redline | hxxp://147[.]182[.]180[.]78[:]8081

Resubmissions

25/04/2023, 21:52

230425-1q673ada87 6

24/04/2023, 07:06

230424-hw7rnsca7t 10

24/04/2023, 06:59

230424-hsa9asca5t 10

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2023, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://147.182.180.78:8081

Score

10^/10

redline sectoprat cheat infostealer rat spyware stealer trojan upx

Malware Config

Extracted

Family

redline

Botnet

cheat

141.255.156.206:35361

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 6 IoCs

resource	yara_rule
behavioral1/files/0x0006000000023180-487.dat	family_redline
behavioral1/files/0x0006000000023180-488.dat	family_redline
behavioral1/memory/1656-489-0x0000000000BD0000-0x0000000000BEE000-memory.dmp	family_redline
behavioral1/memory/436-599-0x000000001D9E0000-0x000000001DB22000-memory.dmp	family_redline
behavioral1/memory/436-603-0x000000001D9E0000-0x000000001DB22000-memory.dmp	family_redline
behavioral1/memory/436-610-0x000000001DDB0000-0x000000001DEF2000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

resource	yara_rule
behavioral1/files/0x0006000000023180-487.dat	family_sectoprat
behavioral1/files/0x0006000000023180-488.dat	family_sectoprat
behavioral1/memory/1656-489-0x0000000000BD0000-0x0000000000BEE000-memory.dmp	family_sectoprat

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Krumo.Loader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Panel.exe

Executes dropped EXE 11 IoCs

pid	Process
3916	Firefox Installer.exe
2632	setup-stub.exe
1656	build.exe
4732	Kurome.Builder.exe
3128	Kurome.Host.exe
3776	Krumo.Loader.exe
1388	Rarqxqlarwy.exe
4328	Eihb.exe
436	Panel.exe
4384	Panel.exe
4668	Revenge-RAT v0.3.exe

Loads dropped DLL 11 IoCs

pid	Process
2632	setup-stub.exe
2632	setup-stub.exe
2632	setup-stub.exe
2632	setup-stub.exe
2632	setup-stub.exe
2632	setup-stub.exe
2632	setup-stub.exe
4732	Kurome.Builder.exe
4732	Kurome.Builder.exe
3128	Kurome.Host.exe
3128	Kurome.Host.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0011000000023129-214.dat	upx
behavioral1/files/0x0011000000023129-267.dat	upx
behavioral1/files/0x0011000000023129-268.dat	upx
behavioral1/memory/3916-269-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral1/memory/3916-379-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 63 IoCs

pid	Process
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\nsdC132.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsdC131.tmp\	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsnC11F.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsdC130.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsnC11F.tmp\	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsdC131.tmp	setup-stub.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll	Rarqxqlarwy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3396	4328	WerFault.exe	132
428	436	WerFault.exe	136
2544	4384	WerFault.exe	137

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133268003862145496"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
860	chrome.exe
860	chrome.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
436	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe
4384	Panel.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4668	Revenge-RAT v0.3.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
4668	Revenge-RAT v0.3.exe
4668	Revenge-RAT v0.3.exe
4668	Revenge-RAT v0.3.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2632	setup-stub.exe
2632	setup-stub.exe
436	Panel.exe
4384	Panel.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 4628	1916	chrome.exe	84
PID 1916 wrote to memory of 4628	1916	chrome.exe	84
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 2116	1916	chrome.exe	85
PID 1916 wrote to memory of 3840	1916	chrome.exe	86
PID 1916 wrote to memory of 3840	1916	chrome.exe	86
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87
PID 1916 wrote to memory of 3796	1916	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://147.182.180.78:8081
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc109758,0x7ffcfc109768,0x7ffcfc109778
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:2
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4868 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=836 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2372 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2768 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2216 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Users\Admin\Downloads\Firefox Installer.exe
  "C:\Users\Admin\Downloads\Firefox Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\7zSC4F559F7\setup-stub.exe
    .\setup-stub.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2832 --field-trial-handle=1792,i,1974508521075464623,14681086552949560411,131072 /prefetch:8
  2⤵
  PID:3980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1644

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redline.rar" -trar
1⤵
PID:3636

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline\" -spe -an -ai#7zMap51:76:7zEvent14495
1⤵
PID:2852

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Password.txt
1⤵
PID:1324

C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\build.exe
"C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\build.exe"
1⤵
- Executes dropped EXE
PID:1656

C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Kurome.Builder.exe
"C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Kurome.Builder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4732

C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.Host.exe
"C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.Host.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3128

C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Loader\Krumo.Loader.exe
"C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Loader\Krumo.Loader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:3776
- C:\Users\Admin\AppData\Local\Temp\Rarqxqlarwy.exe
  "C:\Users\Admin\AppData\Local\Temp\Rarqxqlarwy.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:1388
- C:\Users\Admin\AppData\Local\Temp\Eihb.exe
  "C:\Users\Admin\AppData\Local\Temp\Eihb.exe"
  2⤵
  - Executes dropped EXE
  PID:4328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 1696
    3⤵
    - Program crash
    PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4328 -ip 4328
1⤵
PID:2888

C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe
"C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:436
- C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe
  "C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe" "--monitor"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4384
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4384 -s 2460
    3⤵
    - Program crash
    PID:2544
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 436 -s 2540
  2⤵
  - Program crash
  PID:428

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 436 -ip 436
1⤵
PID:4416

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Revenge_Clean-version\" -spe -an -ai#7zMap24541:104:7zEvent19653
1⤵
PID:1908

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 4384 -ip 4384
1⤵
PID:1264

C:\Users\Admin\Downloads\Revenge_Clean-version\Revenge-RAT v0.3\Revenge-RAT v0.3.exe
"C:\Users\Admin\Downloads\Revenge_Clean-version\Revenge-RAT v0.3\Revenge-RAT v0.3.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
cc6d04d214631f75aed0938e6680abeb

SHA1
2de2df6efc4d5f89ffd0e85987b2b0ae1f4ee47b

SHA256
3815eefab44e1e204f0fc376b0d5650e4e834a2fc4ebd757f5cca29cff7e6d89

SHA512
216800d96fa3de22b9d73953153d2b81aa1bb6b1737c9b04c930baae49cdd6cf3c4ee03f37de459bd2ab8e5f4207fec72cae20313737ec203d67fac4b071ca3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
425db46dae88ce96f2c3643c55f073ba

SHA1
5c6020bae84b209c30cce8dfbaf65c8f396b0ffb

SHA256
84930a683a1b2a88dad0a6660203482bad02d00ec4319cb566ecb7125b17a454

SHA512
9a82d6d28127d3c0f597b065d76ff6194b8f3e7936e4582a7337b644c07195daaa86cc732e7d5031d4980a7424ae38c446582f3e550a1e4f8211f155084c7fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
522ac8da85efb3528352944ca2452d01

SHA1
e983026858cdd858b55279c3d5e4b72cbe260bb0

SHA256
7ed26a31c589ae615d4da32c4b091adec14e9b6fda941240c865a976a56e3829

SHA512
13ec47decb8822e46b560ffdbe33fa70981fbddab8c9ec7cfda49a8014c62ffb9eab24428ae349dadea4fc9d71bd8d2a0d093e1ede61cb5d48cc48b3b4dc0882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bccf9d8120333fedfc97251aab802660

SHA1
fb88bae7bacc9b7f152be312c924fcfdc3346e71

SHA256
ad3c10247add7951d797a0e4c83415366a2184624cb3729c00358f4fa533dfc4

SHA512
90fb6270edb859a0b894ccd20197469e53e854f9dbc447bbb98c736f6a383520f9427f68b7ec6c900003ec650969cb0e887a085bf38ba2439437e746fbf5d562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
96477f1bba5d351285cf00093ceddef7

SHA1
3713582c23a9228f439de8b15e6d5a72aba23f23

SHA256
d40e60337b02464de8c75dbda56ad2f58f36c810024be4f1d32aa7b01b3860ac

SHA512
ffb12fbeee6b66366d7859e5d91ac97f7ce23b2c18c36bef07a1c17ca148edd67d033ce5e3ee11c3a66b43aa77317ba87a59c910f6c834c90ffcb86f25cf49e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dbbf799c78c72e4bb43016ac216fb866

SHA1
82a08fa142087eb5bb9d0d2844b99edb79ecff31

SHA256
8785134adfc2cc06871f658518d2590bc2b739f3a2d5595bc49285bd1d942904

SHA512
96b39115058d3987aed7e5efb4feb32515488469fbfd2e34df6bbb14e396463df9ce4b7a391bf7a925d0c438498bdf684c9b19555a0d49239ddefdb4de7041c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3b59e14fad3f627853bb2cd443d2cfc

SHA1
80d429d2bfeb0464ab10a51f60ea6786c42b16c6

SHA256
610f317da7fa9f0f484d63ac7847fb894cf61b440f6794c523811a9a7dc70140

SHA512
4b712f62d35c0b641f66bc8a56752f45c40a536460b06cc3bba43520a29ae5d29eea5452863366e20938288a870652419b3c5b0f80842ed5af43ae17bccb7779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2fddfb345b4b463f1cc2fe0e67e6144

SHA1
d14f7895a749a3a742736c0aac672cb20cea2962

SHA256
5a7894f00dafcf92d82580555cc27836b2156dc3284aa9a24a3bf1c40b2940a3

SHA512
c151d94f669b81b50cf4f367e84c455318a5a0c82e12668025fa8cc57afab4f32608d4c4d3780d5b811c8118b47bb46866acd2c7713374658383ea326c0e4740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
460863a7045d8aeaa9a6580c7e3479e5

SHA1
8f7d9ce1be776f8d920c5373555c88bd9d499ca2

SHA256
44ce2528653ec23deabd9147417b96f041c3cb9ff43d2eb211d10814c9869331

SHA512
7dd9577c36ba5eb97ed7507b41ba3475271a2ccfd2730362cffb753260400beec344b90f8d98c9f89cf68f1c1c4321d5d0a989c200f27a2f490f00118324f40a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b199e7e81ab48738dd3a369acc069150

SHA1
896b8142144745e05b98690fa6fc3fa16bb0cb8c

SHA256
a0a5ce0fe587863f32c9b93180d6ac594637cabb1b27d86c14d8382b8e24b179

SHA512
9c00c757ae7fe80d0d9744d9fb097988092b1766e8aa115c6c51108274c7b1ea43b8063fcd4ca918b0eccb1605c0993dbef0c70185a411db66bf0407f7f498db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18b5bc8fae2e615edc9a65f82eb87b66

SHA1
92faec3c34a28b1e9e1463499a756255c6f4ffd8

SHA256
ef09b6b81e238be3e04c5f0de8913aa5c84e5f1614f62a62d577aa223c836cd8

SHA512
6264ec160ba14c0b5700121acf899954f8bcfacab5e4da18d60fc7d6e7b959b85559f9b26dfa3f68e56b02b9cadf914abcfb36053cd493c1095fbccf61deab37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e2e45ab6fc72fcbb5a92ec424e59321

SHA1
4cffe75b2847a71144b6f2ee58d9ac2c1943b811

SHA256
d7a1c7923e9e39430670a3dce3eb822cab3e80debc2d4330aafbdb1d41e42654

SHA512
5d7e335efa3113809105ef53c355b18f0cac88418c2d923437bfa52e930fda05f17ca48743e432086d6828f1081dd7d5ffafdd74b1f0ffcce35cb656a01ea4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f90d6628386c4e73455398cc16b5d63d

SHA1
d9ee7363c6e91195b7d4baa18f82bbdd8b7027b0

SHA256
ccc11ae092e67ee8414d92cf4ff5ad7c9e4f3886904ae2a311a28ee46e1fa193

SHA512
8230c2362a601f78f03c661a33aaf824d2b52be7272f07ffeb52c060042b5b393191e1eaef5b42f1b0662a9d98929b13223ab45793b8f0439b6b3eda60f6e342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
f986e9650045e5063fe708f41d93f9de

SHA1
6c1cd227ac86e7e75ed9bc52c9fc062f23b44a98

SHA256
340010cb71dccb1bc72ce2f5b7d8acd309fd90fbc9acc7fc3a847a7ea0765818

SHA512
71aeabbd9bbbaae5e073fc0f124e2ff6fbc11edf19842ca91ed4d00a226023748e0e292281f526fd23270c3bf342c81006dcd434ccf5aaacbe3d048c50efc193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
ed83607153e2caa6fff0c3566f5912a3

SHA1
fc766a70a8702e50c1e0517b4e9ae86661906b63

SHA256
152e27ee8f394f86acb0b781132a0b2bdc787852029628f9b3506d035a0962ab

SHA512
504877167609cf0c07d8590490301c47dcaa8d90e2c20a83db5373a61bc9badca4d6412b3675e237519ab67c84c1fe0af2a8626d5b496d5caf95bbb8e4b89728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
7972e0e7967814491bb7dbdb0968eeb9

SHA1
6ad6b0deb4603f91a7852a5f75c098cd96eafcca

SHA256
11669ac8e754ee94cff86d73667e3cc974cbeea69a4afff4f49496ecfbc59ca3

SHA512
bd0772df0f8d1c503c2c9bc10d102e384072b1bef4fcea7f905aa25380d06fb4512c22dd8e21a3c61cf0e66c3834c0ab55aba4067a8397d52fd0ae604c8fad29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56f571.TMP

Filesize
96KB

MD5
427aa5cd8f716e64522e4ade97188cb7

SHA1
530dae1b0d95e0da8f4729fc5f738fb6015851f0

SHA256
cebe12a92c2099630d2d1b49dd3ad7411777563799bdde53d2dfa4bd5b762355

SHA512
0867e0741daf9d7724aeb0dabac7a891a58d2e2fb0228cb4517c202780b1f292af82b9dca5d3e38e320287d0879390874daa94d059369f7a720a34664a8e56f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC4F559F7\setup-stub.exe

Filesize
551KB

MD5
2c360949ef454f39742e148c091f4e67

SHA1
ad12d1153ba86dc99b300e51347362104219520d

SHA256
b2b8510a248b3238b21fe78fdbe11a33bd490ca747f918680706745599e042ed

SHA512
f70b78f2bd7f2bac35bd59b157c883bc8ad0bdae20ce8abe7fac777946cd3774b0f04472e45b093b6c66d928084ff1f2a5f8d0c9231f35f072d95a6594f29bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC4F559F7\setup-stub.exe

Filesize
551KB

MD5
2c360949ef454f39742e148c091f4e67

SHA1
ad12d1153ba86dc99b300e51347362104219520d

SHA256
b2b8510a248b3238b21fe78fdbe11a33bd490ca747f918680706745599e042ed

SHA512
f70b78f2bd7f2bac35bd59b157c883bc8ad0bdae20ce8abe7fac777946cd3774b0f04472e45b093b6c66d928084ff1f2a5f8d0c9231f35f072d95a6594f29bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Eihb.exe

Filesize
118KB

MD5
677073949945ca09fe971682561c5f11

SHA1
cb33238550faa82cb5d3b5e4116a8c721a4fc96c

SHA256
571d22f4659932c89344baf33e0e53dcb790fa9cb196ad7a937ce17f567f5062

SHA512
006c596edb2c6cef589319917c70531e0672cd8831a4d6852c0641e9cc9a90d351f687884da67a02055706c334e94b68a17c8a0cf9f6041b633f8f85cd9185f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Eihb.exe

Filesize
118KB

MD5
677073949945ca09fe971682561c5f11

SHA1
cb33238550faa82cb5d3b5e4116a8c721a4fc96c

SHA256
571d22f4659932c89344baf33e0e53dcb790fa9cb196ad7a937ce17f567f5062

SHA512
006c596edb2c6cef589319917c70531e0672cd8831a4d6852c0641e9cc9a90d351f687884da67a02055706c334e94b68a17c8a0cf9f6041b633f8f85cd9185f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Eihb.exe

Filesize
118KB

MD5
677073949945ca09fe971682561c5f11

SHA1
cb33238550faa82cb5d3b5e4116a8c721a4fc96c

SHA256
571d22f4659932c89344baf33e0e53dcb790fa9cb196ad7a937ce17f567f5062

SHA512
006c596edb2c6cef589319917c70531e0672cd8831a4d6852c0641e9cc9a90d351f687884da67a02055706c334e94b68a17c8a0cf9f6041b633f8f85cd9185f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rarqxqlarwy.exe

Filesize
2.2MB

MD5
a3ec05d5872f45528bbd05aeecf0a4ba

SHA1
68486279c63457b0579d86cd44dd65279f22d36f

SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rarqxqlarwy.exe

Filesize
2.2MB

MD5
a3ec05d5872f45528bbd05aeecf0a4ba

SHA1
68486279c63457b0579d86cd44dd65279f22d36f

SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rarqxqlarwy.exe

Filesize
2.2MB

MD5
a3ec05d5872f45528bbd05aeecf0a4ba

SHA1
68486279c63457b0579d86cd44dd65279f22d36f

SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\InetBgDL.dll

Filesize
17KB

MD5
97c607f5d0add72295f8d0f27b448037

SHA1
dfb9a1aa1d3b1f7821152afaac149cad38c8ce3c

SHA256
dc98ed352476af459c91100b8c29073988da19d3adc73e2c2086d25f238544a5

SHA512
ad759062152869089558389c741876029198c5b98fa725e2d2927866dc8b416ae2de871cb2479f614f6d29b6f646bf7191d02837c3cabc15b8185b563bc46268

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\InetBgDL.dll

Filesize
17KB

MD5
97c607f5d0add72295f8d0f27b448037

SHA1
dfb9a1aa1d3b1f7821152afaac149cad38c8ce3c

SHA256
dc98ed352476af459c91100b8c29073988da19d3adc73e2c2086d25f238544a5

SHA512
ad759062152869089558389c741876029198c5b98fa725e2d2927866dc8b416ae2de871cb2479f614f6d29b6f646bf7191d02837c3cabc15b8185b563bc46268

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\UserInfo.dll

Filesize
14KB

MD5
610ad03dec634768cd91c7ed79672d67

SHA1
dc8099d476e2b324c09db95059ec5fd3febe1e1e

SHA256
c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

SHA512
18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\UserInfo.dll

Filesize
14KB

MD5
610ad03dec634768cd91c7ed79672d67

SHA1
dc8099d476e2b324c09db95059ec5fd3febe1e1e

SHA256
c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

SHA512
18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\UserInfo.dll

Filesize
14KB

MD5
610ad03dec634768cd91c7ed79672d67

SHA1
dc8099d476e2b324c09db95059ec5fd3febe1e1e

SHA256
c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

SHA512
18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\WebBrowser.dll

Filesize
103KB

MD5
b53cd4ad8562a11f3f7c7890a09df27a

SHA1
db66b94670d47c7ee436c2a5481110ed4f013a48

SHA256
281a0dc8b4f644334c2283897963b20df88fa9fd32acca98ed2856b23318e6ec

SHA512
bb45d93ed13df24a2056040c219cdf36ee44c8cddb7e178fdaabcec63ac965e07f679ca1fa42591bba571992af619aa1dc76e819a7901709df79598a2b0cef81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\WebBrowser.dll

Filesize
103KB

MD5
b53cd4ad8562a11f3f7c7890a09df27a

SHA1
db66b94670d47c7ee436c2a5481110ed4f013a48

SHA256
281a0dc8b4f644334c2283897963b20df88fa9fd32acca98ed2856b23318e6ec

SHA512
bb45d93ed13df24a2056040c219cdf36ee44c8cddb7e178fdaabcec63ac965e07f679ca1fa42591bba571992af619aa1dc76e819a7901709df79598a2b0cef81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\profile_cleanup.html

Filesize
1KB

MD5
72e70244833cb1c8bad6fa8f98fc14d5

SHA1
6abdc75d0bd50fd1796872661fa26e2e2e0f8fb9

SHA256
aec8db1b7a2d3b09505ed0762d829c3786cf4e2b74ede492aee3631126e21a65

SHA512
9fbc15af2c9b60d0405ff3e89f40789ac1cd4c8f792dbbd5ec3931134a150d72dee758e26a9911c31db1d44b78b9708d93a86d534253b9c296bd23fdd5237351

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\profile_cleanup.js

Filesize
1KB

MD5
ba983408ac62250294557403ceabad7a

SHA1
3b7b9987c6fb4957e93148ac389bed111b3b23cf

SHA256
6476d0dcd6dbeb786ddb5467b7ba6ebe5f6571015fa96397087c108d2f7ce8dd

SHA512
7dd93520631a1d5a41c26a75ce0420893ad9c097cc3dc64fda31a964f81c4b19692e7d4e32db19029f05d40c98eed430bb27d9b37f1d4a094bcf3f19e2fca637

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\stub_common.js

Filesize
817B

MD5
58b8ac894c64370cfa137f5848aeb88d

SHA1
6a1ac1f88a918a232b79fe798b2de69cf433945f

SHA256
0e28aa770b0afade30be85c6dc1e50344db8f8cdd3fa01989d81a9e20a4990bd

SHA512
ae309518e0f926021e4d9378950c1a375263247d4f79d8a8cc09464cd01653ae5e707d52a4b0c36d532e649c246f4be6b5ba8648f58fb0e3e40c495ae63180ab

Download Submit
C:\Users\Admin\Downloads\CraxsRat.exe

Filesize
57.5MB

MD5
8dbb5c119e11eb865054186a34ece887

SHA1
d1582e5b3fbbb12e5909b15cd8487ad7350c1e48

SHA256
eadf6d52d98208e2470c8c5105c0d34d8d217f904160aea54480804552ae9331

SHA512
3759eb13d21b5104ecd0cc8b226b523a76c81621541c24a3a84e4c19e28f62d482b81d0ee25f8cb983fdd37277e82450ae757d68221fe3d846dda41a6219b99b

Download Submit
C:\Users\Admin\Downloads\Firefox Installer.exe

Filesize
341KB

MD5
0191e3c912eb932e3e168568d112f9d5

SHA1
abc4b7aba4beefa095961a28c34b361f10d98546

SHA256
ce748f069b646f376eb5c7f9e9cd4499406b5a73c0be33ca9c8ea4537aad5b05

SHA512
80d4a6611c6bbbb8db7c09eb1082158ba63c3007b6d4654ffcf070700638b9417f4e995f448ff3230a59d7b7486f4619e6a4b42566c66d58d68db5709a02e379

Download Submit
C:\Users\Admin\Downloads\Firefox Installer.exe

Filesize
341KB

MD5
0191e3c912eb932e3e168568d112f9d5

SHA1
abc4b7aba4beefa095961a28c34b361f10d98546

SHA256
ce748f069b646f376eb5c7f9e9cd4499406b5a73c0be33ca9c8ea4537aad5b05

SHA512
80d4a6611c6bbbb8db7c09eb1082158ba63c3007b6d4654ffcf070700638b9417f4e995f448ff3230a59d7b7486f4619e6a4b42566c66d58d68db5709a02e379

Download Submit
C:\Users\Admin\Downloads\Redline.rar

Filesize
14.6MB

MD5
319528db2efe3c3c70f2055c2124cde0

SHA1
65d0f7a4fadf37c31b36b3f7cc8a41aaa900a948

SHA256
d3a8158d46db1f8476fc7ebef93bd600fbda04bba4bdf9af280f8f9ed6ba1d62

SHA512
4d6934a174ea25e345ea1ab271fe2ba13212f09d67f8237077c66563aaefa5fe2f6cf8943871f320cd3c57f2d72e107a59df898b3c2c15d8428c9b15f56b69c2

Download Submit
C:\Users\Admin\Downloads\Redline.rar.crdownload

Filesize
14.6MB

MD5
319528db2efe3c3c70f2055c2124cde0

SHA1
65d0f7a4fadf37c31b36b3f7cc8a41aaa900a948

SHA256
d3a8158d46db1f8476fc7ebef93bd600fbda04bba4bdf9af280f8f9ed6ba1d62

SHA512
4d6934a174ea25e345ea1ab271fe2ba13212f09d67f8237077c66563aaefa5fe2f6cf8943871f320cd3c57f2d72e107a59df898b3c2c15d8428c9b15f56b69c2

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Kurome.Builder.exe

Filesize
137KB

MD5
cf38a4bde3fe5456dcaf2b28d3bfb709

SHA1
711518af5fa13f921f3273935510627280730543

SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e

SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Kurome.Builder.exe

Filesize
137KB

MD5
cf38a4bde3fe5456dcaf2b28d3bfb709

SHA1
711518af5fa13f921f3273935510627280730543

SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e

SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Kurome.Builder.exe.config

Filesize
189B

MD5
5a7f52d69e6fca128023469ae760c6d5

SHA1
9d7f75734a533615042f510934402c035ac492f7

SHA256
498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0

SHA512
4dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Mono.Cecil.dll

Filesize
350KB

MD5
de69bb29d6a9dfb615a90df3580d63b1

SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b

SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Mono.Cecil.dll

Filesize
350KB

MD5
de69bb29d6a9dfb615a90df3580d63b1

SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b

SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\Mono.Cecil.dll

Filesize
350KB

MD5
de69bb29d6a9dfb615a90df3580d63b1

SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b

SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\build.exe

Filesize
95KB

MD5
491495c2c7329e28bb2e5c92de4373ff

SHA1
ec071beb1c9f0401980d040c75ebaebae352e9aa

SHA256
df6c06678f3e35cb0dc275ce34f18c526a5d72c9f9d278b31675763007a47d40

SHA512
e3ff660cd383660987eb67a2178a910f8a64f3717f6d542527636617151edae15fb58d24bed4972458693c79d263209fc5aa70b47b078e88a6c51d13edd069a2

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Builder\build.exe

Filesize
95KB

MD5
491495c2c7329e28bb2e5c92de4373ff

SHA1
ec071beb1c9f0401980d040c75ebaebae352e9aa

SHA256
df6c06678f3e35cb0dc275ce34f18c526a5d72c9f9d278b31675763007a47d40

SHA512
e3ff660cd383660987eb67a2178a910f8a64f3717f6d542527636617151edae15fb58d24bed4972458693c79d263209fc5aa70b47b078e88a6c51d13edd069a2

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.Host.exe

Filesize
119KB

MD5
4fde0f80c408af27a8d3ddeffea12251

SHA1
e834291127af150ce287443c5ea607a7ae337484

SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb

SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.Host.exe

Filesize
119KB

MD5
4fde0f80c408af27a8d3ddeffea12251

SHA1
e834291127af150ce287443c5ea607a7ae337484

SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb

SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.Host.exe.config

Filesize
189B

MD5
5a7f52d69e6fca128023469ae760c6d5

SHA1
9d7f75734a533615042f510934402c035ac492f7

SHA256
498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0

SHA512
4dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.WCF.dll

Filesize
123KB

MD5
e3d39e30e0cdb76a939905da91fe72c8

SHA1
433fc7dc929380625c8a6077d3a697e22db8ed14

SHA256
4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

SHA512
9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.WCF.dll

Filesize
123KB

MD5
e3d39e30e0cdb76a939905da91fe72c8

SHA1
433fc7dc929380625c8a6077d3a697e22db8ed14

SHA256
4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

SHA512
9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Host\Kurome.WCF.dll

Filesize
123KB

MD5
e3d39e30e0cdb76a939905da91fe72c8

SHA1
433fc7dc929380625c8a6077d3a697e22db8ed14

SHA256
4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

SHA512
9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Loader\Krumo.Loader.exe

Filesize
2.2MB

MD5
eac11bc16c0fda030e431a794119473f

SHA1
7ccff2bbb88f35e6cee7c58ec264abee962aa556

SHA256
8fb55b92f639950c9bbc3c3920a5780ca2d58100e03388d4568dfb48b006372e

SHA512
72ae606ca6267cd1ee9dc4f339367d969dd5ee419d91faa757023cb3d3104f0d2eb55ba83208a308bdc5cfcd6d75b7c3fc9966a87d2e77d2f3ab3f87bfb28d25

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Kurome.Loader\Krumo.Loader.exe

Filesize
2.2MB

MD5
eac11bc16c0fda030e431a794119473f

SHA1
7ccff2bbb88f35e6cee7c58ec264abee962aa556

SHA256
8fb55b92f639950c9bbc3c3920a5780ca2d58100e03388d4568dfb48b006372e

SHA512
72ae606ca6267cd1ee9dc4f339367d969dd5ee419d91faa757023cb3d3104f0d2eb55ba83208a308bdc5cfcd6d75b7c3fc9966a87d2e77d2f3ab3f87bfb28d25

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe

Filesize
9.3MB

MD5
f4e19b67ef27af1434151a512860574e

SHA1
56304fc2729974124341e697f3b21c84a8dd242a

SHA256
c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a

SHA512
a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe

Filesize
9.3MB

MD5
f4e19b67ef27af1434151a512860574e

SHA1
56304fc2729974124341e697f3b21c84a8dd242a

SHA256
c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a

SHA512
a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe

Filesize
9.3MB

MD5
f4e19b67ef27af1434151a512860574e

SHA1
56304fc2729974124341e697f3b21c84a8dd242a

SHA256
c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a

SHA512
a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Panel\RedLine_20_2\Panel\Panel.exe.config

Filesize
26KB

MD5
494890d393a5a8c54771186a87b0265e

SHA1
162fa5909c1c3f84d34bda5d3370a957fe58c9c8

SHA256
f2a5a06359713226aeacfe239eeb8ae8606f4588d8e58a19947c3a190efbdfc7

SHA512
40fbd033f288fee074fc36e899796efb30d3c582784b834fc583706f19a0b8d5a134c6d1405afe563d2676072e4eefc4e169b2087867cab77a3fa1aa1a7c9395

Download Submit
C:\Users\Admin\Downloads\Redline\Redline Steeler\Redline Steeler\Password.txt

Filesize
31B

MD5
e536171bbf0b404a936d0ee5d41c15fa

SHA1
747c5157bb93b6ff144ccc9eb5d77a8b6ddbb7e9

SHA256
02f0911ee2d0205580651fb20e8378af5a8d050d14f0b9bacf0dcf76024693c2

SHA512
199522c4d81d5d087fe59a07f268be875f2571073231ad6e6f4861ecf7d2a62bb33f43222960ae20be0a17680a41a55fbd69f51c6acf1a9ba3d6bd0c8a5f5a5f

Download Submit
C:\Users\Admin\Downloads\Revenge_Clean-version.zip

Filesize
14.5MB

MD5
3d9424d426f9baf7f87f0b479cda1930

SHA1
6f0c672d9d2e7825c73d4ab3d50d9402f8c10d80

SHA256
d85d8507702632e0dac621c71f69dfa397a873f31b0161c2ea9d815a6a0257f1

SHA512
835bd491bbce61a6a4c79fb13314e824c6cba0493b0c5fdf8a3519b2abccd14d731af3a498f4f91e86c8577ceb062c174fde281822da78d7126844753c1f623a

Download Submit
C:\Users\Admin\Downloads\Revenge_Clean-version.zip.crdownload

Filesize
14.5MB

MD5
3d9424d426f9baf7f87f0b479cda1930

SHA1
6f0c672d9d2e7825c73d4ab3d50d9402f8c10d80

SHA256
d85d8507702632e0dac621c71f69dfa397a873f31b0161c2ea9d815a6a0257f1

SHA512
835bd491bbce61a6a4c79fb13314e824c6cba0493b0c5fdf8a3519b2abccd14d731af3a498f4f91e86c8577ceb062c174fde281822da78d7126844753c1f623a

Download Submit
C:\Users\Admin\Downloads\Revenge_Clean-version\Revenge-RAT v0.3\GeoIP.dat

Filesize
1021KB

MD5
953c073031a08211d72daeec0551a20d

SHA1
de7441086bf49d7e590172ee07ca9ccc3d690298

SHA256
6615e1e1d8e9ee5ae891dcc43fdd050787f28227369eed50ab3403b171a187f2

SHA512
076de07d270878c4846c0d091a76cec925d57399bdf937791232a5363bee7bdc9f14418530593f1a509fe0df3db0454793635b70feb913413829e1bf2c85b8a3

Download Submit
C:\Users\Admin\Downloads\Revenge_Clean-version\Revenge-RAT v0.3\Icons\Onedrive.ico

Filesize
361KB

MD5
257440f1449c4505669d278bf431405c

SHA1
5235870185889ffa48234f1f4af14647634c19ef

SHA256
a3c9e33dafb4c829a57a81ba8a6d94c2da9b343b6f9d6c933a4b5b88bbd96495

SHA512
d99bf41a9017dcef261fc9886887fdeb3d3b6db806d92d8f76c783764caa7f94738b7258750a5fb26cb6069f471d1acfb55dc79db5855a5619e9d864e74761a7

Download Submit
C:\Users\Admin\Downloads\Revenge_Clean-version\Revenge-RAT v0.3\Revenge-RAT v0.3.exe

Filesize
13.7MB

MD5
531d8b4ac8f7eb827d62424169321b2b

SHA1
a269563cbfa32b667f89d709eebc0b6c08b57272

SHA256
6b2324bb337f722067e6c1b5cef5f64e89338e2beccf95289aaaa2af8a0556b9

SHA512
24fb3d7430cdd6fa4a80af2982f4334db722e97a0286e97bfc56600d27598710962641837a368a133d6f6a4bd8372f00e9dd49e9c79de14653cbf7360c3e2872

Download Submit
C:\Users\Admin\Downloads\Revenge_Clean-version\Revenge-RAT v0.3\Revenge-RAT v0.3.exe

Filesize
13.7MB

MD5
531d8b4ac8f7eb827d62424169321b2b

SHA1
a269563cbfa32b667f89d709eebc0b6c08b57272

SHA256
6b2324bb337f722067e6c1b5cef5f64e89338e2beccf95289aaaa2af8a0556b9

SHA512
24fb3d7430cdd6fa4a80af2982f4334db722e97a0286e97bfc56600d27598710962641837a368a133d6f6a4bd8372f00e9dd49e9c79de14653cbf7360c3e2872

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 664526.crdownload

Filesize
341KB

MD5
0191e3c912eb932e3e168568d112f9d5

SHA1
abc4b7aba4beefa095961a28c34b361f10d98546

SHA256
ce748f069b646f376eb5c7f9e9cd4499406b5a73c0be33ca9c8ea4537aad5b05

SHA512
80d4a6611c6bbbb8db7c09eb1082158ba63c3007b6d4654ffcf070700638b9417f4e995f448ff3230a59d7b7486f4619e6a4b42566c66d58d68db5709a02e379

Download Submit
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

Filesize
3.4MB

MD5
059d51f43f1a774bc5aa76d19c614670

SHA1
171329bf0f48190cf4d59ce106b139e63507457d

SHA256
2eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d

SHA512
a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7

Download Submit
memory/436-610-0x000000001DDB0000-0x000000001DEF2000-memory.dmp

Filesize
1.3MB

Download
memory/436-661-0x00007FFD19BE0000-0x00007FFD19BE1000-memory.dmp

Filesize
4KB

Download
memory/436-698-0x000000001F300000-0x000000001F47C000-memory.dmp

Filesize
1.5MB

Download
memory/436-697-0x0000000002060000-0x0000000002070000-memory.dmp

Filesize
64KB

Download
memory/436-666-0x000000001F040000-0x000000001F0D2000-memory.dmp

Filesize
584KB

Download
memory/436-665-0x00007FFD19B10000-0x00007FFD19B11000-memory.dmp

Filesize
4KB

Download
memory/436-664-0x00007FFD19B20000-0x00007FFD19B21000-memory.dmp

Filesize
4KB

Download
memory/436-663-0x000000001E890000-0x000000001EE34000-memory.dmp

Filesize
5.6MB

Download
memory/436-659-0x00007FFD19F30000-0x00007FFD19F31000-memory.dmp

Filesize
4KB

Download
memory/436-660-0x000000001E520000-0x000000001E882000-memory.dmp

Filesize
3.4MB

Download
memory/436-662-0x00007FFD19BD0000-0x00007FFD19BD1000-memory.dmp

Filesize
4KB

Download
memory/436-657-0x00007FFD19F40000-0x00007FFD19F41000-memory.dmp

Filesize
4KB

Download
memory/436-655-0x00007FFD19B70000-0x00007FFD19B71000-memory.dmp

Filesize
4KB

Download
memory/436-653-0x00007FFD19AD0000-0x00007FFD19AD1000-memory.dmp

Filesize
4KB

Download
memory/436-651-0x0000000002060000-0x0000000002070000-memory.dmp

Filesize
64KB

Download
memory/436-649-0x00007FFD19B80000-0x00007FFD19B81000-memory.dmp

Filesize
4KB

Download
memory/436-650-0x00007FFD19BA0000-0x00007FFD19BA1000-memory.dmp

Filesize
4KB

Download
memory/436-647-0x00007FFD19B60000-0x00007FFD19B61000-memory.dmp

Filesize
4KB

Download
memory/436-645-0x00007FFD19F60000-0x00007FFD19F61000-memory.dmp

Filesize
4KB

Download
memory/436-646-0x00007FFD19B50000-0x00007FFD19B51000-memory.dmp

Filesize
4KB

Download
memory/436-634-0x00007FFD19F50000-0x00007FFD19F51000-memory.dmp

Filesize
4KB

Download
memory/436-643-0x000000001DAF0000-0x000000001DAFA000-memory.dmp

Filesize
40KB

Download
memory/436-644-0x00007FFD19AE0000-0x00007FFD19AE1000-memory.dmp

Filesize
4KB

Download
memory/436-642-0x00007FFD19AA0000-0x00007FFD19AA1000-memory.dmp

Filesize
4KB

Download
memory/436-640-0x00007FFD19B30000-0x00007FFD19B31000-memory.dmp

Filesize
4KB

Download
memory/436-638-0x00007FFD19B40000-0x00007FFD19B41000-memory.dmp

Filesize
4KB

Download
memory/436-573-0x00007FFCF74C0000-0x00007FFCF7F81000-memory.dmp

Filesize
10.8MB

Download
memory/436-637-0x00007FFD19D30000-0x00007FFD19D31000-memory.dmp

Filesize
4KB

Download
memory/436-575-0x000000001ACE0000-0x000000001AE80000-memory.dmp

Filesize
1.6MB

Download
memory/436-576-0x000000001ACE0000-0x000000001AE80000-memory.dmp

Filesize
1.6MB

Download
memory/436-577-0x000000001ACE0000-0x000000001AE80000-memory.dmp

Filesize
1.6MB

Download
memory/436-582-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/436-587-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/436-588-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/436-590-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/436-592-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/436-594-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/436-598-0x000000001D9E0000-0x000000001DB22000-memory.dmp

Filesize
1.3MB

Download
memory/436-599-0x000000001D9E0000-0x000000001DB22000-memory.dmp

Filesize
1.3MB

Download
memory/436-603-0x000000001D9E0000-0x000000001DB22000-memory.dmp

Filesize
1.3MB

Download
memory/436-633-0x00007FFD19AB0000-0x00007FFD19AB1000-memory.dmp

Filesize
4KB

Download
memory/436-624-0x000000001DAE0000-0x000000001DAEA000-memory.dmp

Filesize
40KB

Download
memory/436-625-0x000000001DAE0000-0x000000001DAEA000-memory.dmp

Filesize
40KB

Download
memory/436-627-0x000000001DAE0000-0x000000001DAEA000-memory.dmp

Filesize
40KB

Download
memory/1388-569-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/1388-559-0x0000000000EB0000-0x00000000010E6000-memory.dmp

Filesize
2.2MB

Download
memory/1388-562-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/1388-563-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/1656-494-0x0000000005870000-0x000000000597A000-memory.dmp

Filesize
1.0MB

Download
memory/1656-493-0x0000000005520000-0x0000000005530000-memory.dmp

Filesize
64KB

Download
memory/1656-491-0x0000000005570000-0x0000000005582000-memory.dmp

Filesize
72KB

Download
memory/1656-489-0x0000000000BD0000-0x0000000000BEE000-memory.dmp

Filesize
120KB

Download
memory/1656-510-0x0000000005520000-0x0000000005530000-memory.dmp

Filesize
64KB

Download
memory/1656-492-0x00000000055D0000-0x000000000560C000-memory.dmp

Filesize
240KB

Download
memory/1656-490-0x0000000005B50000-0x0000000006168000-memory.dmp

Filesize
6.1MB

Download
memory/3128-556-0x00000000058A0000-0x00000000058B0000-memory.dmp

Filesize
64KB

Download
memory/3128-528-0x0000000005B70000-0x0000000005BC0000-memory.dmp

Filesize
320KB

Download
memory/3128-526-0x0000000005740000-0x0000000005741000-memory.dmp

Filesize
4KB

Download
memory/3128-527-0x0000000005A00000-0x0000000005A28000-memory.dmp

Filesize
160KB

Download
memory/3128-525-0x0000000005710000-0x0000000005711000-memory.dmp

Filesize
4KB

Download
memory/3128-518-0x0000000000F60000-0x0000000000F84000-memory.dmp

Filesize
144KB

Download
memory/3128-522-0x0000000005770000-0x0000000005796000-memory.dmp

Filesize
152KB

Download
memory/3128-523-0x0000000005AA0000-0x0000000005B6E000-memory.dmp

Filesize
824KB

Download
memory/3128-524-0x00000000058A0000-0x00000000058B0000-memory.dmp

Filesize
64KB

Download
memory/3776-533-0x000000001B810000-0x000000001B820000-memory.dmp

Filesize
64KB

Download
memory/3776-532-0x00000000008C0000-0x0000000000B00000-memory.dmp

Filesize
2.2MB

Download
memory/3916-269-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3916-379-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4328-561-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4328-557-0x0000000000950000-0x0000000000974000-memory.dmp

Filesize
144KB

Download
memory/4328-568-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4732-513-0x0000000005630000-0x0000000005640000-memory.dmp

Filesize
64KB

Download
memory/4732-511-0x0000000005630000-0x0000000005640000-memory.dmp

Filesize
64KB

Download
memory/4732-499-0x0000000005630000-0x0000000005640000-memory.dmp

Filesize
64KB

Download
memory/4732-498-0x0000000000C60000-0x0000000000C88000-memory.dmp

Filesize
160KB

Download
memory/4732-509-0x0000000005630000-0x0000000005640000-memory.dmp

Filesize
64KB

Download
memory/4732-500-0x0000000005430000-0x0000000005431000-memory.dmp

Filesize
4KB

Download
memory/4732-507-0x0000000005B70000-0x0000000005BCE000-memory.dmp

Filesize
376KB

Download
memory/4732-503-0x0000000005570000-0x000000000557A000-memory.dmp

Filesize
40KB

Download
memory/4732-502-0x0000000005580000-0x0000000005612000-memory.dmp

Filesize
584KB

Download
memory/4732-501-0x0000000005BF0000-0x0000000006194000-memory.dmp

Filesize
5.6MB

Download