laplas | a9be7e54f52ab225e7165e867cf64ab5e41649f51ddd60625bd79b1c372c6e53

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2023 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
Size

319KB
MD5

85326f203daea8bc2130d1809bcb6b5c
SHA1

24077c1f68653d460c115be272906f5c4777192f
SHA256

a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a
SHA512

6970dc52fc42c7ca1104b20229f2d6d3f077a873b04d00f0a48ab5a8889fd16f3ad2fb33b311749c26d3cba9a333ec2712acf809052061ad7c46133cb0e4058a
SSDEEP

6144:NuLAX+WXLHBsVS5/Z2+LFECBUMHmRIXD3cAyjEvJEMrbO:A6+WX7Bsmk+LFtBUMGRmDMAyoh

Score

10^/10

laplas smokeloader 2023 backdoor clipper persistence stealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

2023

Extracted

Family

smokeloader

Version

2022

http://c3g6gx853u6j.xyz/

http://04yh16065cdi.xyz/

http://33qd2w560vnx.xyz/

http://neriir0f76gr.com/

http://b4y08hrp3jdb.com/

http://swp6fbywla09.com/

http://7iqt53dr345u.com/

http://mj4aj8r55mho.com/

http://ne4ym7bjn1ts.com/

rc4.i32

Extracted

Family

laplas

http://45.159.189.105

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Extracted

Family

laplas

http://45.159.189.105

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2580	DA04.exe
2144	ntlhost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe"	DA04.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	137	Go-http-client/1.1

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
412	a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
412	a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3172	Process not Found

Suspicious behavior: MapViewOfSection 19 IoCs

pid	Process
412	a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3172	Process not Found
3172	Process not Found

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 2580	3172	Process not Found	99
PID 3172 wrote to memory of 2580	3172	Process not Found	99
PID 3172 wrote to memory of 2580	3172	Process not Found	99
PID 3172 wrote to memory of 5016	3172	Process not Found	100
PID 3172 wrote to memory of 5016	3172	Process not Found	100
PID 3172 wrote to memory of 5016	3172	Process not Found	100
PID 3172 wrote to memory of 5016	3172	Process not Found	100
PID 3172 wrote to memory of 4344	3172	Process not Found	101
PID 3172 wrote to memory of 4344	3172	Process not Found	101
PID 3172 wrote to memory of 4344	3172	Process not Found	101
PID 3172 wrote to memory of 4248	3172	Process not Found	102
PID 3172 wrote to memory of 4248	3172	Process not Found	102
PID 3172 wrote to memory of 4248	3172	Process not Found	102
PID 3172 wrote to memory of 4248	3172	Process not Found	102
PID 3172 wrote to memory of 1480	3172	Process not Found	103
PID 3172 wrote to memory of 1480	3172	Process not Found	103
PID 3172 wrote to memory of 1480	3172	Process not Found	103
PID 3172 wrote to memory of 4084	3172	Process not Found	105
PID 3172 wrote to memory of 4084	3172	Process not Found	105
PID 3172 wrote to memory of 4084	3172	Process not Found	105
PID 3172 wrote to memory of 4084	3172	Process not Found	105
PID 3172 wrote to memory of 2912	3172	Process not Found	106
PID 3172 wrote to memory of 2912	3172	Process not Found	106
PID 3172 wrote to memory of 2912	3172	Process not Found	106
PID 3172 wrote to memory of 2912	3172	Process not Found	106
PID 3172 wrote to memory of 4752	3172	Process not Found	107
PID 3172 wrote to memory of 4752	3172	Process not Found	107
PID 3172 wrote to memory of 4752	3172	Process not Found	107
PID 3172 wrote to memory of 4752	3172	Process not Found	107
PID 3172 wrote to memory of 3148	3172	Process not Found	109
PID 3172 wrote to memory of 3148	3172	Process not Found	109
PID 3172 wrote to memory of 3148	3172	Process not Found	109
PID 3172 wrote to memory of 3864	3172	Process not Found	110
PID 3172 wrote to memory of 3864	3172	Process not Found	110
PID 3172 wrote to memory of 3864	3172	Process not Found	110
PID 3172 wrote to memory of 3864	3172	Process not Found	110
PID 2580 wrote to memory of 2144	2580	DA04.exe	108
PID 2580 wrote to memory of 2144	2580	DA04.exe	108
PID 2580 wrote to memory of 2144	2580	DA04.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
"C:\Users\Admin\AppData\Local\Temp\a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:412

C:\Users\Admin\AppData\Local\Temp\DA04.exe
C:\Users\Admin\AppData\Local\Temp\DA04.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
  C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
  2⤵
  - Executes dropped EXE
  PID:2144

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:5016

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:4344

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4248

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:1480

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4084

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:2912

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4752

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:3148

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:3864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DA04.exe

Filesize
1.9MB

MD5
b109489b8bb8ca8d3c5381dd2969ddaf

SHA1
d9579ddc7520d109cb04eb79e47effafb842134a

SHA256
379b9ee5c7de68fe8174c3f6668b2629ef40df26dfbb472deee14dbb79cc8fa9

SHA512
f967b83e22831b814f8ac92c5438af1c47b34321feda3b779ab65e70d8e8192ece86e4482d870b6fb37734fa689f10652ff57ab71388988f71a15290772557ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\DA04.exe

Filesize
1.9MB

MD5
b109489b8bb8ca8d3c5381dd2969ddaf

SHA1
d9579ddc7520d109cb04eb79e47effafb842134a

SHA256
379b9ee5c7de68fe8174c3f6668b2629ef40df26dfbb472deee14dbb79cc8fa9

SHA512
f967b83e22831b814f8ac92c5438af1c47b34321feda3b779ab65e70d8e8192ece86e4482d870b6fb37734fa689f10652ff57ab71388988f71a15290772557ac

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
234.5MB

MD5
003f8953af9f19437f4c3e5c3cff40e2

SHA1
875dd0c8090d6c3f3a7905a25e8f3449af8a6e50

SHA256
4875f43b385ef0e39dad8b025694565887f58df61f8d550b0a6040fbec92a2ee

SHA512
2ed64d592e0a1dec32bd69f6d1310c0eab1725ea8315245053b55f79ff5a7cc3bd0b78efc81a52a5d68352c91c0a5b332e632506184d7b233a4d74778cb56103

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
270.2MB

MD5
d38872b59fc1b3a28ff497936cfbff83

SHA1
7ab4b7b9f32487e53d420f2cd5e7cc0728837012

SHA256
ea14926d1bd42e01108a1a2004079fb916daebeaff35be08c8bd45d818fd9be3

SHA512
4cf2340934f8072b6c484e1dc860f7bc39d8359ce98e87e8db8ad199132aa2ccba9461c2ff56dcd33c874763877fb2688ec22a6918a04aecab4c0fac81ac884c

Download Submit
memory/412-136-0x0000000000400000-0x0000000002C42000-memory.dmp

Filesize
40.3MB

Download
memory/412-134-0x00000000001F0000-0x00000000001F9000-memory.dmp

Filesize
36KB

Download
memory/1480-202-0x0000000000980000-0x000000000098C000-memory.dmp

Filesize
48KB

Download
memory/1480-201-0x0000000000980000-0x000000000098C000-memory.dmp

Filesize
48KB

Download
memory/2144-226-0x0000000000400000-0x0000000001CE6000-memory.dmp

Filesize
24.9MB

Download
memory/2144-229-0x0000000000400000-0x0000000001CE6000-memory.dmp

Filesize
24.9MB

Download
memory/2144-231-0x0000000000400000-0x0000000001CE6000-memory.dmp

Filesize
24.9MB

Download
memory/2144-233-0x0000000000400000-0x0000000001CE6000-memory.dmp

Filesize
24.9MB

Download
memory/2580-217-0x0000000000400000-0x0000000001CE6000-memory.dmp

Filesize
24.9MB

Download
memory/2580-228-0x0000000000400000-0x0000000001CE6000-memory.dmp

Filesize
24.9MB

Download
memory/2580-192-0x0000000003C20000-0x0000000003FF0000-memory.dmp

Filesize
3.8MB

Download
memory/2912-206-0x0000000000E10000-0x0000000000E19000-memory.dmp

Filesize
36KB

Download
memory/2912-207-0x0000000001000000-0x0000000001027000-memory.dmp

Filesize
156KB

Download
memory/2912-208-0x0000000000E10000-0x0000000000E19000-memory.dmp

Filesize
36KB

Download
memory/3148-213-0x0000000000900000-0x000000000090D000-memory.dmp

Filesize
52KB

Download
memory/3148-214-0x0000000000F50000-0x0000000000F5B000-memory.dmp

Filesize
44KB

Download
memory/3148-215-0x0000000000900000-0x000000000090D000-memory.dmp

Filesize
52KB

Download
memory/3172-165-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-144-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-160-0x0000000002660000-0x0000000002662000-memory.dmp

Filesize
8KB

Download
memory/3172-166-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-167-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-168-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-169-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-170-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-171-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-172-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-173-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-174-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-175-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-176-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-177-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-178-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-180-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-179-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-181-0x0000000000800000-0x0000000000809000-memory.dmp

Filesize
36KB

Download
memory/3172-183-0x0000000000800000-0x0000000000809000-memory.dmp

Filesize
36KB

Download
memory/3172-182-0x0000000000800000-0x0000000000809000-memory.dmp

Filesize
36KB

Download
memory/3172-184-0x0000000000800000-0x0000000000809000-memory.dmp

Filesize
36KB

Download
memory/3172-156-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/3172-155-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-252-0x00000000026A0000-0x00000000026AA000-memory.dmp

Filesize
40KB

Download
memory/3172-154-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-243-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-244-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-245-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-242-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-241-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-239-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-240-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-238-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-153-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-152-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-237-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-236-0x0000000002690000-0x00000000026A0000-memory.dmp

Filesize
64KB

Download
memory/3172-235-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-149-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-150-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-151-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-135-0x0000000002630000-0x0000000002646000-memory.dmp

Filesize
88KB

Download
memory/3172-139-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-140-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-146-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-147-0x0000000002660000-0x0000000002662000-memory.dmp

Filesize
8KB

Download
memory/3172-148-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-141-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-145-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-142-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3172-161-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/3172-143-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/3864-218-0x0000000000900000-0x000000000090D000-memory.dmp

Filesize
52KB

Download
memory/3864-216-0x0000000000F70000-0x0000000000F7B000-memory.dmp

Filesize
44KB

Download
memory/3864-219-0x0000000000F70000-0x0000000000F7B000-memory.dmp

Filesize
44KB

Download
memory/4084-204-0x0000000000980000-0x000000000098C000-memory.dmp

Filesize
48KB

Download
memory/4084-205-0x0000000001000000-0x0000000001027000-memory.dmp

Filesize
156KB

Download
memory/4084-203-0x0000000001000000-0x0000000001027000-memory.dmp

Filesize
156KB

Download
memory/4248-198-0x00000000010B0000-0x00000000010B9000-memory.dmp

Filesize
36KB

Download
memory/4248-199-0x0000000000600000-0x000000000060F000-memory.dmp

Filesize
60KB

Download
memory/4248-200-0x00000000010B0000-0x00000000010B9000-memory.dmp

Filesize
36KB

Download
memory/4344-196-0x0000000000B90000-0x0000000000B9B000-memory.dmp

Filesize
44KB

Download
memory/4344-221-0x0000000000B90000-0x0000000000B9B000-memory.dmp

Filesize
44KB

Download
memory/4344-197-0x0000000000600000-0x000000000060F000-memory.dmp

Filesize
60KB

Download
memory/4344-195-0x0000000000600000-0x000000000060F000-memory.dmp

Filesize
60KB

Download
memory/4752-210-0x0000000000F50000-0x0000000000F5B000-memory.dmp

Filesize
44KB

Download
memory/4752-212-0x0000000000F50000-0x0000000000F5B000-memory.dmp

Filesize
44KB

Download
memory/4752-211-0x0000000000E10000-0x0000000000E19000-memory.dmp

Filesize
36KB

Download
memory/4752-227-0x0000000000E10000-0x0000000000E19000-memory.dmp

Filesize
36KB

Download
memory/5016-220-0x0000000003C20000-0x0000000003FF0000-memory.dmp

Filesize
3.8MB

Download
memory/5016-194-0x0000000000B90000-0x0000000000B9B000-memory.dmp

Filesize
44KB

Download
memory/5016-193-0x0000000003C20000-0x0000000003FF0000-memory.dmp

Filesize
3.8MB

Download
memory/5016-191-0x0000000000B90000-0x0000000000B9B000-memory.dmp

Filesize
44KB

Download