kpot | 000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe
Size

1.1MB
MD5

4530c376c13a16b2efc03cd4498d9694
SHA1

9a47cd2fdc4aa6a0b87afb6b717c6af89cfb04ed
SHA256

000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c
SHA512

72e6d661904144ac9c797ee91b8ebb37f082253b8488a469cd0cbb33d97262e09879300a588bd9bc158cd993f0eaf21b03014a2ea43b88bc458275f5230e37d3
SSDEEP

24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUSM6x4:E5aIwC+Agr6SNC4

Score

10^/10

kpot trickbot banker stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	family_kpot

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 1 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral2/memory/2112-15-0x00000000021F0000-0x0000000002219000-memory.dmp	trickbot_loader32

Executes dropped EXE 3 IoCs

Processes:

000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

pid	process
2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

description	pid	process
Token: SeTcbPrivilege	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
Token: SeTcbPrivilege	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

pid	process
2112	000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe
2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 2112 wrote to memory of 2816	2112	000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
PID 2112 wrote to memory of 2816	2112	000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
PID 2112 wrote to memory of 2816	2112	000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2816 wrote to memory of 1768	2816	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 3436 wrote to memory of 3096	3436	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe
PID 2036 wrote to memory of 4540	2036	000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe	svchost.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe
"C:\Users\Admin\AppData\Local\Temp\000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:1768

C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:3096

C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\WinSocket\000eb84b6b4f700e71acef97d90f037a0272b2c3319e4672724a86bb844bdf0c.exe

Filesize
1.1MB

MD5
4530c376c13a16b2efc03cd4498d9694

SHA1
9a47cd2fdc4aa6a0b87afb6b717c6af89cfb04ed

SHA256
000eb74b5b4f600e61acef96d90f036a0262b2c3318e4562624a75bb744bdf0c

SHA512
72e6d661904144ac9c797ee91b8ebb37f082253b8488a469cd0cbb33d97262e09879300a588bd9bc158cd993f0eaf21b03014a2ea43b88bc458275f5230e37d3

Download Submit
C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini

Filesize
44KB

MD5
1306a7807fd742f1895166035a83a0e2

SHA1
cd354d90158033d56bdf147c27e312797e117bf7

SHA256
e6048677844ff224fe183892b0bcb3451a82ea3f169ffcd420de7b25fdace120

SHA512
1fc9815966e5ec04bbfa08e09e3aa011d8a75f55d484047b51097af1b3829a83f96ca974ce605a3bf507e7ee44d7eb4105f13401fc38b52da8202838b6b2cf2a

Download Submit
memory/1768-46-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/1768-51-0x000002ABE0370000-0x000002ABE0371000-memory.dmp

Filesize
4KB

Download
memory/1768-47-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2112-5-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-6-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-14-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-13-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-12-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-11-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-10-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-9-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-8-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-7-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-4-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-3-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-2-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/2112-18-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2112-17-0x0000000000421000-0x0000000000422000-memory.dmp

Filesize
4KB

Download
memory/2112-15-0x00000000021F0000-0x0000000002219000-memory.dmp

Filesize
164KB

Download
memory/2816-37-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-26-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-29-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-40-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2816-36-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-35-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-34-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-41-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2816-33-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-32-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-31-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-52-0x0000000003060000-0x000000000311E000-memory.dmp

Filesize
760KB

Download
memory/2816-53-0x0000000003160000-0x0000000003429000-memory.dmp

Filesize
2.8MB

Download
memory/2816-28-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-27-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2816-30-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/3436-67-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-58-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-62-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-65-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-69-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-68-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-61-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-66-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-60-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-63-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-64-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-59-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3436-72-0x0000000000421000-0x0000000000422000-memory.dmp

Filesize
4KB

Download
memory/3436-73-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download