-30-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-29-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-41-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/3076-27-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-28-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3076-26-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/3156-4-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-9-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-5-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-6-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-10-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-8-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-2-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-3-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-7-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-11-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-12-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-13-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3156-17-0x0000000000421000-0x0000000000422000-memory.dmp

Filesize
4KB

Download
memory/3156-18-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3156-15-0x00000000021E0000-0x0000000002209000-memory.dmp

Filesize
164KB

Download
memory/3156-14-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download