Overview

overview

9

Static

static

7

Swift.exe

windows7-x64

7

Swift.exe

windows10-2004-x64

9

Resubmissions

28/03/2025, 23:17

250328-29x9yavqv9 9

28/03/2025, 23:15

250328-28pw6stvc1 9

Analysis

  • max time kernel
    2s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Swift.exe

  • Size

    20.1MB

  • MD5

    532e28bfd55208ef66d609a48a65cf91

  • SHA1

    5da3a7f1a437cae4109b4c052b7de697bc58a674

  • SHA256

    3b19486b4e14b206ec8ab2602ec6a430f9fce7ef40247b1e1f4c6f004ee468b4

  • SHA512

    10c57c4bd1c18242405bb7ac89361121b6169f3444122dbef246e4605b0f793f205a9fb36f5a8d820e9c8617bddb9df65b9590acbaada19a89ac7a064a23a0f1

  • SSDEEP

    393216:V8JNpovBLKnLuJxQBqYuIavH5Cmq+Je5tmCTtu32syZ1k3hqdE7w:VMpWNW0mBqfvH5SZtlTtuGZgxqdcw

Score
9/10
defense_evasiondiscoveryexecutionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Run Powershell and hide display window.

    execution
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 8 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Swift.exe
    "C:\Users\Admin\AppData\Local\Temp\Swift.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\AppData\Local\Temp\Scripts.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\Scripts'; $Shortcut.Save()"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5968
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\AppData\Local\Temp\Workspace.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\Workspace'; $Shortcut.Save()"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      PID:4592
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\AppData\Local\Temp\AutoExec.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\AutoExec'; $Shortcut.Save()"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      PID:544
    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=212.3080.9859205446935865971
      2⤵
        PID:5624
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\swift\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x164,0x168,0x16c,0x140,0x11c,0x7ffe3d05b078,0x7ffe3d05b084,0x7ffe3d05b090
          3⤵
            PID:5948
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1696,i,18191053928201364336,12720157497453170482,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1724 /prefetch:2
            3⤵
              PID:3408
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1856,i,18191053928201364336,12720157497453170482,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3
              3⤵
                PID:5832
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2080,i,18191053928201364336,12720157497453170482,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:8
                3⤵
                  PID:3532
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3576,i,18191053928201364336,12720157497453170482,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
                  3⤵
                    PID:1588

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                Filesize

                2KB

                MD5

                2f57fde6b33e89a63cf0dfdd6e60a351

                SHA1

                445bf1b07223a04f8a159581a3d37d630273010f

                SHA256

                3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

                SHA512

                42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                Filesize

                1KB

                MD5

                98d8c25ee931d96220e4c93989929852

                SHA1

                1847d7e95c75ca9c14cc3ce26c13427ea266fc3c

                SHA256

                cb5fd606446a421468f21e07284fd9be37464f5c4567737a6761445b2f5ceb80

                SHA512

                6e5f358d2cb252239d70ebde0d6a1a63dd3102bc688e54e591bda219891e24a7a8199b7d84370e3b8989c5dec425c2fb4f47e6761a7bbec2bddc8581a0fee672

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                Filesize

                1KB

                MD5

                7a1f0d0db36ab3fcbbe05e522a7ab450

                SHA1

                576b9f9cf4e63dd0f3280e4ec6a909611687724c

                SHA256

                d02812fdeff4292aea86229d6a804e9dbe80740445b55d6f5926ede61a660382

                SHA512

                43115da3f255e8a899526d9f3d95c008b7bd3875a48e0110e3bae68f56ee01996403a503fba611f3f8f009f42624f0cd2dae8300abb7181a3a1073c29dea2f56

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Swift-Module.dll
                Filesize

                10.3MB

                MD5

                de0917b4b898c12bf51385f44d8ab1d1

                SHA1

                f9677e604c63fe6c810a8c64d533a54d6a4297ee

                SHA256

                7d1107c0874854f126adbb484ccd05ed74614635f799043c5d35af79a58ae628

                SHA512

                2f5d3b3d74a9f9afe2adc984701455fbf4abb1d30ad11e3dc24d4f147287633d91dc21f428936f895ecccab5fc86e48191086c7f466eec73988ac60de8235753

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cxphqnh3.pik.ps1
                Filesize

                60B

                MD5

                d17fe0a3f47be24a6453e9ef58c94641

                SHA1

                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                SHA256

                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                SHA512

                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\settings.dat
                Filesize

                280B

                MD5

                65b79aa528d1937e4f03571bc084409d

                SHA1

                16ef11e63e2188965d53b5fd427cd386668ea71f

                SHA256

                c0b083a5e367198e0ec3ad7eb9abcf6ace75070fbceea5fe4a0976bdbadb88a1

                SHA512

                f511b4325fc5ec8237ebeff29c53d0e22a858df25ca0a953a254beb5fb70ba32c842475f8ac729786460150aed81ec41aa72abd43c941bd2b93db7bdb5bf8133

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\settings.dat
                Filesize

                280B

                MD5

                d825665e9e9084982b2a53b2e6fe21cf

                SHA1

                ba1b2063bed99697e55d313d8d969bb13ab2493f

                SHA256

                445f4cd30cd882e6f7009da321ccb00ca7eee0152af9a1286c69fc1155ada897

                SHA512

                1cb3c7c2a9b079331a50301300d08a904fe9d6f01336113f417395e84490c270c11effb19385953df7d8c037f68cf2da3061667aa8bbdb508eafe65931b8a3fb

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\throttle_store.dat
                Filesize

                20B

                MD5

                9e4e94633b73f4a7680240a0ffd6cd2c

                SHA1

                e68e02453ce22736169a56fdb59043d33668368f

                SHA256

                41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                SHA512

                193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_0
                Filesize

                8KB

                MD5

                cf89d16bb9107c631daabf0c0ee58efb

                SHA1

                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                SHA256

                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                SHA512

                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_1
                Filesize

                264KB

                MD5

                d0d388f3865d0523e451d6ba0be34cc4

                SHA1

                8571c6a52aacc2747c048e3419e5657b74612995

                SHA256

                902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                SHA512

                376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_2
                Filesize

                8KB

                MD5

                0962291d6d367570bee5454721c17e11

                SHA1

                59d10a893ef321a706a9255176761366115bedcb

                SHA256

                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                SHA512

                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_3
                Filesize

                8KB

                MD5

                41876349cb12d6db992f1309f22df3f0

                SHA1

                5cf26b3420fc0302cd0a71e8d029739b8765be27

                SHA256

                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                SHA512

                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Extension Rules\MANIFEST-000001
                Filesize

                41B

                MD5

                5af87dfd673ba2115e2fcf5cfdb727ab

                SHA1

                d5b5bbf396dc291274584ef71f444f420b6056f1

                SHA256

                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                SHA512

                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\SCT Auditing Pending Reports
                Filesize

                2B

                MD5

                d751713988987e9331980363e24189ce

                SHA1

                97d170e1550eee4afc0af065b78cda302a97674c

                SHA256

                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                SHA512

                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Sync Data\LevelDB\CURRENT
                Filesize

                16B

                MD5

                46295cac801e5d4857d09837238a6394

                SHA1

                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                SHA256

                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                SHA512

                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Local State
                Filesize

                1KB

                MD5

                f9018446abfa9169b246614b4cb4a31e

                SHA1

                2108a1ee63f500a50ac2b0368e7955f072cedd7a

                SHA256

                04c040eb0ec20c6127997134330fec9045d846eb077eb4b761a52e79c6792f09

                SHA512

                d0384d9d2aa321561672a9a4096fe4fd49f14c1ae8b7e6452414ded5f3f7fadf068d1e1e081c7006f247c31eaecb3fc8ef16532edc5151a0199c7fb111fe2daf

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Local State
                Filesize

                2KB

                MD5

                faf7d9ed55c373735d6348e21582694d

                SHA1

                9a9316d67935c73cdd24cf6ad312453c066685d5

                SHA256

                322b3c9f74e67b28f9aa1a020e4fa6587df3b7bc41b23d5cb706a256c24cc5c1

                SHA512

                59e8829a296056815eb686ea2e8af15bb6a5ee8084a3bc90f926cb7147a3a6db3b74e00725df19eb672fd52a8204d8e2eac68bd01598f50c00706899fc1f4d02

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Local State
                Filesize

                3KB

                MD5

                1af8ca3ab91c3005793b8b3a582059c9

                SHA1

                5db2b7176821d9552d971d9e212893dbf1800c06

                SHA256

                a456d6490aae7a9356eabf3eedc4544b8247460956a39b67a6bfdad6e77e458d

                SHA512

                93581b275d831ad5a34aa4fce14d2fb239d614de44962767375d2d3f18d7c685feb8e5b601f932923d28c6c1be46ce838f827282a1b10c988a87b4a4e5e54f0e

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Local State
                Filesize

                16KB

                MD5

                d9a18c18de2b89318d338fedc1df33c7

                SHA1

                a8137340ef7248131c15a660445630434d24f758

                SHA256

                9f2799ca64cbb0961682742252a4af2f228a417f3019fc5fcd162ddc29c676a6

                SHA512

                c8a9b3182405fd47d0fb25aefb228b12a85723b4be0b2c88075dcf5ef856e183b8fda23b5448e1c109e3087998496708fa9c1e714b68d6b0394dd0d8a0507145

                Download Submit

              • C:\Users\Admin\AppData\Local\swift\EBWebView\Local State~RFe5790b7.TMP
                Filesize

                1KB

                MD5

                0c765911cedf839f5f16901af32d7f63

                SHA1

                aec2251919a42fe27978fb241d3bef76ef8de270

                SHA256

                d8a45d945d13b1d100aab877403b34bdb01ba1ea8b40847c6f7670ad36800372

                SHA512

                1a54576e194040be32789b7b07858aa7bf051a6df645275da9265ab33819139eec258c9c96b1b303f9f724f1fdec59d4ce2c5c945e6c2f901eab86bcc579e750

                Download Submit

              • memory/212-3-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-228-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-270-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-1-0x00007FFE5B770000-0x00007FFE5B772000-memory.dmp

                Filesize

                8KB

                Download

              • memory/212-0-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-245-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-2-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-4-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/212-5-0x0000000140000000-0x00000001437AD000-memory.dmp

                Filesize

                55.7MB

                Download

              • memory/1588-173-0x00007FFE59F70000-0x00007FFE59F71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3408-74-0x00007FFE59F70000-0x00007FFE59F71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3532-127-0x00007FFE5B410000-0x00007FFE5B411000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3532-128-0x00007FFE5ACD0000-0x00007FFE5ACD1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5968-6-0x00007FFE5B6D0000-0x00007FFE5B8C5000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/5968-22-0x00007FFE5B6D0000-0x00007FFE5B8C5000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/5968-16-0x0000022672950000-0x0000022672972000-memory.dmp

                Filesize

                136KB

                Download

              • memory/5968-18-0x00007FFE5B6D0000-0x00007FFE5B8C5000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/5968-17-0x00007FFE5B6D0000-0x00007FFE5B8C5000-memory.dmp

                Filesize

                2.0MB

                Download