redline | hxxp://cutt[.]ly/Ze1NkPw8

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cutt.ly/Ze1NkPw8

Score

10^/10

redline trafic222 discovery execution infostealer phishing spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Trafic222

52.90.131.119:1912

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0003000000000705-701.dat	family_redline
behavioral1/memory/4608-708-0x0000000000440000-0x0000000000492000-memory.dmp	family_redline

Redline family
redline

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
2260	powershell.exe
1992	powershell.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	Xeno.exe

Executes dropped EXE 3 IoCs

pid	Process
3012	Xeno.exe
4608	service.exe
4384	Xeno.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803116822567737"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
1992	powershell.exe
1992	powershell.exe
1992	powershell.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
4608	service.exe
2260	powershell.exe
2260	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeRestorePrivilege	3000	7zG.exe
Token: 35	3000	7zG.exe
Token: SeSecurityPrivilege	3000	7zG.exe
Token: SeSecurityPrivilege	3000	7zG.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
3000	7zG.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3012	Xeno.exe
4384	Xeno.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 4080	860	chrome.exe	83
PID 860 wrote to memory of 4080	860	chrome.exe	83
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 232	860	chrome.exe	84
PID 860 wrote to memory of 2188	860	chrome.exe	85
PID 860 wrote to memory of 2188	860	chrome.exe	85
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86
PID 860 wrote to memory of 844	860	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cutt.ly/Ze1NkPw8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd715cc40,0x7ffcd715cc4c,0x7ffcd715cc58
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1588,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2996,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4988,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5208,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4644,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4620,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5424,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3828 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5724,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5808,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5956,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5472,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=724 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5496,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4660,i,12420733271962406567,2380236414070204494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4900

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3644

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Xeno New\" -spe -an -ai#7zMap7204:78:7zEvent16059
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3000

C:\Users\Admin\Downloads\Xeno New\Xeno\Xeno.exe
"C:\Users\Admin\Downloads\Xeno New\Xeno\Xeno.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABjAGgAMgBnAGYAYQBsAHUAZQB5ADIAbABrAHgAZQBmAGwAbwBxAGcAcAAnAA==
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Users\Admin\AppData\Roaming\ch2gfaluey2lkxefloqgp\service.exe
  "C:\Users\Admin\AppData\Roaming\ch2gfaluey2lkxefloqgp\service.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4608

C:\Users\Admin\Downloads\Xeno New\Xeno\Xeno.exe
"C:\Users\Admin\Downloads\Xeno New\Xeno\Xeno.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4384
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXAAwAGoAaQB5AGkANQAxADEAegAwAGoAZwBzAHYAagBhAHMAcwB4AGsAbgAnAA==
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6adcd808d1a2a6f9ebac5f805cd220cf

SHA1
0f0e1fea371ce8cbc6cf270c6863f9dcd546e4e5

SHA256
3bed64a9bfe94bc32d7519e6ab1132f4bba27029407c0d710aea073b92b4eb26

SHA512
bb11c7df6fcd3f7a66c3a5c9445084e386e0db6579c5d2b4480f6381e8f41b945279e4c9b2753c134834e5c25663ad6368b3af41ca9a018d7713fd184cafc48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e05dba97c6c99526aeee1eeef67fe6ca

SHA1
8045fb55f5d3bf05ddd7a008cfda3d47706b4916

SHA256
3950587c4b2fb8764bf75f7faaac980ff225f14387d7598b6ac783037bc563b6

SHA512
d6955bbfc8e058a47f5b2c8b1f274275925560c4d6e4da5977ed7a30167bf1e2ef3f957aa83cf650e34526c08fa0e1180b3c353da81490804b4e0527344e78db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e1b0c523d37691a688bd11577e30edad

SHA1
ad9ff3476a52dbefd2993f9daa070b86d5217b61

SHA256
b91063b127ecff073578e5eb0769002fd210c0aea93e5e4c5978a8aa39cc0ede

SHA512
18e8b3efcbc50356b6fdfe55ca6829a97efb551fdebd6642d7faa638f7b9cd639256c99ff44959d8d5223ddf42d32938a35ad330bcc8fe1e793cdfc5e4367838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f9557ad2b6ab42af4c0c73c986925e0a

SHA1
331a1a88df2efa851b8863d36798a718a45e491c

SHA256
ec48da40c3638ee02dfd197ad4e5ff82d338efdb28d7fe0a96bd6b68812445f4

SHA512
212cf21d3afbf0f1275b43945fcf560d66f75e37407b21fa6aaa88e83ede8ac0a832e82f0b90be42f79ae9423fa924f5c3b76b900531e7d24eeed843d8b736b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e89d190694377bcaaa24eeff9dfa93bc

SHA1
1fd20759b92b515086a1aed1dccc1ba80649a672

SHA256
35e98662d444cc4de888fe33f9ecb1e0b59db8f60acc509111b39a6e829d05ac

SHA512
3777440df382fe451e5520ca75c51c848cab47b40cd6d08180f3ab73f428780562a662f108597b8c6d43bcd78f63f1a7d911811ef023f425d2fff554704390e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
40KB

MD5
5a0c0da87c2b14e45144d6c09da14c45

SHA1
253277ba9d1435b7ac25543824c58bb233f99619

SHA256
b0bcf40e18197f3b6918e231920ad1886e6da090d001d362805ef97879c6e867

SHA512
831a7acb8b08e246a99fb5bf874dd5c1896b38875e4fce168db8beb2de0c304188aa91934a1889df008524d5f1ca67f37bdcd5a8b8bab54c5fd83cb756d8b1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
a6354790f36a6606ba313bb0c992cbd7

SHA1
44dbef6c6375f2c60451488bae6dd2f44440ca6f

SHA256
70c4d244c42aef67db3fe23f7ffd66b6251202171db992b0ca72848561ef063b

SHA512
ad591a8c954020791fa4be3edbf634791e132f975ae3d6abeb825683d5219c3a2d16860ebf7e2b8fce817a1643f97f756883a576f542e344f88ef8f31e83d8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
42174a52e97bc01bf4fecb11ddec4de5

SHA1
c54b1275e2e239d68ce0e8f455641cf0b2bb293e

SHA256
b5c082325863261697dd3af7e06b0bb00542836fc7810252a43603196571c43e

SHA512
e4906ae4af570cf95a787951bbb3f6b834e1a4c379b033aa1a1345350dbe1e5917f251d811b55dcb031eb534ba6cdee5df99f80bca931d3c9b44ce01e9221bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4618f275f547283eaf34770a3216c44c

SHA1
242c1c59e411ab0001d2876640fc9e1276ab7d05

SHA256
fbf5cec04b25801dc440c8120c8d916c71ebcf20f7cf58c99e8ca75c57fd702a

SHA512
202bfec2eb46e6154ca965e27cd1059b34d99646fe76c31cbea4f12b3b33b048bebae3fc390c989264d474093ef442de15b7914b0dbc8e10e8d9ba2dab6458ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a9e4fd57546c3357870620a70b6a2c0b

SHA1
93ed6c9bc9d7618d44233a23cd7f09b58e233075

SHA256
8b512ff67f0edaae199e0c1e90b46c4d262cd26a0d57be0d2f1edcbee2212dc9

SHA512
3606868fd07e67f1f3b30d02bb15eb9fc3e2fe850b4d1c291714deef9ad529975440aa6535a179d96dfe909dc8815e76600f389dbf07e268981a3d6cfbc078f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
23efa4f6b74e542d46b925a039070daa

SHA1
4e05cd8ad5400641ba6ff931c1c1fb96b307f725

SHA256
3c349a4f7d8bed88dd51db82367a482f9327d7f59e99b0166d25e03b3015db99

SHA512
ccb05dd792671c7230641f149d5946d1a2d1154f7df33e579cd6df39d61eb5fffa49f4b54f9ca6e87d210790971a0106b8d468564b3c3be60cd5eef193055da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22fd6b41214b08d512e7d4191c7874fd

SHA1
c0a01b599f2143ab7c939e2716141e197afa8c30

SHA256
7bd56de3cd09416c4cbf9b22f2fe91edc29034ff9548748083128022f725791b

SHA512
51f2e1ff69e04505016aae264cdb30f2d8c9b01111b9ba555b0acc1591a062bb26f1b9a997a428279cc1f5339140fd34a970422a02ed9749bc3238d09bb3d5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec939c32aa617260f4e08884ef935dba

SHA1
5631f32f2d01fec56141ce494e26e12836803596

SHA256
8aaf9dddabfe0284f495b925898ee3b910427e323b2f532ebc25e0c27b8d4f02

SHA512
e8b99fc83605a6329533e3fb8c63b593b453e85eef3cf1a8c7fc0300e0d7ab5417bebf42da5d0433197f63fa847557c296bae5b50217a949f85b215e169db35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f690f2560e46189bbc25efa280f6c98e

SHA1
9c951562dd98fa4ab3ed6f75cb7539db7da20097

SHA256
338db775a65a9391a2270de929a3888eb7b53750a26f1e351e4c1278b0d42aa0

SHA512
67481fce26b8d8caed17423e7612e0fa246e0231618d38518105ea1da12c4e3f73067827ee916c20dbd630d15fbfe16ca38e643378680ff898cb638a18a8646f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0ccf3f15d4dcf97bfe756851151243fa

SHA1
9d2ea1de2fd70fac66a2fa54424687602ece798f

SHA256
6927626378d615d391a9dae8ccfde2116b53c8f8d4a25de607a3af1a89052f53

SHA512
a01d4ac9ffd55bfbffa544b5aed9dd3c076d9a7eda2972aa64cd1505d40cf12a9f5a0af8d6198a060d98842d00284baa7ffcfe499522d424bb25a35d8084a341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8c7602a2b79c2b9ec0c550cddb1ffe91

SHA1
3197fd06f1249b95f5efa8b2b9f6e371a724da98

SHA256
752f8b7b6abba5b32ef9c5d999b87ce9fb0d84ea6b74fe9949409e801fd9c523

SHA512
90190c17bc61ebea8a159bbf415e8b1e45ebba1f280f1acb66a153eb17b58c9c2a98e1f1ca9760e5dd739d6b05f22006b5ccec3589b9dd729863dc7bcc196948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a29153a369f581f3522d9274045f044b

SHA1
fef9dfb4dcebd83bda3615802e92ea5d11e5167a

SHA256
9768d7f18f1ad556e7674d736b501772915212be9380180d9f9cc425b9eb2f50

SHA512
943acf05bc79e0d059cfc131532f447e96bc69a64de2af055a217bb409ba96b45c8cf269538b86c73295c429f816486ff730103cbc9f76d6ea2418737fb6740f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae16536d5834feac6df586c68f478a38

SHA1
65c29e864bd5993454461fef669d6d008e77e932

SHA256
6fd3c72ad250eed7095100f78077968bb829992e861335286da135c37caffd41

SHA512
ab92ad9d14a07ac219d1f1e53b1c8205669a46ec5136ebe8b7028b30470dae23c68b6d7d6463973ddbd2e13794c9bebebf17f3ecd3620fed606e9f96497db33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3e05c256eb2e33575a66b9bcede12838

SHA1
d3e3e777a5613e7a6e2a37d11cfcfde9718d506b

SHA256
05fbbafc2af4d7c02f298aab4a37a7ddea104cd804519d61c1ad277e96051a93

SHA512
e4970c0bfb54ae10fee291c85da950d7b54d6cf896fd2c63eccd5f5141963e854e9fd74aa2ad5dbe4e98f9bd8132fe7eab58eb0788bc2588940c5ea811e70c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6432c49bbffd1946630c42c9db384478

SHA1
26928450e0f273b4579d9d6d14ff67be67828353

SHA256
d619f27df24c5c78894305f591051bc673482781b83c8852587b71f1fb121161

SHA512
1561c7a4f824eaaa4e294faa619f9eef2d3bce4c75b513148c2504680186d16d99b23baf5e0302ae77bee97438e6634119f0b01992a72c0ac72b324c57cf1f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
bb7f7c44ea6e1ff0c09c2970be72b887

SHA1
bba88768bc5746db0a5184ffb6cc4d680ba26cdb

SHA256
9fc9aee55f964dc3841105833f62cc771892a072edd9396093ed9b390206c665

SHA512
dc455fd12fa7234b5c2259070eb96b9f3ac257a6470deffa318f4b0d3d6a5234a94a29372590358cd06372b79d5ef1849a45aca725fe7d2a02f19e19c148558b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d8bfe158859e7f56680faa8e56f539bb

SHA1
52d5aee9f6c924ebe5aa1a0d7828df7d4d1808a0

SHA256
782f0f86005a55d336af1828bb0fcff66331e564ac4432e83ae20892a6465ce8

SHA512
a2711fb9f641711ad22ca779961e17fd6644273cb5d3208b35851811f6ade63321d3f1b2d20b9dfc9376a236a4652846e61279b85b89c21114e8c248db6a6242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1f6a98b77f032a33c697030ea13b1262

SHA1
6ef3f8790859befac62c0eeaf112922621c44b04

SHA256
c40ef8b06035a54372cd30eff1e8c7514aca16fc31d583a7ee5d19bf5c7b1e8b

SHA512
9cae97ae61d60b6379b928aeab66f9fb4d0094c1c916336f5f9969e4d6923ff26fda58e05974cfda78a911400f8d83759375b720414e7295d4819920706fe8e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
6d3e9c29fe44e90aae6ed30ccf799ca8

SHA1
c7974ef72264bbdf13a2793ccf1aed11bc565dce

SHA256
2360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d

SHA512
60c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s2xrt2xf.pmn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\ch2gfaluey2lkxefloqgp\service.exe

Filesize
300KB

MD5
1073e948e6f7bd2c4deadf6b563c3450

SHA1
775fd33594db7fe8e8c385aa90d52a42e2b96ed4

SHA256
98df31c217af51f6f059d48942ee2f59f0f03bda76f3a40d7b72048344a608f8

SHA512
08748155a9a99956d4173ca52d4bf05f8802a7bf7358993f3e18fee88dcdc0cd26732d8da4c225085d78ce99c881f384e9caa53c12bb977a04b1be177816d65f

Download Submit
C:\Users\Admin\Downloads\Xeno New.zip

Filesize
4.2MB

MD5
c829832f4a41f6cee676e89eddb12d6f

SHA1
2598b39f8a85e706fd3ffa3b55cea3f1caecabef

SHA256
291a5034ff83cde97e0dab6942350b66c2d70414c2562af6fc21b632ea3b9698

SHA512
912b3242ea835771932d1fa8f63a3696022084ecfb0519729fdd9cb706b1af432ebb54630fa328679d6cf6efd461c7596cd58af38afdb7c119860763fcd216c6

Download Submit
C:\Users\Admin\Downloads\Xeno New\Xeno\Xeno.exe

Filesize
2.9MB

MD5
5b3210dea911dbc9e9afda584f67ccd0

SHA1
3957b357623a6f1f168dcf477cdb54fe5ee648e0

SHA256
2dc944dbb03d95b13b7e2d71e9b6f87c0b461be8334192cdb6b66de507419e98

SHA512
4d9fe8eb20504863bbc3a76c3cfb529403e43b0265d2fc4d2de461c25f09679641f6141d765bcec1f68e6baa114a9a708d3a37c2907766ca4efe638bde1dd990

Download Submit
memory/1992-680-0x000001D9D6680000-0x000001D9D66A2000-memory.dmp

Filesize
136KB

Download
memory/4608-712-0x0000000005FE0000-0x00000000065F8000-memory.dmp

Filesize
6.1MB

Download
memory/4608-711-0x0000000004EB0000-0x0000000004EBA000-memory.dmp

Filesize
40KB

Download
memory/4608-713-0x0000000005290000-0x000000000539A000-memory.dmp

Filesize
1.0MB

Download
memory/4608-714-0x0000000005030000-0x0000000005042000-memory.dmp

Filesize
72KB

Download
memory/4608-715-0x00000000051C0000-0x00000000051FC000-memory.dmp

Filesize
240KB

Download
memory/4608-716-0x0000000005200000-0x000000000524C000-memory.dmp

Filesize
304KB

Download
memory/4608-717-0x0000000005A40000-0x0000000005AA6000-memory.dmp

Filesize
408KB

Download
memory/4608-718-0x0000000006850000-0x00000000068A0000-memory.dmp

Filesize
320KB

Download
memory/4608-720-0x00000000078F0000-0x0000000007AB2000-memory.dmp

Filesize
1.8MB

Download
memory/4608-721-0x0000000007FF0000-0x000000000851C000-memory.dmp

Filesize
5.2MB

Download
memory/4608-710-0x0000000004F00000-0x0000000004F92000-memory.dmp

Filesize
584KB

Download
memory/4608-709-0x0000000005410000-0x00000000059B4000-memory.dmp

Filesize
5.6MB

Download
memory/4608-708-0x0000000000440000-0x0000000000492000-memory.dmp

Filesize
328KB

Download