kpot | 4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2

Analysis

max time kernel
136s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe
Size

847KB
MD5

1b509ee20cd54603a17b482449e782a2
SHA1

7549aeb076d7b2c94ea7da274ff21054c5cf25f2
SHA256

4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2
SHA512

9ea699a948c2d85daddb2c89f8ccadd359aeeed1e0de1bec5085c1edef86df393b3b37d4c2887c7610a37e848823002bde945235d867e78165116be1f1b082f4
SSDEEP

12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQGCsksQjn6YHldGm1ufSD8Gli:zQ5aILMCfmAUjzX6xQGCZLFdGm13Ji

Score

10^/10

kpot trickbot banker discovery stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 1 IoCs

resource	yara_rule
behavioral2/files/0x00070000000233d0-21.dat	family_kpot

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 1 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

resource	yara_rule
behavioral2/memory/4452-15-0x0000000000800000-0x0000000000829000-memory.dmp	trickbot_loader32

Executes dropped EXE 3 IoCs

pid	Process
1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTcbPrivilege	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
Token: SeTcbPrivilege	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4452	4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe
1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 1156	4452	4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe	87
PID 4452 wrote to memory of 1156	4452	4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe	87
PID 4452 wrote to memory of 1156	4452	4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe	87
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 1156 wrote to memory of 1732	1156	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	89
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 464 wrote to memory of 2728	464	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	95
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97
PID 4356 wrote to memory of 4592	4356	4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe
"C:\Users\Admin\AppData\Local\Temp\4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
  C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    3⤵
    PID:1732

C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:464
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2728

C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\WinSocket\4dbb0830a9fddeefa476aea02611fc9e9fe7f6ba96949c4be8219a1f413af8b2.exe

Filesize
847KB

MD5
1b509ee20cd54603a17b482449e782a2

SHA1
7549aeb076d7b2c94ea7da274ff21054c5cf25f2

SHA256
4dbb0730a8fddeefa465aea02511fc9e8fe6f5ba95949c4be7219a1f413af7b2

SHA512
9ea699a948c2d85daddb2c89f8ccadd359aeeed1e0de1bec5085c1edef86df393b3b37d4c2887c7610a37e848823002bde945235d867e78165116be1f1b082f4

Download Submit
C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini

Filesize
72KB

MD5
0d536e71fcdfb17f275e186c6789f94d

SHA1
fd1b472f1f48e08d2d71021d6ab76714d5e5037d

SHA256
d62641eee2c45fbb77c5a309e3b96980058bbf7d1cec5aee4cda7783d767919e

SHA512
ba072ebd1236ab6e3046c946de85b68f4c8d89fb5d64b2307c5f4ea10cc4d332a16e317e013cb1774d803a7c212cac395267436632e4fde5ee0d2ec4f3f1eb4a

Download Submit
memory/464-73-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/464-72-0x0000000000421000-0x0000000000422000-memory.dmp

Filesize
4KB

Download
memory/464-59-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-62-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-64-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-65-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-67-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-68-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-69-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-66-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-63-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-61-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-60-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/464-58-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/1156-29-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-42-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/1156-36-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-40-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1156-35-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-34-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-33-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-32-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-31-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-30-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-53-0x0000000003160000-0x0000000003429000-memory.dmp

Filesize
2.8MB

Download
memory/1156-28-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-27-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-26-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1156-52-0x0000000002B60000-0x0000000002C1E000-memory.dmp

Filesize
760KB

Download
memory/1156-41-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/1156-37-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1732-46-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/1732-51-0x0000024866E70000-0x0000024866E71000-memory.dmp

Filesize
4KB

Download
memory/1732-48-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/4452-9-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-11-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-3-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-7-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-8-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-13-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-10-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-2-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-4-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-5-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-6-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-18-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4452-12-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4452-17-0x0000000000421000-0x0000000000422000-memory.dmp

Filesize
4KB

Download
memory/4452-15-0x0000000000800000-0x0000000000829000-memory.dmp

Filesize
164KB

Download
memory/4452-14-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download