laplas | 5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d

Analysis

max time kernel
72s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
16-07-2023 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
Size

305KB
MD5

41c7d182b3ff074793b68e9828a926e5
SHA1

dcf183a8d3d47996cd741885a85521ac7dbfe41d
SHA256

5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d
SHA512

9cafcd78fda25cea57b4229d1f16d5c07540fdfc9e806a72bdf193ff4c26af8273a129d49b45d4d67fe056377f08df96648341d4b41c120940f58cfd1d69597a
SSDEEP

3072:PULbBAGsenpSOQJuz6xWneL4TN/QgaF5LeREa+Iu5CTwlgZDGW:MLb2Gs8DQOXnZTOgabe3FZTFG

Score

10^/10

laplas lumma redline smokeloader cc summ backdoor clipper discovery infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

summ

Extracted

Family

smokeloader

Version

2022

http://stalagmijesarl.com/

http://ukdantist-sarl.com/

http://cpcorprotationltd.com/

rc4.i32

Extracted

Family

redline

Botnet

94.228.169.160:43800

Attributes

auth_value
ec4d19a9dd758ace38b4f5b4a447b048

Extracted

Family

laplas

http://clipper.guru

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Extracted

Family

lumma

gstatic-node.io

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 24 IoCs

resource	yara_rule
behavioral1/memory/2480-214-0x0000000002750000-0x000000000279A000-memory.dmp	family_redline
behavioral1/memory/2480-220-0x0000000005070000-0x00000000050B6000-memory.dmp	family_redline
behavioral1/memory/2480-223-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-224-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-226-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-228-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-230-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-232-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-234-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-236-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-238-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-240-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-242-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-247-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-245-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-249-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-253-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-251-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-255-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-257-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-259-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-261-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-263-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline
behavioral1/memory/2480-266-0x0000000005070000-0x00000000050B2000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Downloads MZ/PE file

Deletes itself 1 IoCs

pid	Process
3256	Process not Found

Executes dropped EXE 5 IoCs

pid	Process
2948	5EB5.exe
2480	632B.exe
4108	6EB5.exe
2916	7703.exe
4156	ntlhost.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000\Software\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe"	5EB5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4108 set thread context of 2284	4108	6EB5.exe	74

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4828	4108	WerFault.exe	72

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4768	5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
4768	5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3256	Process not Found

Suspicious behavior: MapViewOfSection 19 IoCs

pid	Process
4768	5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found
3256	Process not Found

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeShutdownPrivilege	3256	Process not Found
Token: SeCreatePagefilePrivilege	3256	Process not Found
Token: SeDebugPrivilege	2480	632B.exe

Suspicious use of WriteProcessMemory 53 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 2948	3256	Process not Found	70
PID 3256 wrote to memory of 2948	3256	Process not Found	70
PID 3256 wrote to memory of 2948	3256	Process not Found	70
PID 3256 wrote to memory of 2480	3256	Process not Found	71
PID 3256 wrote to memory of 2480	3256	Process not Found	71
PID 3256 wrote to memory of 2480	3256	Process not Found	71
PID 3256 wrote to memory of 4108	3256	Process not Found	72
PID 3256 wrote to memory of 4108	3256	Process not Found	72
PID 3256 wrote to memory of 4108	3256	Process not Found	72
PID 4108 wrote to memory of 2284	4108	6EB5.exe	74
PID 4108 wrote to memory of 2284	4108	6EB5.exe	74
PID 4108 wrote to memory of 2284	4108	6EB5.exe	74
PID 4108 wrote to memory of 2284	4108	6EB5.exe	74
PID 4108 wrote to memory of 2284	4108	6EB5.exe	74
PID 3256 wrote to memory of 2916	3256	Process not Found	77
PID 3256 wrote to memory of 2916	3256	Process not Found	77
PID 3256 wrote to memory of 2916	3256	Process not Found	77
PID 3256 wrote to memory of 5076	3256	Process not Found	78
PID 3256 wrote to memory of 5076	3256	Process not Found	78
PID 3256 wrote to memory of 5076	3256	Process not Found	78
PID 3256 wrote to memory of 5076	3256	Process not Found	78
PID 3256 wrote to memory of 2444	3256	Process not Found	79
PID 3256 wrote to memory of 2444	3256	Process not Found	79
PID 3256 wrote to memory of 2444	3256	Process not Found	79
PID 3256 wrote to memory of 948	3256	Process not Found	80
PID 3256 wrote to memory of 948	3256	Process not Found	80
PID 3256 wrote to memory of 948	3256	Process not Found	80
PID 3256 wrote to memory of 948	3256	Process not Found	80
PID 3256 wrote to memory of 3392	3256	Process not Found	81
PID 3256 wrote to memory of 3392	3256	Process not Found	81
PID 3256 wrote to memory of 3392	3256	Process not Found	81
PID 3256 wrote to memory of 4432	3256	Process not Found	82
PID 3256 wrote to memory of 4432	3256	Process not Found	82
PID 3256 wrote to memory of 4432	3256	Process not Found	82
PID 3256 wrote to memory of 4432	3256	Process not Found	82
PID 3256 wrote to memory of 64	3256	Process not Found	83
PID 3256 wrote to memory of 64	3256	Process not Found	83
PID 3256 wrote to memory of 64	3256	Process not Found	83
PID 3256 wrote to memory of 64	3256	Process not Found	83
PID 3256 wrote to memory of 4848	3256	Process not Found	84
PID 3256 wrote to memory of 4848	3256	Process not Found	84
PID 3256 wrote to memory of 4848	3256	Process not Found	84
PID 3256 wrote to memory of 4848	3256	Process not Found	84
PID 3256 wrote to memory of 2200	3256	Process not Found	85
PID 3256 wrote to memory of 2200	3256	Process not Found	85
PID 3256 wrote to memory of 2200	3256	Process not Found	85
PID 3256 wrote to memory of 4460	3256	Process not Found	86
PID 3256 wrote to memory of 4460	3256	Process not Found	86
PID 3256 wrote to memory of 4460	3256	Process not Found	86
PID 3256 wrote to memory of 4460	3256	Process not Found	86
PID 2948 wrote to memory of 4156	2948	5EB5.exe	87
PID 2948 wrote to memory of 4156	2948	5EB5.exe	87
PID 2948 wrote to memory of 4156	2948	5EB5.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe
"C:\Users\Admin\AppData\Local\Temp\5d095e8e36ba5d388a6fb11942b1640d9592a664a542afab08a94f38e4d95f3d.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4768

C:\Users\Admin\AppData\Local\Temp\5EB5.exe
C:\Users\Admin\AppData\Local\Temp\5EB5.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
  C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
  2⤵
  - Executes dropped EXE
  PID:4156

C:\Users\Admin\AppData\Local\Temp\632B.exe
C:\Users\Admin\AppData\Local\Temp\632B.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Users\Admin\AppData\Local\Temp\6EB5.exe
C:\Users\Admin\AppData\Local\Temp\6EB5.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 360
  2⤵
  - Program crash
  PID:4828

C:\Users\Admin\AppData\Local\Temp\7703.exe
C:\Users\Admin\AppData\Local\Temp\7703.exe
1⤵
- Executes dropped EXE
PID:2916

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:5076

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:2444

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:948

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:3392

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4432

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:64

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4848

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:2200

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5EB5.exe

Filesize
1.8MB

MD5
d5c139fe384e12358c394790b740a429

SHA1
835188fc822341f9226c13412e00f45d666b85f2

SHA256
da8b2ceff64640f1ab5c0acd225762994b9830d50a1db77f7da09ca6f4e33a2e

SHA512
08c7781bfe816ff698e2b7cde8bf4a7c5581a2c7c372d1dc51375af5625b9b4132b380c2a2bdbc028f3ad3a02574baf312d1249acb26abc4585a3bfecc670506

Download Submit
C:\Users\Admin\AppData\Local\Temp\5EB5.exe

Filesize
1.8MB

MD5
d5c139fe384e12358c394790b740a429

SHA1
835188fc822341f9226c13412e00f45d666b85f2

SHA256
da8b2ceff64640f1ab5c0acd225762994b9830d50a1db77f7da09ca6f4e33a2e

SHA512
08c7781bfe816ff698e2b7cde8bf4a7c5581a2c7c372d1dc51375af5625b9b4132b380c2a2bdbc028f3ad3a02574baf312d1249acb26abc4585a3bfecc670506

Download Submit
C:\Users\Admin\AppData\Local\Temp\632B.exe

Filesize
312KB

MD5
eabf49a55264bcc12f51bd2710718d3d

SHA1
f0e82807f27f2a96f925530bf7aabac46a4e7136

SHA256
ef23ae66bc212bf8e435bf806ff120db2470364f3b7362fe05f48b09df225eed

SHA512
6a232ec02136cafc35bfcc7168c4df591dd712c8f89f8f133154796c0754362f4911dc3220089757eef43247116fa1b115a15f0f1ba6f312e96df5e8f3bb89b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\632B.exe

Filesize
312KB

MD5
eabf49a55264bcc12f51bd2710718d3d

SHA1
f0e82807f27f2a96f925530bf7aabac46a4e7136

SHA256
ef23ae66bc212bf8e435bf806ff120db2470364f3b7362fe05f48b09df225eed

SHA512
6a232ec02136cafc35bfcc7168c4df591dd712c8f89f8f133154796c0754362f4911dc3220089757eef43247116fa1b115a15f0f1ba6f312e96df5e8f3bb89b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\6EB5.exe

Filesize
2.0MB

MD5
71ef5fd46955ea0abd7800e7c99cc8b3

SHA1
a9efdd480409e6b0a626ea6fd9efaf280b20bb75

SHA256
fe20091e32e612a1b5b7043895ddf7d0131a544a6f86d177218645241070f32d

SHA512
a5fb7bdb0df383295d35c7e7e73956e8f5061e9ec00e783fa36c8577234be3333bd8d26fd110de08b9809495587fb3f9b79742bd3fb178cf892c88c36a75e650

Download Submit
C:\Users\Admin\AppData\Local\Temp\6EB5.exe

Filesize
2.0MB

MD5
71ef5fd46955ea0abd7800e7c99cc8b3

SHA1
a9efdd480409e6b0a626ea6fd9efaf280b20bb75

SHA256
fe20091e32e612a1b5b7043895ddf7d0131a544a6f86d177218645241070f32d

SHA512
a5fb7bdb0df383295d35c7e7e73956e8f5061e9ec00e783fa36c8577234be3333bd8d26fd110de08b9809495587fb3f9b79742bd3fb178cf892c88c36a75e650

Download Submit
C:\Users\Admin\AppData\Local\Temp\7703.exe

Filesize
381KB

MD5
ab9327fce682d578e28456820e0d9baa

SHA1
48696ea54a5960a3f9bbbf96819a150ad93c33c1

SHA256
1915d244bae2707f6531ea7ffc0fb7708f7cafcf2aa354223ea8112064b18eaf

SHA512
dcfd05aeb32c42dd9b25c11e214fa7b9aac96c1bdb747ee71487bdce9f58cb6c691bb3266cd3f752b2abd83f9b17d297a767751bf14123dfc14820fb2cb6eaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7703.exe

Filesize
381KB

MD5
ab9327fce682d578e28456820e0d9baa

SHA1
48696ea54a5960a3f9bbbf96819a150ad93c33c1

SHA256
1915d244bae2707f6531ea7ffc0fb7708f7cafcf2aa354223ea8112064b18eaf

SHA512
dcfd05aeb32c42dd9b25c11e214fa7b9aac96c1bdb747ee71487bdce9f58cb6c691bb3266cd3f752b2abd83f9b17d297a767751bf14123dfc14820fb2cb6eaab

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
618.9MB

MD5
dde97e675c1af7baa8e891295da19a93

SHA1
136736020e680179aab0ebb946f9c77fba00c900

SHA256
2e9190d014494dc73c487a3a006315ab1936f7ddd124dfc44507dc7402cd64a8

SHA512
ff4e9dee1b830e5d08d617be650f7d1d8960084735ed4ea1817111d1c62d7fdecd759f0f6751fe8cbe6e31c803e3a645342f3fe78a6e9b2a4b2ec86855e4dff9

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
624.7MB

MD5
1a227c7ff52891d9aa757602c14677a8

SHA1
15c3b7d0200204e48728d888743e1301dbedb887

SHA256
52ec6fc4c7ecb618f7340f1a4959e4287d51a2bccf52dfc6e84172a2a100fdc0

SHA512
586ed6f173646488e059f724fb3caaff0eb9b6573ca2b6d0c1fd0a734918dd9a936deb4fa617a9adf3b8597b46d617efb0a88979b9598642c79a28cdda732fa0

Download Submit
memory/64-194-0x0000000003080000-0x0000000003089000-memory.dmp

Filesize
36KB

Download
memory/64-191-0x0000000003080000-0x0000000003089000-memory.dmp

Filesize
36KB

Download
memory/64-193-0x0000000002B30000-0x0000000002B57000-memory.dmp

Filesize
156KB

Download
memory/64-210-0x0000000002B30000-0x0000000002B57000-memory.dmp

Filesize
156KB

Download
memory/948-200-0x00000000025C0000-0x00000000025C5000-memory.dmp

Filesize
20KB

Download
memory/948-181-0x00000000025C0000-0x00000000025C5000-memory.dmp

Filesize
20KB

Download
memory/948-182-0x00000000025B0000-0x00000000025B9000-memory.dmp

Filesize
36KB

Download
memory/948-180-0x00000000025B0000-0x00000000025B9000-memory.dmp

Filesize
36KB

Download
memory/2200-201-0x0000000002EE0000-0x0000000002EEB000-memory.dmp

Filesize
44KB

Download
memory/2200-202-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/2200-219-0x0000000002EE0000-0x0000000002EEB000-memory.dmp

Filesize
44KB

Download
memory/2200-199-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/2284-163-0x000000000F240000-0x000000000F846000-memory.dmp

Filesize
6.0MB

Download
memory/2284-157-0x00000000070C0000-0x00000000070C6000-memory.dmp

Filesize
24KB

Download
memory/2284-168-0x000000000ECE0000-0x000000000ED1E000-memory.dmp

Filesize
248KB

Download
memory/2284-170-0x000000000EE60000-0x000000000EEAB000-memory.dmp

Filesize
300KB

Download
memory/2284-166-0x00000000097A0000-0x00000000097B0000-memory.dmp

Filesize
64KB

Download
memory/2284-186-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2284-147-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2284-156-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2284-165-0x000000000EC80000-0x000000000EC92000-memory.dmp

Filesize
72KB

Download
memory/2284-164-0x000000000ED50000-0x000000000EE5A000-memory.dmp

Filesize
1.0MB

Download
memory/2284-190-0x00000000097A0000-0x00000000097B0000-memory.dmp

Filesize
64KB

Download
memory/2444-196-0x0000000000E80000-0x0000000000E89000-memory.dmp

Filesize
36KB

Download
memory/2444-179-0x0000000000BF0000-0x0000000000BFF000-memory.dmp

Filesize
60KB

Download
memory/2444-177-0x0000000000E80000-0x0000000000E89000-memory.dmp

Filesize
36KB

Download
memory/2444-176-0x0000000000BF0000-0x0000000000BFF000-memory.dmp

Filesize
60KB

Download
memory/2480-238-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-259-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-1315-0x0000000007630000-0x0000000007636000-memory.dmp

Filesize
24KB

Download
memory/2480-1040-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/2480-1042-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/2480-859-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2480-856-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/2480-854-0x00000000008F0000-0x00000000009F0000-memory.dmp

Filesize
1024KB

Download
memory/2480-266-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-263-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-261-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-257-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-255-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-251-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-253-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-249-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-245-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-247-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-242-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-240-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-236-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-234-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-232-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-230-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-228-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-212-0x00000000008F0000-0x00000000009F0000-memory.dmp

Filesize
1024KB

Download
memory/2480-213-0x0000000000700000-0x000000000074A000-memory.dmp

Filesize
296KB

Download
memory/2480-215-0x0000000000400000-0x00000000005CB000-memory.dmp

Filesize
1.8MB

Download
memory/2480-216-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/2480-214-0x0000000002750000-0x000000000279A000-memory.dmp

Filesize
296KB

Download
memory/2480-218-0x0000000004B70000-0x000000000506E000-memory.dmp

Filesize
5.0MB

Download
memory/2480-226-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-220-0x0000000005070000-0x00000000050B6000-memory.dmp

Filesize
280KB

Download
memory/2480-222-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/2480-221-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/2480-217-0x0000000073550000-0x0000000073C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2480-223-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2480-224-0x0000000005070000-0x00000000050B2000-memory.dmp

Filesize
264KB

Download
memory/2916-304-0x00000000008B0000-0x00000000009B0000-memory.dmp

Filesize
1024KB

Download
memory/2916-307-0x0000000000830000-0x0000000000885000-memory.dmp

Filesize
340KB

Download
memory/2916-309-0x0000000000400000-0x00000000005DD000-memory.dmp

Filesize
1.9MB

Download
memory/2948-550-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/2948-211-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/2948-209-0x00000000025F0000-0x00000000029C0000-memory.dmp

Filesize
3.8MB

Download
memory/2948-208-0x0000000002430000-0x00000000025E1000-memory.dmp

Filesize
1.7MB

Download
memory/2948-303-0x0000000002430000-0x00000000025E1000-memory.dmp

Filesize
1.7MB

Download
memory/2948-243-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/3256-122-0x00000000012F0000-0x0000000001306000-memory.dmp

Filesize
88KB

Download
memory/3392-185-0x00000000010E0000-0x00000000010EC000-memory.dmp

Filesize
48KB

Download
memory/3392-184-0x00000000025B0000-0x00000000025B9000-memory.dmp

Filesize
36KB

Download
memory/3392-183-0x00000000010E0000-0x00000000010EC000-memory.dmp

Filesize
48KB

Download
memory/3392-204-0x00000000025B0000-0x00000000025B9000-memory.dmp

Filesize
36KB

Download
memory/4108-148-0x0000000000940000-0x0000000000B46000-memory.dmp

Filesize
2.0MB

Download
memory/4432-187-0x0000000002B30000-0x0000000002B57000-memory.dmp

Filesize
156KB

Download
memory/4432-189-0x0000000002B30000-0x0000000002B57000-memory.dmp

Filesize
156KB

Download
memory/4432-188-0x0000000002B60000-0x0000000002B82000-memory.dmp

Filesize
136KB

Download
memory/4432-207-0x0000000002B60000-0x0000000002B82000-memory.dmp

Filesize
136KB

Download
memory/4460-205-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/4460-206-0x0000000002F10000-0x0000000002F1B000-memory.dmp

Filesize
44KB

Download
memory/4460-267-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/4460-203-0x0000000002F10000-0x0000000002F1B000-memory.dmp

Filesize
44KB

Download
memory/4768-119-0x0000000000400000-0x00000000005CA000-memory.dmp

Filesize
1.8MB

Download
memory/4768-120-0x0000000000630000-0x0000000000639000-memory.dmp

Filesize
36KB

Download
memory/4768-123-0x0000000000400000-0x00000000005CA000-memory.dmp

Filesize
1.8MB

Download
memory/4768-118-0x00000000006B0000-0x00000000007B0000-memory.dmp

Filesize
1024KB

Download
memory/4768-121-0x0000000000400000-0x00000000005CA000-memory.dmp

Filesize
1.8MB

Download
memory/4848-195-0x0000000002EE0000-0x0000000002EEB000-memory.dmp

Filesize
44KB

Download
memory/4848-197-0x0000000003080000-0x0000000003089000-memory.dmp

Filesize
36KB

Download
memory/4848-198-0x0000000002EE0000-0x0000000002EEB000-memory.dmp

Filesize
44KB

Download
memory/5076-169-0x00000000025F0000-0x00000000025FB000-memory.dmp

Filesize
44KB

Download
memory/5076-192-0x0000000002800000-0x0000000002807000-memory.dmp

Filesize
28KB

Download
memory/5076-171-0x0000000002800000-0x0000000002807000-memory.dmp

Filesize
28KB

Download
memory/5076-172-0x00000000025F0000-0x00000000025FB000-memory.dmp

Filesize
44KB

Download