agenttesla | 53eeff9f4fa0473d90cf4abe978ff60d5898d2527924a593ef877303cab88a5b

Analysis

max time kernel
47s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Byte Guard Free.exe
Size

2.4MB
MD5

32eee970bec927fd068197918edac5a4
SHA1

8aa4820931aa228856f12fc516f886dab4d12e28
SHA256

53eeff9f4fa0473d90cf4abe978ff60d5898d2527924a593ef877303cab88a5b
SHA512

d47d2fbc9d4b9a47d0b5b1076aaa89b20ba72a9625e9fcfd57f000bc14abc11aff60123667bbb6998fa5bdff65b7207f410cc6008207fc2362db1d99c80afbe8
SSDEEP

49152:3Ls8e8SkGMITYbNbNWo4kSH3OqtwI2MrBm6w30IfRaRf:3PecGMIT4bNJFY3OqtxdmDDJef

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral2/memory/4060-6-0x0000000006CE0000-0x0000000006EF4000-memory.dmp	family_agenttesla

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
38	discord.com
39	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ipinfo.io
4	ipinfo.io

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Byte Guard Free.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Byte Guard Free.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Byte Guard Free.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Byte Guard Free.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{856AF250-3CD9-4958-BE7C-F9D8B7AE4D98}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe
4060	Byte Guard Free.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4060	Byte Guard Free.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3724	4060	Byte Guard Free.exe	89
PID 4060 wrote to memory of 3724	4060	Byte Guard Free.exe	89
PID 3724 wrote to memory of 4816	3724	msedge.exe	90
PID 3724 wrote to memory of 4816	3724	msedge.exe	90
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 5060	3724	msedge.exe	91
PID 3724 wrote to memory of 1516	3724	msedge.exe	92
PID 3724 wrote to memory of 1516	3724	msedge.exe	92
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93
PID 3724 wrote to memory of 3512	3724	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\Byte Guard Free.exe
"C:\Users\Admin\AppData\Local\Temp\Byte Guard Free.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/g3pH5NZESD
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa84546f8,0x7ffaa8454708,0x7ffaa8454718
    3⤵
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:2880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:8
    3⤵
    PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,13231907814718313930,1515931166184156958,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3512 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c8b45fe9dde18f4679b9b92c949e0ab3

SHA1
b71f626103a1295bff56c21ae0739d24e501dffe

SHA256
f00945da3f772b0e7cc72b5441395398a2cbbd50fcc03a0d154331a17720fcf6

SHA512
85aea56e3b8382f3adce990aebc00846beb58961c5b74a63adca9f3d32f8bd88e761ed769b0500dc3f4782a5d19954d259d9b15fa23bd47bec9ee90a2d3b7d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b12c31e61dbf886bbaee6e3b4289bbd8

SHA1
0104cc3c1b38edbadefd43f2fdedd1a885c229dd

SHA256
ac08d342cd36aa4b341700dbe3629ba7e133c9034fa62d2c043ee3119a6ab58a

SHA512
4172194e56806832a910636f2b5cf216450665c34765db53633ec81f501f8cfdbb040b64d145fa1829357fd45048a9219f3aba8d3353d7b62c880f3123254a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6228e634290d50e9bf49f24e002f3b36

SHA1
5f1480815aaae5d49741628248dd70a8e190494a

SHA256
4c6ec7f9643a287d1029c92f24ffab9b45b85a5176e27941ebe8d3af24d869ca

SHA512
d95edbc70bc65232e6439197455f94a86c810a0778ba8ae70c2376767674e7920fe0b05cdb24dcea8bef29aa46391565040daba74d2b34a7ff1fb9a0b9fd7ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f81a798240e3837e05a77589f4ab8c80

SHA1
f397aacd74cd3335ce5aef84d61baa87df342146

SHA256
945174458b404900ed025d0f210e0245febf7a3c56f88979f0a1e0560e757ab1

SHA512
a5835155a8589ea93402a906e832ad5e6e5e94853b988a47c1f191c6f7e28d64f872c34abbcba251dd99e5fb95252f2fb9824a20adf74cebf1d5b54373c4a648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58392c.TMP

Filesize
370B

MD5
11a0f3d0ced7d2a6c03b84963226cf17

SHA1
c01ae0437e4ac29e1161da23d265571893e4bbd0

SHA256
124e991d0d7890e022b1dff536db1cd8e3224af006aeedcfd4241c2696dd0dff

SHA512
b75993a9c53f3263643f334142c29225a5fd8dff3446c175db908c1b5ee46b207b520cf538705c39c12fd9b24794947eaa8c2f6708d13f3f5abd462e5a349caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0094dcb14d3180980e114e241d85bcf

SHA1
fb3faca47c40c90dc458d667ec1a73b9b41842e8

SHA256
181f9670f08e92b6a94e9187a37e0432aec0e2cda06dc60e9b4917c78cdb25d7

SHA512
e3624b20f196188da883e91b73aa091687f456b982cf64e02f9979620f15e61b025293f6a2161eeacc5ff86fe40cef8fa6fad9a9e35729b878cf70aacae6a8f7

Download Submit
memory/4060-36-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4060-4-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4060-11-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4060-7-0x0000000006F50000-0x0000000006F5A000-memory.dmp

Filesize
40KB

Download
memory/4060-9-0x0000000007E20000-0x0000000007E5C000-memory.dmp

Filesize
240KB

Download
memory/4060-6-0x0000000006CE0000-0x0000000006EF4000-memory.dmp

Filesize
2.1MB

Download
memory/4060-10-0x00000000752CE000-0x00000000752CF000-memory.dmp

Filesize
4KB

Download
memory/4060-47-0x000000000A740000-0x000000000A7A6000-memory.dmp

Filesize
408KB

Download
memory/4060-5-0x0000000005F90000-0x0000000005FA2000-memory.dmp

Filesize
72KB

Download
memory/4060-0-0x00000000752CE000-0x00000000752CF000-memory.dmp

Filesize
4KB

Download
memory/4060-8-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4060-70-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/4060-3-0x0000000005730000-0x00000000057C2000-memory.dmp

Filesize
584KB

Download
memory/4060-2-0x0000000005FC0000-0x0000000006564000-memory.dmp

Filesize
5.6MB

Download
memory/4060-1-0x0000000000AD0000-0x0000000000D48000-memory.dmp

Filesize
2.5MB

Download