laplas | e12cb9ff71c0ab867bd5f393e52e5dd1654905d19f2dc55ca5ed99b5ec079e22

Analysis

max time kernel
90s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2023 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
Size

5.9MB
MD5

aa57f0d7a099773175006624cc891b29
SHA1

44598d94dac6e9c72ffe65f9e17cf77c2c73e6fe
SHA256

6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f
SHA512

e0fff8e7d8de1dc5b3d84bdea90828f9739499183aabb11eb5b7600af132f8fa0569bc49d4ca21ec5df925482ec2149d0134a88a4e8a632cb0326444a6bc31b0
SSDEEP

98304:5fsK1JWzYls9x4CwqEZSK84oBfrNy+yvsHrj0XXrmca/mDU9vf2eESEGMeNR:hbJWzY4x4Tq7Kx4ybsHEnrmyg9vsSEps

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

http://45.159.189.105

Attributes

api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	svcservice.exe

Executes dropped EXE 1 IoCs

pid	Process
2704	svcservice.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\telemetry = "C:\\Users\\Admin\\AppData\\Roaming\\telemetry\\svcservice.exe"	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3756 set thread context of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3004	powershell.exe
3004	powershell.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
Token: SeDebugPrivilege	3004	powershell.exe
Token: SeDebugPrivilege	2704	svcservice.exe
Token: SeDebugPrivilege	2124	powershell.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 3004	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	87
PID 3756 wrote to memory of 3004	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	87
PID 3756 wrote to memory of 3004	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	87
PID 3756 wrote to memory of 1972	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	95
PID 3756 wrote to memory of 1972	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	95
PID 3756 wrote to memory of 1972	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	95
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 3756 wrote to memory of 4864	3756	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	96
PID 4864 wrote to memory of 2704	4864	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	97
PID 4864 wrote to memory of 2704	4864	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	97
PID 4864 wrote to memory of 2704	4864	6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe	97
PID 2704 wrote to memory of 2124	2704	svcservice.exe	99
PID 2704 wrote to memory of 2124	2704	svcservice.exe	99
PID 2704 wrote to memory of 2124	2704	svcservice.exe	99

C:\Users\Admin\AppData\Local\Temp\6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
"C:\Users\Admin\AppData\Local\Temp\6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMQA1AA==
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3004
- C:\Users\Admin\AppData\Local\Temp\6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
  C:\Users\Admin\AppData\Local\Temp\6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Local\Temp\6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
  C:\Users\Admin\AppData\Local\Temp\6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
  2⤵
  - Checks computer location settings
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4864
- - C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
    "C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMQA1AA==
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2124
  - - C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
      C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
      4⤵
      PID:1032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
6195a91754effb4df74dbc72cdf4f7a6

SHA1
aba262f5726c6d77659fe0d3195e36a85046b427

SHA256
3254495a5513b37a2686a876d0040275414699e7ce760e7b5ee05e41a54b96f5

SHA512
ed723d15de267390dc93263538428e2c881be3494c996a810616b470d6df7d5acfcc8725687d5c50319ebef45caef44f769bfc32e0dc3abd249dacff4a12cc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
06ad34f9739c5159b4d92d702545bd49

SHA1
9152a0d4f153f3f40f7e606be75f81b582ee0c17

SHA256
474813b625f00710f29fa3b488235a6a22201851efb336bddf60d7d24a66bfba

SHA512
c272cd28ae164d465b779163ba9eca6a28261376414c6bbdfbd9f2128adb7f7ff1420e536b4d6000d0301ded2ec9036bc5c657588458bff41f176bdce8d74f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
16KB

MD5
479e3c5080d913b6adbec0482ac5849f

SHA1
38ef3e3ba61539d13bb96af9695e00533e2a7feb

SHA256
794633a31f6c58e62375dcd808326169cd60041fb349ebf088e19d275c1278dd

SHA512
636f8af1d0e737d44f2af346a5b6bb8522be664d4455ff7a2587891c462345a3a6295b6d40ab9cbe9cfde61cede1bf3bc9bff9e2d862c87394a984d4ce7ec65b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_repvrjrv.ejs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe

Filesize
711.3MB

MD5
852c420cd707c16d66c08f1b9bdb0315

SHA1
446d9a5f53b8a5c1add385d53bde4c842f9cb10b

SHA256
b5feef5ac0aca4a2bc666764366c2aede3a2e2ca564c913a05a2466a64c67e0f

SHA512
6576326922b4674abcdfce696c46585963e3a538c22376201c771d5203c831b6ce86abd41500b5a400571e8959231f17889716f12e587d635f83bb16c579d818

Download Submit
C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe

Filesize
605.9MB

MD5
5460af24fda55801afe82258e1ace8f0

SHA1
eb771d38a34ae074b9ae9dd87a6f26ac15fd76c0

SHA256
c7f883d30e979b63d54babf805dbb86ca1146c8b549e93a39c4d76954fa55d22

SHA512
d2f91f29f9e4b289131cee8f1ad4c91c7eb8ee9f12bccb93e5f3bd458bc7ab2d0ed95991d74e4dde7da5d80b95c4715e85909017ce875f9cfd623e9eebaedc04

Download Submit
C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe

Filesize
573.1MB

MD5
c91fe8267027f7402cc97110483e69a0

SHA1
38ee44bbc03622deb987e7ffba70a1b6d01cc040

SHA256
8bf848ea83516dacbd875fbc06eba325c15f618ef77b246c833875b059cd9a28

SHA512
3d0c3e31c2a32e9d259e86eb1f752a48fda0d2eaeca09bb8417e0be7e243ba4c0ac14fbfce9360490d0a1fdfc50ae2684673fd9214665cc0d2095a1c4adfedc0

Download Submit
C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe

Filesize
166.4MB

MD5
8dc33b1b29d532ee2c2ffa566d0d6d6b

SHA1
10203d07c5a9c5800b07cb44f9bd881ca1fca54d

SHA256
1dfe351ee873eba9869b129c01cfbc0834f2615a2f4a89a95aab0ae5f2b44104

SHA512
c9f148dbe7adf76123356735673ce4eee915b1607997f6c1ad66f34970df12a12d7e72cae4b95cd5cb3d27314c9e56743011ce156ea239c01fa37f47a9a25dcf

Download Submit
memory/1032-201-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/2124-196-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/2124-182-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/2124-185-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/2124-195-0x0000000002830000-0x0000000002840000-memory.dmp

Filesize
64KB

Download
memory/2704-180-0x0000000005A40000-0x0000000005A50000-memory.dmp

Filesize
64KB

Download
memory/2704-178-0x0000000005A40000-0x0000000005A50000-memory.dmp

Filesize
64KB

Download
memory/3004-146-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/3004-154-0x0000000006730000-0x000000000674A000-memory.dmp

Filesize
104KB

Download
memory/3004-158-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/3004-144-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/3004-145-0x0000000005C20000-0x0000000005C86000-memory.dmp

Filesize
408KB

Download
memory/3004-136-0x0000000004C60000-0x0000000004C96000-memory.dmp

Filesize
216KB

Download
memory/3004-157-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/3004-156-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/3004-151-0x0000000006230000-0x000000000624E000-memory.dmp

Filesize
120KB

Download
memory/3004-138-0x0000000005B40000-0x0000000005BA6000-memory.dmp

Filesize
408KB

Download
memory/3004-153-0x0000000007A80000-0x00000000080FA000-memory.dmp

Filesize
6.5MB

Download
memory/3004-137-0x00000000053C0000-0x00000000059E8000-memory.dmp

Filesize
6.2MB

Download
memory/3004-152-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/3756-155-0x0000000003340000-0x0000000003350000-memory.dmp

Filesize
64KB

Download
memory/3756-133-0x0000000000E30000-0x0000000001078000-memory.dmp

Filesize
2.3MB

Download
memory/3756-135-0x00000000062B0000-0x00000000062D2000-memory.dmp

Filesize
136KB

Download
memory/3756-134-0x0000000003340000-0x0000000003350000-memory.dmp

Filesize
64KB

Download
memory/4864-166-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4864-179-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4864-165-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4864-164-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/4864-162-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download