asyncrat | hxxps://cdn-141[.]anonfiles[.]com/F2fbm8nfz7/4c04950e-1682773464/Redline+Stealer+v24[.]2+cracked+%5BXT_CH%5D[.]rar

Analysis

max time kernel
593s
max time network
585s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
29-04-2023 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn-141.anonfiles.com/F2fbm8nfz7/4c04950e-1682773464/Redline+Stealer+v24.2+cracked+%5BXT_CH%5D.rar

Score

10^/10

asyncrat pandastealer stormkitty default persistence rat spyware stealer

Malware Config

Extracted

Family

pandastealer

Version

��H

http://�H

Extracted

Family

pandastealer

Version

1.11

http://thisisgenk.temp.swtest.ru

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6093966625:AAHk4dddHb8B1faCcFqL3um1gmB-f2mWhyc/sendMessage?chat_id=5529838804

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Panda Stealer payload 5 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Kurome.Builder.exe	family_pandastealer
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Kurome.Builder.exe	family_pandastealer
C:\Users\Admin\AppData\Local\Temp\build.exe	family_pandastealer
C:\Users\Admin\AppData\Local\Temp\build.exe	family_pandastealer
behavioral1/memory/4120-618-0x0000000000400000-0x00000000004D7000-memory.dmp	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 10 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Panel 20.2.exe	family_stormkitty
behavioral1/memory/4104-820-0x0000000000840000-0x0000000000870000-memory.dmp	family_stormkitty
C:\ProgramData\Synaptics\Synaptics.exe	family_stormkitty
behavioral1/memory/3068-1247-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty
behavioral1/memory/792-1632-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty
behavioral1/memory/2708-1759-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty
behavioral1/memory/792-1761-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty
behavioral1/memory/792-1897-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty
behavioral1/memory/1424-1952-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty
behavioral1/memory/792-1999-0x0000000000400000-0x00000000004ED000-memory.dmp	family_stormkitty

Async RAT payload 10 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Panel 20.2.exe	asyncrat
behavioral1/memory/4104-820-0x0000000000840000-0x0000000000870000-memory.dmp	asyncrat
C:\ProgramData\Synaptics\Synaptics.exe	asyncrat
behavioral1/memory/3068-1247-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat
behavioral1/memory/792-1632-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat
behavioral1/memory/2708-1759-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat
behavioral1/memory/792-1761-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat
behavioral1/memory/792-1897-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat
behavioral1/memory/1424-1952-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat
behavioral1/memory/792-1999-0x0000000000400000-0x00000000004ED000-memory.dmp	asyncrat

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Panel 24.2.exeSynaptics.exeKurome.Loader_crack.exeKurome.Host.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	Panel 24.2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	Kurome.Loader_crack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Control Panel\International\Geo\Nation	Kurome.Host.exe

Executes dropped EXE 28 IoCs

Processes:

Kurome.Builder_crack.exeKurome.Builder.exebuild.exeKurome.Builder.exePE.exetest.exetest.exetest.exetest.exetest.exetest.exetest.exetest.exetest.exetest.exetest.exeKurome.Builder v24.2.exePanel_crack.exeCONFIG.EXEPANEL.EXEPanel 24.2.exe._cache_Panel 24.2.exeSynaptics.exe._cache_Synaptics.exeKurome.Loader_crack.exe._cache_Kurome.Loader_crack.exeKurome.Host.exe._cache_Kurome.Host.exe

pid	process
4560	Kurome.Builder_crack.exe
4120	Kurome.Builder.exe
4496	build.exe
3840	Kurome.Builder.exe
1236	PE.exe
3248	test.exe
4792	test.exe
3764	test.exe
4780	test.exe
2672	test.exe
4296	test.exe
4788	test.exe
896	test.exe
2224	test.exe
2684	test.exe
4800	test.exe
4104	Kurome.Builder v24.2.exe
3716	Panel_crack.exe
2120	CONFIG.EXE
4816	PANEL.EXE
3068	Panel 24.2.exe
3600	._cache_Panel 24.2.exe
792	Synaptics.exe
3444	._cache_Synaptics.exe
2708	Kurome.Loader_crack.exe
1236	._cache_Kurome.Loader_crack.exe
1424	Kurome.Host.exe
3716	._cache_Kurome.Host.exe

Loads dropped DLL 64 IoCs

Processes:

test.exetest.exetest.exetest.exetest.exetest.exetest.exetest.exe

pid	process
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
3248	test.exe
4792	test.exe
4792	test.exe
3764	test.exe
3764	test.exe
4780	test.exe
4780	test.exe
4296	test.exe
4296	test.exe
4788	test.exe
4788	test.exe
896	test.exe
896	test.exe
4780	test.exe
4780	test.exe
2224	test.exe
2224	test.exe
4780	test.exe
4780	test.exe
4780	test.exe
4780	test.exe
4780	test.exe
4780	test.exe
4780	test.exe
4780	test.exe
4780	test.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Panel 24.2.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	Panel 24.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops desktop.ini file(s) 43 IoCs

Processes:

CONFIG.EXE._cache_Kurome.Loader_crack.exe._cache_Kurome.Host.exe._cache_Synaptics.exeKurome.Builder v24.2.exe._cache_Panel 24.2.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	CONFIG.EXE
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	._cache_Kurome.Loader_crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	._cache_Kurome.Host.exe
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	._cache_Synaptics.exe
File created	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	._cache_Synaptics.exe
File created	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	._cache_Synaptics.exe
File created	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	._cache_Synaptics.exe
File created	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	Kurome.Builder v24.2.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	Kurome.Builder v24.2.exe
File created	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	._cache_Panel 24.2.exe
File created	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	._cache_Panel 24.2.exe
File created	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	._cache_Synaptics.exe
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	._cache_Kurome.Loader_crack.exe
File created	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	._cache_Synaptics.exe
File created	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	Kurome.Builder v24.2.exe
File created	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	CONFIG.EXE
File opened for modification	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	CONFIG.EXE
File created	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	CONFIG.EXE
File created	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	CONFIG.EXE
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	._cache_Kurome.Loader_crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	._cache_Kurome.Host.exe
File created	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	CONFIG.EXE
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	._cache_Kurome.Host.exe
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	._cache_Kurome.Loader_crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	._cache_Kurome.Loader_crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	._cache_Kurome.Host.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	Kurome.Builder v24.2.exe
File created	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	._cache_Panel 24.2.exe
File created	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	._cache_Panel 24.2.exe
File created	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	._cache_Synaptics.exe
File created	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	._cache_Panel 24.2.exe
File created	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	._cache_Panel 24.2.exe
File opened for modification	C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	._cache_Kurome.Loader_crack.exe
File created	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	Kurome.Builder v24.2.exe
File created	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	CONFIG.EXE
File opened for modification	C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	CONFIG.EXE
File opened for modification	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	._cache_Panel 24.2.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	._cache_Kurome.Host.exe
File opened for modification	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	._cache_Kurome.Host.exe
File created	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	Kurome.Builder v24.2.exe
File created	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	Kurome.Builder v24.2.exe
File created	C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	Kurome.Builder v24.2.exe
File opened for modification	C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	._cache_Panel 24.2.exe

Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

124 api.ipify.org
125 api.ipify.org
129 icanhazip.com
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4964 3840 WerFault.exe Kurome.Builder.exe

flow	ioc
124	api.ipify.org
125	api.ipify.org
129	icanhazip.com

pid	pid_target	process	target process
4964	3840	WerFault.exe	Kurome.Builder.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

._cache_Kurome.Loader_crack.exeKurome.Builder v24.2.exeCONFIG.EXE._cache_Synaptics.exe._cache_Kurome.Host.exe._cache_Panel 24.2.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	._cache_Kurome.Loader_crack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Kurome.Builder v24.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Kurome.Builder v24.2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	CONFIG.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	CONFIG.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	._cache_Kurome.Loader_crack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	._cache_Kurome.Host.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	._cache_Kurome.Host.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	._cache_Panel 24.2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	._cache_Panel 24.2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133272544131980245"	chrome.exe

Modifies registry class 64 IoCs

Processes:

OpenWith.exeSynaptics.exePanel 24.2.exechrome.exeKurome.Host.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	Synaptics.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c003100000000005456e99c110050524f4752417e310000740009000400efbe724a6fa85456e99c2e0000003f0000000000010000000000000000004a0000000000e4a80f00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	Panel 24.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Applications\7zFM.exe\shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance	Kurome.Host.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\rar_auto_file\shell\open	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\.rar	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\rar_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\rar_auto_file\shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000005456f0961000372d5a6970003c0009000400efbe5456f0965456f0962e00000080a50100000008000000000000000000000000000000719c450037002d005a0069007000000014000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\.rar\ = "rar_auto_file"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\rar_auto_file\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Applications\7zFM.exe\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exebuild.exeKurome.Builder v24.2.exeCONFIG.EXE._cache_Panel 24.2.exe._cache_Synaptics.exe

pid	process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
680	chrome.exe
680	chrome.exe
4496	build.exe
4496	build.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
4104	Kurome.Builder v24.2.exe
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
2120	CONFIG.EXE
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe
3444	._cache_Synaptics.exe
3444	._cache_Synaptics.exe
3600	._cache_Panel 24.2.exe
3600	._cache_Panel 24.2.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exe7zFM.exe

pid process

3940 OpenWith.exe
1676 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4216 chrome.exe
4216 chrome.exe
4216 chrome.exe
4216 chrome.exe
4216 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

chrome.exe

pid	process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

OpenWith.exe

pid	process
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4216 wrote to memory of 2148	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 2148	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4920	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4796	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 4796	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe
PID 4216 wrote to memory of 3928	4216	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn-141.anonfiles.com/F2fbm8nfz7/4c04950e-1682773464/Redline+Stealer+v24.2+cracked+%5BXT_CH%5D.rar
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb75a9758,0x7ffeb75a9768,0x7ffeb75a9778
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:2
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:1
2⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4996 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:1
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4336 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4292 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:1
2⤵
PID:240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:8
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4448 --field-trial-handle=1696,i,15866730477354207574,1555100786678714804,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3940

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH].rar"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:616

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Builder\Kurome.Builder_crack.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Builder\Kurome.Builder_crack.exe"
1⤵
- Executes dropped EXE
PID:4560

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Kurome.Builder.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Kurome.Builder.exe"
2⤵
- Executes dropped EXE
PID:4120

C:\Users\Admin\AppData\Local\Temp\build.exe
"C:\Users\Admin\AppData\Local\Temp\build.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4496

C:\Users\Admin\AppData\Local\Temp\Kurome.Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Kurome.Builder.exe"
3⤵
- Executes dropped EXE
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 1060
4⤵
- Program crash
PID:4964

C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe"
2⤵
- Executes dropped EXE
PID:1236

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3248

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=640"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4780

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=304"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3764

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=244"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4792

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=676"
4⤵
- Executes dropped EXE
PID:2672

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=668"
4⤵
- Executes dropped EXE
PID:2684

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=260"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2224

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=704"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:896

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=696"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4788

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=688"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
5⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe" "--multiprocessing-fork" "parent_pid=3248" "pipe_handle=684"
4⤵
- Executes dropped EXE
PID:4800

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Builder\Kurome.Builder v24.2.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Builder\Kurome.Builder v24.2.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4104

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
2⤵
PID:2108

C:\Windows\SysWOW64\chcp.com
chcp 65001
3⤵
PID:4184

C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
3⤵
PID:2576

C:\Windows\SysWOW64\findstr.exe
findstr All
3⤵
PID:608

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
2⤵
PID:2336

C:\Windows\SysWOW64\chcp.com
chcp 65001
3⤵
PID:1036

C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
3⤵
PID:2992

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\Panel_crack.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\Panel_crack.exe"
1⤵
- Executes dropped EXE
PID:3716

C:\Users\Admin\AppData\Local\Temp\CONFIG.EXE
"C:\Users\Admin\AppData\Local\Temp\CONFIG.EXE"
2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2120

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
3⤵
PID:448

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:3936

C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
4⤵
PID:4504

C:\Windows\SysWOW64\findstr.exe
findstr All
4⤵
PID:1200

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
3⤵
PID:3004

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:924

C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
4⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\PANEL.EXE
"C:\Users\Admin\AppData\Local\Temp\PANEL.EXE"
2⤵
- Executes dropped EXE
PID:4816

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\Panel 24.2.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\Panel 24.2.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
PID:3068

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Panel 24.2.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Panel 24.2.exe"
2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3600

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
3⤵
PID:4932

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:4384

C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
4⤵
PID:2812

C:\Windows\SysWOW64\findstr.exe
findstr All
4⤵
PID:3012

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
3⤵
PID:2844

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:3616

C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
4⤵
PID:3440

C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:792

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Synaptics.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Synaptics.exe" InjUpdate
3⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3444

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
4⤵
PID:3068

C:\Windows\SysWOW64\chcp.com
chcp 65001
5⤵
PID:4184

C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
5⤵
PID:4252

C:\Windows\SysWOW64\findstr.exe
findstr All
5⤵
PID:2876

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
4⤵
PID:3204

C:\Windows\SysWOW64\chcp.com
chcp 65001
5⤵
PID:4380

C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
5⤵
PID:2220

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Loader\Kurome.Loader_crack.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Loader\Kurome.Loader_crack.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:2708

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Loader\._cache_Kurome.Loader_crack.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Loader\._cache_Kurome.Loader_crack.exe"
2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:1236

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
3⤵
PID:636

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:1392

C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
4⤵
PID:1916

C:\Windows\SysWOW64\findstr.exe
findstr All
4⤵
PID:2800

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
3⤵
PID:2544

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:2552

C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
4⤵
PID:2388

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Host\Kurome.Host.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Host\Kurome.Host.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:1424

C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Host\._cache_Kurome.Host.exe
"C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Host\._cache_Kurome.Host.exe"
2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:3716

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
3⤵
PID:4880

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:5076

C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
4⤵
PID:2424

C:\Windows\SysWOW64\findstr.exe
findstr All
4⤵
PID:5092

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
3⤵
PID:4412

C:\Windows\SysWOW64\chcp.com
chcp 65001
4⤵
PID:3288

C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
4⤵
PID:324

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe
Filesize
923KB

MD5
ad5e1454eb96c012755dcab90cfd69cf

SHA1
17f93458b223542eed1c269d9c64b8c39341b1cd

SHA256
726725262283f68ec3e3f62d13863c7df9b08f54e19c28603407d98631468494

SHA512
1f503e6619ff5cd87838b4618400ae54c24d5f618813cfd8ce7ecdd53f25d74186dda096a1a2ab49848184e22137c05de0fbf010a0ccc9adcc5b58e727da1d46

Download Submit
C:\Users\Admin\AppData\Local\13798e8c66c72f29b7bf2f9a864054c0\msgid.dat
Filesize
4B

MD5
908a6f6a6c131a850ecb0e3f11b08189

SHA1
07edd2c6f5c1518a21de793785ebfbc34ea4f594

SHA256
352a4f750446467c7aa84dab0f0d6aa496e3f3e27a970b3011fc0027a41ffc1b

SHA512
79e60fc1094d91c9a90213d3c9940c49be28ad2c30dc1904404a686dda8d2e10b6c96de779e7336e1a6adeb7edf2b87074c87dd57ab1f9661186d99b92409400

Download Submit
C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\System\Process.txt
Filesize
1KB

MD5
50a0ea3aa899251d7a2decbecca0cf8a

SHA1
a24a068e527a9bfc80af2606d7606f2e97dad984

SHA256
e52d4f27322e6bd3dd2e49d83585479570ba1b466feb53a44c7388aa66009e49

SHA512
01634cd5c1d2608ca30936c17fdb95f0d5d982b782b7c7e16a7fd084af1bd698fe8a1e4431f71cf1fa6a377199af324977e7f7d1f5879333fe3c1b3535c2c2b8

Download Submit
C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\System\ProductKey.txt
Filesize
29B

MD5
71eb5479298c7afc6d126fa04d2a9bde

SHA1
a9b3d5505cf9f84bb6c2be2acece53cb40075113

SHA256
f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3

SHA512
7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd

Download Submit
C:\Users\Admin\AppData\Local\3784400c96b9e5ee5eb9ab498d4adc4f\Admin@RDOTXCCL_en-US\System\ScanningNetworks.txt
Filesize
84B

MD5
58cd2334cfc77db470202487d5034610

SHA1
61fa242465f53c9e64b3752fe76b2adcceb1f237

SHA256
59b3120c5ce1a7d1819510272a927e1c8f1c95385213fccbcdd429ff3492040d

SHA512
c8f52d85ec99177c722527c306a64ba61adc3ad3a5fec6d87749fbad12da424ba6b34880ab9da627fb183412875f241e1c1864d723e62130281e44c14ad1481e

Download Submit
C:\Users\Admin\AppData\Local\5a5f5f2cd16426fe590fafe457300ebe\msgid.dat
Filesize
4B

MD5
1102a326d5f7c9e04fc3c89d0ede88c9

SHA1
d2a8a1bde5eba1942d457a555cf2c0dc034aacd8

SHA256
679e7aaf2604ef1933a4495e05e21fada5e5f43b6242a8b3d532b68b170aa19e

SHA512
a37ee1376f8e6770216f9156cd5148f6be1fe1ad84144d4fcf03e719012dd9920c96d9211810a8e395b48c5f45fee3804fba5ef0246d496d627e292641db5581

Download Submit
C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Browsers\Google\History.txt
Filesize
1KB

MD5
da64d197cb8bb77adaf82b6abcf1eac8

SHA1
7eda57952b423bb0959024a6a8ce71fe61ab9469

SHA256
6e703610462665d04abadeeecb2db2c10ede4a969645f4b41689f95cb83dc7ed

SHA512
1c52fe4d778b431c5ff73f082cec70895678519d15764fdc15c3a3b0b9748159624d584654b303d35b62f71e8a0c6c41fbb0ce2c08be04f8e739a18b888407f8

Download Submit
C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\chromeBrowsers.txt
Filesize
2KB

MD5
5c06977f634c911382ca6f6107a8489a

SHA1
645062b6f09924255cd1c2c98265bacfee3f2371

SHA256
92308e2b67aa3c6989d5d744ac51faafb40886e6863adb933a3cf2e9beba0737

SHA512
19c9e324314725038a39b0e596e537b5937954f7358c56cddc25c51fdd9ef10346d77ce5c7a0703db854c9aa232dcef1bdcd16411937d526a080dd87a3793e28

Download Submit
C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\geckoBrowsers.txt
Filesize
395B

MD5
84d16e157a64d476231d1ff7d53c562d

SHA1
ad863e9956be1b32a82062e076e1c7fc0092a479

SHA256
c2f35b643afa2d013602a448a5c14a73942f9faa281564040ac5c044602e0e1e

SHA512
4fe76a0e2e00640de9107091625c4c3392ff8f35d2bee9dbad77d04df5ba614eb8555c40d4028f80258369abae05020ea2d03acd43e24330c0bc08a6c83d2a46

Download Submit
C:\Users\Admin\AppData\Local\5f3a1bbfeaf7a647feef7cd7e5fbeec2\Admin@RDOTXCCL_en-US\System\Process.txt
Filesize
4KB

MD5
c158ce588406d69657804eb9387c78b8

SHA1
987383830740a8884c1ddeda5a9153f7f59b3e7c

SHA256
5cfd716716b02d54c6dbac7c8073943ecb2739e7e7bc35460283e4855e7194fd

SHA512
0b099edd23064b4e246cf4e92f8b51ab7790e7f9862b3ca754e271662c6080221779a2a7b651a84d2f5b2a15c9f31352b73ad5831b3cc976648becf5fc38dc23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
a139aaec5f1adfff6cd2c9b99e446b94

SHA1
4a2973a730f2be3e6a1dad8c76fdc9a74c367fea

SHA256
72938d12cc8298969aaf57dc0fac2ffa0a8a6314caa78412f84c26b7c0caba99

SHA512
d229197717b950ea590b847177f210b2acddde711d5c793bf16ba6cc1088f92166f627326b4608ac96321c6b4bf0f497db3a18f164463f8a9d1660ae0978bf41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
d6c0ac7d60144b8aa3f013f3dc3c9588

SHA1
f726836f03f51d7d6bf8d0eb3165d039f8c82615

SHA256
942033923ba697fdb1e9bac0a371c58852e280f25f885356169a4eb05ccfdd33

SHA512
b4531f226a4ebc3ebfaa7f15840ce7105040e83f0a00c33d7c5e21f094904817612d1a7a1750c57f9512ea310a18ee1eea50dafc62bbddde35e46453f5b9f5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Filesize
20KB

MD5
d61ac0512cf87ced904ca24d169b64ba

SHA1
1c9ea7f8c231824f1bc818dd0b55ac02a2aad318

SHA256
4e83365f683945511fa1f68a4c05f663049d0cd4b9289f78a695c987a1de3284

SHA512
0cc37919a04bd899396f65e364c5b4c425d8fb3d1b3e73007881f19bb5a3afae75d0bd9a6ccdf74d103bee6d40cdeebbb12662c021599ad4c9ed86ac7e5f8f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d6942346d57fdbb95cc5892eb4b79264

SHA1
c0885e870da55c66c10b679772161c4ce7e7da56

SHA256
dea0473ff98c3b9c39c8b5e108f09a118b1616d1c99e7105913cccbabd4bbbf2

SHA512
80612187b4d568d26b9df28ee6bcda720f183152ae76acfb535eb13feafc6b595a66d33da61480eff08c4ba827e3632f6ca2a32e69a5be112cd7c671ed335dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
491922e39a679cffc5e5086475f728a8

SHA1
40280cbbd0762f27147f4e7c70a2df2d9fd395a1

SHA256
492563f93f8f2727fa40494afb5c2d723f8463db6c830623ea01cc7144fe3cbc

SHA512
b5945318106316d7f7448ff724fa7bbfe2b136bc52f60f2a6592fe40fb78b5e2ecb0fb10a425c126e2c83c6be3d8e7cfb5053854988cde1a2c6f784f49b6b394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
07cf74fbb6fa7ef9322d497da722543b

SHA1
503b0c82a5e33e414f30c6d7d8db19c6b68708ad

SHA256
a196dd5c39f35403f45db9a445a9788ec67d24fe94bb0c1db594d7271d4079dc

SHA512
b91e6f6fd0bdf70dfbe8acc9d703c5587d4209c002c6e783b469d56ff6b95e224387ba02e66a86a7cd778015c91a9a032eeb40e76372e9e47e5f072d503c52c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
e66799d35ac0e4c974fb16a4ad7ed677

SHA1
03668d4ebbbc5c9ed72bd20656dca389b010aff6

SHA256
a6e6d2dda0ee1240eb8bf14bfe3ab54fe466fc8d58918f54ba5c4a36762676f9

SHA512
793fb2bdd6769155285471cc32a3f45f56d4e592ff9cf544548accdd0dcea4210a94a387a1db487b32f7122fef1e583853d26c44b8a93d6379d9536cd1c17aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
43287a1ded1b0819b58f554e9f985445

SHA1
92b6798087e9851354b76a5e124c36a8071cf976

SHA256
c8c3c3ac7e0c48dff153e1f4ba924974c1b32c7eec211d93c5c5e3c831ac5080

SHA512
b1f7368b050a98253d8f58db76e30a9163e79e5e2b3c62cb7829f2a532ac32dfbb2f7d7cbd4d13ca65d994e222050c9a3659337b32ec19614ab0053bc31dc7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0cd4f76286cff2d9300a5b9302dd4f65

SHA1
3d06a8f1ace334d4c5d96e16b8b38aedcc038140

SHA256
43addd453b0d958f9dec6f924ab404918c33439cb419d4a24764aba2ed763a30

SHA512
0a90ce4a1fec1605379ac4447439991598a0c63b56dfc25e469d1b155183eac44c512c73c7c7c11028edb5d2e1c3f6825b8dc97eb721cfd45bb0627c0ab365a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b14c17dc585116114bdbfd40b3a22ddf

SHA1
f81fafe2ac2773898352e86d7eb1fe777023ccd4

SHA256
6bfd12eb405ac0307b5cfc9169c1d645c92742f6e3fc8620afb3a9e62d8264ed

SHA512
c6351a22670012a467c3c075a99248e1353d02791c6bdd6b8bf639c8a3bdbedc4c6a11b7fb37b5826a24b65c3a3ad146945543fa7e4373c7fea483682a9979f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
397010685a5f1edd6d935420b61df73e

SHA1
a95a335f877543e0a22674e734b14702751b87dc

SHA256
d9848f9c8796651f41f55affd7814361470a74df851afc2f96bf7d5382341526

SHA512
a53250d0a0fb6df434e2ab6335d3b5f253ff19abe13d6210d142b999fc0742de765d646e8f8a72a69e0164d0b46658a4cd085d80da7919db7e8f89a28538eafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7e1d1bb39b4343f3284a18ddae9e61e8

SHA1
b28df34b723ff41145db5e49b4385a83fa2bc0bf

SHA256
332a184e7f8261fedd568619b09c77a916152de28e23be71db0be0a054d736eb

SHA512
3aca5d7d8ba10003e677091c80707f4f58af16db91808e04429e0dc754f71645481ec7415b80d3a779e4af92a02068ca2166bf34f744a974d52a5c1879239337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
22ea980fe108a74884dc44d7401bb8d6

SHA1
327e79e683758e465b8a9bb90a9372896c611207

SHA256
a2b50d29946519f2931aed457dcdc003d1e5f802b219c104cc92a8e68b47d6c3

SHA512
41ab93d60bc3bb84f023379faf008b2ee25806d535ffe55e263f325ea8219c4a73459c490d36a6225a4af50b705768e13f2fed7490c05c3835dd70f3214d1ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ed315420ead47623abf758a2a9c3b98d

SHA1
5f9dad81dd51af8b178dc8933be923acd35430b2

SHA256
cd3f426bd05640554c52903415f1e6eb037f5e2a810c103017fdb60fd4397543

SHA512
b435ba5f1ad8061ebc21cfe356c6d4c43da1af138add60197c86c621b2a1b9f71d8224258b5f0437d95e7b18a53058d01c5d45d27c22f067c1dbd0d9da11d1af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
81e0c421ebaf472bafa4e9b58f1458ac

SHA1
9e50e49066594c7b1d486f90bd9616995038595c

SHA256
d9944e14da2178db0a15c91dc79dcce12c42a1e2bf42f9f1f821f86fe3dd4e96

SHA512
4757ee4d765f1844b53bc3ba7e087714632819a19f9d885d9754412067cb176e6c8851832d051e6a079c602ec84d57f234ea23b666aa3200d3115128119aa779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5704a3.TMP
Filesize
48B

MD5
c259d0993b23fe5edeb822b8069e25a6

SHA1
7d4bb4ec1cc060c4d278d0702386853f641af437

SHA256
d74defaa302bcdd66f38b2a76457ead97052736ea27fafe69a05f67f3488c1a1

SHA512
27233af2d486c5878138e6dcdacb382d9ef32c1c03d1f58cea32814697d2c52125d8281dee9a0f6a26cc886ecfad75603f05b1b66b18a27e76f3755cbf7db168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
71d369679234fa981d3575fb5dc7f3d9

SHA1
920c7f9f26196b2a5f37e29079a083fe9db5cda6

SHA256
04f221a31cf87d7a2db25d5e35dd090f8535530f75e73df1dfc1e8a1bad5faaa

SHA512
8702b801d854b5e0f72fef0ce496be2fb84d5a41510549cad3a8b4c8b84bcde86e9a26d72c1041de906d4f3bca56daf16097c682f4c7c854395fa040e1cb1ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
7ab964353c11b40d83dd7a495379b867

SHA1
ca1c250f6242ccbbe18a4e78274bf4edfd350919

SHA256
13cbe3f64b634de77fca17afa1699ba4521b5e19d9762f728d630b7f8fafed8b

SHA512
9f31253fe2de040b6d94893d6e9caa175f5a20ccfae246c73e2d92ed379aa517b5dc57f3a8c925f994f54a1b4d4a927907e0bec03aa91be0619e5d7eaab40a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
c17a6a0278773aef7cca5f73cd720e9b

SHA1
40f25f008a217a755d369a3ae3dd988248eb96fd

SHA256
7105db6314ea6c4ab110db292b46897e8b4380ffd81b07a838294ff1bfaad265

SHA512
91ab7fcb24c2817074b2b78d04f665d52a30a989f3a8cad8f1ebfd9820cf0bd3da5f66f18d98062e0136d2ecaabab2e841b0af9f29f463bcfbddcce03076a4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
20d2f6600a3a85659d75e8407be68497

SHA1
fd27acf48e268ec9ad3bba00f86e3881caa6d10a

SHA256
85b0c083e699624ea32bbde8d7840bf1380522862d57a9152d74c5b68e604fe8

SHA512
1ca3b0aaa15b93c81419fce515964b701ce1c5d4890b7fa175375c3a2ad88eaee1eda83be55ce1e6cac3c4e6e8879b94be838ffadc73c0204fad9fb8e9ea6472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
05be6071a913732a6d495ac8dd7c06f9

SHA1
3d63cad9921dc735343f2eabd877e8739ac92df1

SHA256
ccd486fcf09b02165c8b5f70e039431efa00ad4eb09e358489baa6236a43b7fb

SHA512
153e1e162032eec821e59d2d51a96274e5fc7d159d5078bbe56b5d95e8251546554236710b10712e284f3756b3b3a304e52232182d983c440a037cdda9a51e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
150KB

MD5
f1efba9685fca3ac9a8797e24ebfd973

SHA1
396916e964cf77eaeacab026e7e358503853a206

SHA256
1cd0179a79aabccd0d43e4380c1b56421a27fe0ca7001bf03080e6fe2d937aa4

SHA512
746729a1decfc39eb555f8b3d8516910a08d14136d926ede5e0f97c2497d91269fac2e3b166ee7554617e65daf9ae6f4977ec372ff6e309323774e9db1277ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
161KB

MD5
315322a0b5e0cb6d67446bc431a0941c

SHA1
4125b1bf3264532c14d65d07d93e6d8296d5169e

SHA256
01a2198da926356ba59476a703517ce349855a390975a7649426a3caedd24d8a

SHA512
74459309597294b563367a65ee1057615395adec2e17108220ff405dfec7a0b3a09d77d1aa67138218cca8952e600a64db5a4383e13259b07fa530cc5f728118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
161KB

MD5
315322a0b5e0cb6d67446bc431a0941c

SHA1
4125b1bf3264532c14d65d07d93e6d8296d5169e

SHA256
01a2198da926356ba59476a703517ce349855a390975a7649426a3caedd24d8a

SHA512
74459309597294b563367a65ee1057615395adec2e17108220ff405dfec7a0b3a09d77d1aa67138218cca8952e600a64db5a4383e13259b07fa530cc5f728118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
2f8815f3a477be718a16b6deaf017fde

SHA1
5ec588d126e39b43b8a1037399ef95e31d6b02da

SHA256
ccbb6811aec18a78a29b9cd45a4db9228604bd4f953bed89aa8447d50970ffb0

SHA512
206e13ae5507f206984e3e44fa2afdbe78cee27ee68c2844e499e9923def654ea69885815f3c34c09399eb7c909f5010c26ee2f70af695de5fb68326c6caddb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
641287254ba630b5ed92c010b84428f5

SHA1
6a488ab520181e56bc69fd0bb7bd8c937e63cd16

SHA256
60db4588ee9a26e155871d08440086daf91a54576f833c1d48f7bec499464a71

SHA512
ac9ebafb88a09dccee2b22b84ef654379224f572d7a371d90d317de31dac0f4b86bdc98dfb4e2eb5694843061071fc5ccd974824cb29fc85f503931e21fee244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
08eb8a3b90b81a4f735f5918cac4d5cf

SHA1
2ed6d9528ee6235cb59bb92fff579ac2de4e0429

SHA256
4d4d771dfeb9db4dc0519bf00676b495bca022f8d71648252d2ca07da8193b64

SHA512
644095f035fa5f1f74f372bce751c04fe7753c63fd47a8a17df7a82d443907657aa66db6ebb418dec339a2179838b905193101248514c27c0567423f1c79367e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5725d7.TMP
Filesize
97KB

MD5
2bb9878a0834211bbf6cfab3712a62dc

SHA1
1828b4fb18c40d9a56dc4a23dd802159c2334b85

SHA256
733a1acd4c637ee1860bd4bc25d4ea303b37b4581f81d9547f318b0261af6d1a

SHA512
938a2a69f656338abf0632a82a7a4bc960eafd35b417f7856ac3cc41840b49c8c6e4a7add295696425515b4207b66cb6305f02aee76b28e37739bd8f7895a45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kurome.Builder.exe
Filesize
137KB

MD5
cf38a4bde3fe5456dcaf2b28d3bfb709

SHA1
711518af5fa13f921f3273935510627280730543

SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e

SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kurome.Builder.exe
Filesize
137KB

MD5
cf38a4bde3fe5456dcaf2b28d3bfb709

SHA1
711518af5fa13f921f3273935510627280730543

SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e

SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_cbc.pyd
Filesize
12KB

MD5
ff9b1e03922361e0a8be65e5e1421aac

SHA1
d4d674fb4e0214903e341e98613328d51aff9054

SHA256
2a5ab7f23554f497693ca81a5e5f21647b10fd8b9e00b8377d8385dc15a9c4df

SHA512
8cbbbbdc9a3d9e866dc88a655a75317f58cb4a49cb262975ff8c4ae5d47c344b86f69f6d2fc369dd7aa8ad7fcaa40d1937320e7e4f5923a03a39459b7bb247c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_cfb.pyd
Filesize
13KB

MD5
06358818f111a1c8e1b76d60a650c997

SHA1
5bbaf40aeb932766346631df25d887264aad7ac2

SHA256
b5438682a4c6bf57dcaad2835a9a293f712284fbe1af4ba6059011396cdbd180

SHA512
f954b4e56e3ace2c8e0961149cb5bd433f35530bc1c5e38ec5d2223ec3591df0998903b3928668c5d8c05f16eaa1c2adf41fc999690c42dafa794800fc4b193e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ctr.pyd
Filesize
14KB

MD5
6adf70fd22d5ca90269466e5fc2aca2b

SHA1
1d4cdf2b08154b33738c5244a8886284c71693b9

SHA256
2f9dfa9de351bfe553dde60ae891e9b54a2e08546d723c7165234fd41c3ceed4

SHA512
efbd7133e5b5ef035f5a09d92b3b12d3ad367d6c35856a842536102d36a1ef53afe62ea3c3a5a4ae641bb28b6caaed18afa3519a637aa36f71f71979d4f61239

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ecb.pyd
Filesize
10KB

MD5
64f6350fc1145db6337a9e3dfb83222f

SHA1
fea799c3f2a655d5104a46b788d98ea272557ae5

SHA256
821a86630238beaf4e303196ce26a250ef873f7a98b92644566b3c7d683d400e

SHA512
58f90099630b98a632db38d7cc4a2f44c70bb012f55b3b5a69dffc3a76f6a2b30ab81d678b95e807c135b96633a0d8ed83428924a1c9d1dfdb7f2a3962a44d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ofb.pyd
Filesize
12KB

MD5
670c2baf75e559b89435283298f75bef

SHA1
be1e5a0711c6c0bb1e2aef4ed18a15ed5759b027

SHA256
236650fc42b347b9caa5e3a84a13da9e40586d97762f87730c9016dcb81abf06

SHA512
52554fe5308f7b758b66b48262aae1c180191358e15fdd85b7d5ef47a35677e079c3ef6a54e63d1520038bbfc79bad5b2534b1c2808217ffb53c55b7e8862fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Hash\_BLAKE2s.pyd
Filesize
13KB

MD5
9098b9c8340047c6434825e18826cc18

SHA1
85dde191f6549aca0813d8a723d39b83c61002db

SHA256
825039711c334e169432a482f8b71ae735d7a1bd56552e501f6f3eca87cf272e

SHA512
defc6852291b568793a48124184342272f4bc424f88de82a35335d5596dfacc93a52afc33c43337e4ceb800c5bd998493a7ba7f52c02a6027a4434d7e608fcae

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Util\_strxor.pyd
Filesize
10KB

MD5
db1f79a96a1390028df325dd183ff9f1

SHA1
8373b6c44fdbece2c1ee5327a2bb5e5b0a719ed4

SHA256
6429928799a5eea9e090224a2d7083b469892d725a28ea9dcc2a95f94286b0da

SHA512
dad71f250340e529883e3347e90e66a445641f019351e745940c6700145c6c923a9d5575efaf42436823bd8f1db44e9b00c99eb1cc41dc49425ea9db9847590e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd
Filesize
81KB

MD5
a4b636201605067b676cc43784ae5570

SHA1
e9f49d0fc75f25743d04ce23c496eb5f89e72a9a

SHA256
f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c

SHA512
02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
Filesize
119KB

MD5
87596db63925dbfe4d5f0f36394d7ab0

SHA1
ad1dd48bbc078fe0a2354c28cb33f92a7e64907e

SHA256
92d7954d9099762d81c1ae2836c11b6ba58c1883fde8eeefe387cc93f2f6afb4

SHA512
e6d63e6fe1c3bd79f1e39cb09b6f56589f0ee80fd4f4638002fe026752bfa65457982adbef13150fa2f36e68771262d9378971023e07a75d710026ed37e83d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd
Filesize
154KB

MD5
b5fbc034ad7c70a2ad1eb34d08b36cf8

SHA1
4efe3f21be36095673d949cceac928e11522b29c

SHA256
80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6

SHA512
e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
Filesize
75KB

MD5
e137df498c120d6ac64ea1281bcab600

SHA1
b515e09868e9023d43991a05c113b2b662183cfe

SHA256
8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a

SHA512
cc2772d282b81873aa7c5cba5939d232cceb6be0908b211edb18c25a17cbdb5072f102c0d6b7bc9b6b2f1f787b56ab1bc9be731bb9e98885c17e26a09c2beb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_sqlite3.pyd
Filesize
95KB

MD5
7f61eacbbba2ecf6bf4acf498fa52ce1

SHA1
3174913f971d031929c310b5e51872597d613606

SHA256
85de6d0b08b5cc1f2c3225c07338c76e1cab43b4de66619824f7b06cb2284c9e

SHA512
a5f6f830c7a5fadc3349b42db0f3da1fddb160d7e488ea175bf9be4732a18e277d2978720c0e294107526561a7011fadab992c555d93e77d4411528e7c4e695a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd
Filesize
28KB

MD5
adc412384b7e1254d11e62e451def8e9

SHA1
04e6dff4a65234406b9bc9d9f2dcfe8e30481829

SHA256
68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1

SHA512
f250f1236882668b2686bd42e1c334c60da7abec3a208ebebdee84a74d7c4c6b1bc79eed7241bc7012e4ef70a6651a32aa00e32a83f402475b479633581e0b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\sqlite3.dll
Filesize
1.4MB

MD5
926dc90bd9faf4efe1700564aa2a1700

SHA1
763e5af4be07444395c2ab11550c70ee59284e6d

SHA256
50825ea8b431d86ec228d9fa6b643e2c70044c709f5d9471d779be63ff18bcd0

SHA512
a8703ff97243aa3bc877f71c0514b47677b48834a0f2fee54e203c0889a79ce37c648243dbfe2ee9e1573b3ca4d49c334e9bfe62541653125861a5398e2fe556

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Kurome.Builder.exe
Filesize
829KB

MD5
d7ecaa18abc939e94eb7b751e14c2b2d

SHA1
40b6d5eff1347182fcc22ff9a8982282432786bd

SHA256
433acf938a74ef9ab5f556679a00963e2d67dc4921281192f6a4d9de485270ae

SHA512
15c1cf8195f5d715af1958754fd06693472a649657484bf68198d41dc4931ef48c1c6d092d3bf2dbca68541933b5151fc9b13970d3930b7d2d868d0aaf046f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Kurome.Builder.exe
Filesize
829KB

MD5
d7ecaa18abc939e94eb7b751e14c2b2d

SHA1
40b6d5eff1347182fcc22ff9a8982282432786bd

SHA256
433acf938a74ef9ab5f556679a00963e2d67dc4921281192f6a4d9de485270ae

SHA512
15c1cf8195f5d715af1958754fd06693472a649657484bf68198d41dc4931ef48c1c6d092d3bf2dbca68541933b5151fc9b13970d3930b7d2d868d0aaf046f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe
Filesize
39.2MB

MD5
42ea087a05bfcd8f3abcca77039ad3b6

SHA1
0731ec6c0377388d76641284028c70244df4ce77

SHA256
99e843af5639c3e176f94d77b36f67d381c89a95fb6e0ed4b6552bf19740c2f0

SHA512
a5471d37c8252c423cca4a122e7bf8d24383fb1aafc9ba147132180cdf48f36d88c0dbc95a7b3517c34bbdfbe95a121c82601e7a3be8233fafe9f9f560c2e36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PE.exe
Filesize
39.2MB

MD5
42ea087a05bfcd8f3abcca77039ad3b6

SHA1
0731ec6c0377388d76641284028c70244df4ce77

SHA256
99e843af5639c3e176f94d77b36f67d381c89a95fb6e0ed4b6552bf19740c2f0

SHA512
a5471d37c8252c423cca4a122e7bf8d24383fb1aafc9ba147132180cdf48f36d88c0dbc95a7b3517c34bbdfbe95a121c82601e7a3be8233fafe9f9f560c2e36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\build.exe
Filesize
681KB

MD5
43aa2880830859585b3c6a15e915b8db

SHA1
6780b3f4d54a43b22223629e14c676addb3ac400

SHA256
378f2b1055dd7f1a150e0d86889b9bd3336225e38fc3c8cafb390ebf347ad46d

SHA512
6d35bd792aefe5c1b42caae9e50ed66967a74bb476985e17d3a5bc8d6b87111b7bb1af56cb216bff24f056da33bc14c4bddc81fabbfa07d569bab98ec679289d

Download Submit
C:\Users\Admin\AppData\Local\Temp\build.exe
Filesize
681KB

MD5
43aa2880830859585b3c6a15e915b8db

SHA1
6780b3f4d54a43b22223629e14c676addb3ac400

SHA256
378f2b1055dd7f1a150e0d86889b9bd3336225e38fc3c8cafb390ebf347ad46d

SHA512
6d35bd792aefe5c1b42caae9e50ed66967a74bb476985e17d3a5bc8d6b87111b7bb1af56cb216bff24f056da33bc14c4bddc81fabbfa07d569bab98ec679289d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\VCRUNTIME140.dll
Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\python310.dll
Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
Filesize
12.8MB

MD5
128632f60ea937c44b6ba13c44ee7a87

SHA1
96419d076be3a484dfb27a3347f9832f84f8e83e

SHA256
e77cad92299779b2718bb14c55ee4193c4ff8e5e1fab545db92139c1d8ff99ef

SHA512
003cf67d4ae212e4f64bc46931c3eb1e7b259d489b9f8350e9c65d8cc1c69f641e35a94af1364b48364b90a735744e03312431e88b2ff4a78d9bc3e2174ff856

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\test.exe
Filesize
12.8MB

MD5
128632f60ea937c44b6ba13c44ee7a87

SHA1
96419d076be3a484dfb27a3347f9832f84f8e83e

SHA256
e77cad92299779b2718bb14c55ee4193c4ff8e5e1fab545db92139c1d8ff99ef

SHA512
003cf67d4ae212e4f64bc46931c3eb1e7b259d489b9f8350e9c65d8cc1c69f641e35a94af1364b48364b90a735744e03312431e88b2ff4a78d9bc3e2174ff856

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1162.tmp.dat
Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1172.tmp.dat
Filesize
5.0MB

MD5
06be30acb1b94163a9a87f368b664924

SHA1
4f35108a6378c2a422a03a954f568ac3f1594669

SHA256
de60bdb2a5c73eaf31b782016c8559ebcd2d6d678ee4356c09e6f8e8ebfc1025

SHA512
1e03ed518bf695c42bf21444038fd392d622972ec5fd9f28d673ef15649d17548614f1f35d7139ecc3a5a23b16bd0cd8bedcc8e55b3ac53ecdca9502b626f13f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1C6E.tmp.dat
Filesize
92KB

MD5
5f9db631ae86e51d656563a43e697894

SHA1
79ca32704877a23ea6e7c6c7224901cecf33e8e1

SHA256
f0f54b45862402d4594ba170993dffd1beb626901251d0a4bf0128ae4c79eb31

SHA512
cc81cfe65fb84a5946d6d4b014d77f4c1aa64545c65615a911a1fc7f37fead7d590cc8a1a28a1075b066900650f677313dd5deacf004825ea8d5370b109c1d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1C7E.tmp.dat
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1C7F.tmp.dat
Filesize
148KB

MD5
78f4151fa69d40c0b05fa81e8f885580

SHA1
fc786e652d30e69b83bc0602cd5401f109ce8019

SHA256
c5a7ff95fdeb6dab7039af6fadbfebae4a1615e2b7af295ea13104e99ebec409

SHA512
f51a1da5f5764948d115fa5de670537135a2a92145d8c98b8ca24c0359d2a17cd396d1123f1afc12bd2e47a3c76e2a8ef3698dabf9a7c4466e31c2380067cc2f

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Browsers\Google\Downloads.txt
Filesize
90B

MD5
ea334e8f9bcc0a32b82115e85e8b9781

SHA1
c09bff3b49c462813696c46e4ea3a3b5513feb0d

SHA256
3a998253c2950e149b435b7b3fbe3b45472522d23386dd3b7f4ebe1b105c43b5

SHA512
1f3d59bbb0624eadbcef065daeb54f8b98844e302ee595a9d58e9927ae70bf23623f4720c62738d2024b36e2c1c080567c69599b438f71217851f3db3b7e22de

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Browsers\Google\History.txt
Filesize
1KB

MD5
da64d197cb8bb77adaf82b6abcf1eac8

SHA1
7eda57952b423bb0959024a6a8ce71fe61ab9469

SHA256
6e703610462665d04abadeeecb2db2c10ede4a969645f4b41689f95cb83dc7ed

SHA512
1c52fe4d778b431c5ff73f082cec70895678519d15764fdc15c3a3b0b9748159624d584654b303d35b62f71e8a0c6c41fbb0ce2c08be04f8e739a18b888407f8

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\Desktop.txt
Filesize
423B

MD5
1d3e03501556c3c6ee723d171b75858e

SHA1
2cd6e7a7080038c32e8620986df305c3817aab44

SHA256
77cdd4a053ef70411a6648bb849ec09dd49f39dfc08d130df17005319139a46c

SHA512
ec35617570c2e695fa01e4a2b50dd7ed31cfd3b4e1dad39dab82b1ec2caa7316a9575a0a0f5eaee4ff16f5bbc11fbd7a7495ea91bece6a9db176a0e241aaccf1

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\Documents.txt
Filesize
720B

MD5
bd86608a1c6456f09aeb2391ef2fa9e2

SHA1
a504f3fe33c65e0f9a31491d4941197be5aed363

SHA256
92f458db5c8fff0f7c087cc4bb6a36e7eb18ce874674795f5e8ada1284465f69

SHA512
ce58e2cb52cf39e24ad1d55a980fe844eb71fc6018bb0e3fc5e3ab2837fbd0f4ec129993270829448d54496faea49c11dcddbd9a989fce83433d25cc59672e66

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\OneDrive.txt
Filesize
25B

MD5
966247eb3ee749e21597d73c4176bd52

SHA1
1e9e63c2872cef8f015d4b888eb9f81b00a35c79

SHA256
8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e

SHA512
bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\Pictures.txt
Filesize
581B

MD5
3945ec0e71a78374e67bff04175743bd

SHA1
7e32ec8fdaffb4e29a492a1b13d2faa160206d3b

SHA256
58d48a46ecf4910c28bec45c2c7789d80059b40d5fa614c0582e6144d4447dc7

SHA512
2cb0dee7835652705169488551072d1729dddbc2c2da3d9edbc21cdfe3f6cb5947a50e4187d3e8e483b7b97e151da46ab0475ad9b2d124bf2e5db92ff653213d

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\Startup.txt
Filesize
24B

MD5
68c93da4981d591704cea7b71cebfb97

SHA1
fd0f8d97463cd33892cc828b4ad04e03fc014fa6

SHA256
889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483

SHA512
63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\Temp.txt
Filesize
6KB

MD5
6222cad38564a055432742fe96c71276

SHA1
3b9aa01c9a5cd47d577b0131d1eaaa6393339b59

SHA256
c3fe28185d23a00ca80ef45164f99a5af546b7e1c6b01e80d9a177f1c14de356

SHA512
176524ff94b595ce73f1857cf6e6e2fe01a25a76b3c5fd6013ac2d90901e8c999da57cfc9c65ca882aa3fd6f968a1d36b83cee09aa7eb6385cff2c55df55f0d3

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Directories\Videos.txt
Filesize
23B

MD5
1fddbf1169b6c75898b86e7e24bc7c1f

SHA1
d2091060cb5191ff70eb99c0088c182e80c20f8c

SHA256
a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733

SHA512
20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini
Filesize
282B

MD5
9e36cc3537ee9ee1e3b10fa4e761045b

SHA1
7726f55012e1e26cc762c9982e7c6c54ca7bb303

SHA256
4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

SHA512
5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini
Filesize
402B

MD5
ecf88f261853fe08d58e2e903220da14

SHA1
f72807a9e081906654ae196605e681d5938a2e6c

SHA256
cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

SHA512
82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini
Filesize
282B

MD5
3a37312509712d4e12d27240137ff377

SHA1
30ced927e23b584725cf16351394175a6d2a9577

SHA256
b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

SHA512
dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini
Filesize
190B

MD5
d48fce44e0f298e5db52fd5894502727

SHA1
fce1e65756138a3ca4eaaf8f7642867205b44897

SHA256
231a08caba1f9ba9f14bd3e46834288f3c351079fcedda15e391b724ac0c7ea8

SHA512
a1c0378db4e6dac9a8638586f6797bad877769d76334b976779cd90324029d755fb466260ef27bd1e7f9fdf97696cd8cd1318377970a1b5bf340efb12a4feb4a

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini
Filesize
190B

MD5
87a524a2f34307c674dba10708585a5e

SHA1
e0508c3f1496073b9f6f9ecb2fb01cb91f9e8201

SHA256
d01a7ef6233ef4ab3ea7210c0f2837931d334a20ae4d2a05ed03291e59e576c9

SHA512
7cfa6d47190075e1209fb081e36ed7e50e735c9682bfb482dbf5a36746abdad0dccfdb8803ef5042e155e8c1f326770f3c8f7aa32ce66cf3b47cd13781884c38

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini
Filesize
504B

MD5
29eae335b77f438e05594d86a6ca22ff

SHA1
d62ccc830c249de6b6532381b4c16a5f17f95d89

SHA256
88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

SHA512
5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\System\Process.txt
Filesize
773B

MD5
2265e4d81ab77c5f7504051e06abcf9b

SHA1
4471120d78ff6fdc31dd1cbef093979993b0a3cf

SHA256
35e0b2036d0b394711816e00886fb514008340dc9796bae3dcd3218c7df722d6

SHA512
13b05de5c38347003611aa26f13ffabe5eb039b7ac22384dc37b70944570da9d03f37314e63c99db621ab5f51f098abf69a04d848eafd95b678967822fbd5b0d

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\System\Process.txt
Filesize
4KB

MD5
a4af30b9c60a722ea2ce282c5f3933c7

SHA1
466898ffc2a4093ddb5f3a74ee934d29611125ad

SHA256
90463848ac55efc8fb55af1f4ed23ca509ae07b0c870c581eda1118aef8de0d1

SHA512
85220ebec194751660ba1c75b0ecc1ae0140f8144e9d886f04c00efa9a0c0b0931639a8830d5b821b9958db486c012c084daffa0031ce104361e04fc7dd5595f

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\Admin@RDOTXCCL_en-US\System\WorldWind.jpg
Filesize
92KB

MD5
44b39e56fb340efa39a8c271c5e3d820

SHA1
4d0dcc5eb4734f827cada9636a30be24e93ffddc

SHA256
d6656f1f483761193ea1331999c250ac76ebf41820d64a4e5a227d6b84c688d4

SHA512
6324d3cce11b3c1a29ad7755a924d970e0a670f5ce5381b19f2730eaf21e36ce7f8420d1e7cf4a300627a384d9d6386c7c615e5e8012128af57fcced4daf7f7b

Download Submit
C:\Users\Admin\AppData\Local\c63bfa55c6905ee8165ea86928172f35\msgid.dat
Filesize
4B

MD5
88fee0421317424e4469f33a48f50cb0

SHA1
1534f3d84cd1311630648981189b44fa9cf80785

SHA256
12ef84e911f067ffecf360fd7da8ca02a96a380baa8b9c711908e29c8d67a370

SHA512
100a8b1d0694bfe08420a87846d789ffb37e22c7f48a6f25720af600819432630fe9b69e1fa1e849f367f2151b22bcc2641a9f2a3e7803c3224dded7b2f64d2c

Download Submit
C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\Browsers\Google\History.txt
Filesize
2KB

MD5
e2eeca6dcec82cacb2a72702fa126e2e

SHA1
64cb0c81514341809fe9d9e76d47a964cb20828c

SHA256
f3ae8445bcb894f6879c2581108a8f404ac8904c5fcaf31e1b9a84b6835aabe6

SHA512
84cf66fffe7a3fb13e29d92ca1d359d69da9bdc4feb0bfa191ec6fd8bfddd23c39f4e501e24d1f1c05cc77b723166b8355ba5a681917bed7727ffdb9fb9df04d

Download Submit
C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\Admin@RDOTXCCL_en-US\System\Process.txt
Filesize
4KB

MD5
3ae6101b413d7447cd362a20a9048df2

SHA1
3f02d7484d75ca861709add160fb941ad9f844c8

SHA256
7586cc0105f405875c35c795c634a0275a2718b11fcce0e98ded1ec3da28daef

SHA512
73d5e5184d552cc483663036d302fe83c96802755c6b949768551ab1e4e655c87e848d420a0531885793d64dc59705c5f1e0e511e885081d25d3c92523a80192

Download Submit
C:\Users\Admin\AppData\Local\e4ef64c4776124f518e079b6b94c320d\msgid.dat
Filesize
4B

MD5
a8aa681aaa4588a8dbd3b42b26d59a1a

SHA1
8b1e80abca15b33ca7bf105e31725bfaa007c5f3

SHA256
4d578fd7ecf82962ceb689769e59d6abb4599a638ec14ac8f96b1fdf948cb60d

SHA512
f16f50f598f2cb317f35da8434a5448e71f40d78a8aa2711df836c1a31c46e19954d128f0d16604f2024348d2951b0488e76bfe0807de8ef336b6804357820ba

Download Submit
C:\Users\Admin\AppData\stink\Chrome Cookies.db
Filesize
20KB

MD5
d61ac0512cf87ced904ca24d169b64ba

SHA1
1c9ea7f8c231824f1bc818dd0b55ac02a2aad318

SHA256
4e83365f683945511fa1f68a4c05f663049d0cd4b9289f78a695c987a1de3284

SHA512
0cc37919a04bd899396f65e364c5b4c425d8fb3d1b3e73007881f19bb5a3afae75d0bd9a6ccdf74d103bee6d40cdeebbb12662c021599ad4c9ed86ac7e5f8f6d

Download Submit
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH].rar
Filesize
21.8MB

MD5
64699e499ebd8ed101b0566e4d2aeec3

SHA1
ab17ac5da9b6b51a0e83bc1c71bc807ff8e2bfa3

SHA256
f414e4465043ddc7e7d558b341d2fefaf62a379d8107c7bc7b39a3d3f4c55b56

SHA512
2afbe5af840383fcc4ab7ce3b8ee25023b4f2074bcf6b68890fbeeca52553f7c3e0411cbecd2a7748389f7202c167cea4022b6ff551626a552f05e7942e1ef8e

Download Submit
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH].rar
Filesize
21.8MB

MD5
64699e499ebd8ed101b0566e4d2aeec3

SHA1
ab17ac5da9b6b51a0e83bc1c71bc807ff8e2bfa3

SHA256
f414e4465043ddc7e7d558b341d2fefaf62a379d8107c7bc7b39a3d3f4c55b56

SHA512
2afbe5af840383fcc4ab7ce3b8ee25023b4f2074bcf6b68890fbeeca52553f7c3e0411cbecd2a7748389f7202c167cea4022b6ff551626a552f05e7942e1ef8e

Download Submit
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Builder\Kurome.Builder_crack.exe
Filesize
13.4MB

MD5
ef176d75dff0768b2277cf9b4b7bf443

SHA1
c981e9ba720366c3167cc92584bc7e86fe114d69

SHA256
8d9bef7ae2d1334f6bdf7d7db3ee34da759c23f76c1623930425345787437e4c

SHA512
67200dbb3dccb5207491b542059d236a9f1ab2d644151a3e3ba4c873636fb4ea564fabb8bdecbbdad677e0420d3d9e2b5057985c8d7162ffd5958f421893d9fb

Download Submit
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Kurome.Builder\Kurome.Builder_crack.exe
Filesize
13.4MB

MD5
ef176d75dff0768b2277cf9b4b7bf443

SHA1
c981e9ba720366c3167cc92584bc7e86fe114d69

SHA256
8d9bef7ae2d1334f6bdf7d7db3ee34da759c23f76c1623930425345787437e4c

SHA512
67200dbb3dccb5207491b542059d236a9f1ab2d644151a3e3ba4c873636fb4ea564fabb8bdecbbdad677e0420d3d9e2b5057985c8d7162ffd5958f421893d9fb

Download Submit
C:\Users\Admin\Downloads\Redline Stealer v24.2 cracked [XT_CH]\Panel\RedLine_24_2\Panel\._cache_Panel 20.2.exe
Filesize
170KB

MD5
470a8267b5eba7eb998d9fa69532f849

SHA1
1152ddb2ab93aae9983e3e8b5c4f367875323e3e

SHA256
6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e

SHA512
5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d

Download Submit
\??\pipe\crashpad_4216_RCUTJUOXSUIPYPOW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_cbc.pyd
Filesize
12KB

MD5
ff9b1e03922361e0a8be65e5e1421aac

SHA1
d4d674fb4e0214903e341e98613328d51aff9054

SHA256
2a5ab7f23554f497693ca81a5e5f21647b10fd8b9e00b8377d8385dc15a9c4df

SHA512
8cbbbbdc9a3d9e866dc88a655a75317f58cb4a49cb262975ff8c4ae5d47c344b86f69f6d2fc369dd7aa8ad7fcaa40d1937320e7e4f5923a03a39459b7bb247c0

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_cfb.pyd
Filesize
13KB

MD5
06358818f111a1c8e1b76d60a650c997

SHA1
5bbaf40aeb932766346631df25d887264aad7ac2

SHA256
b5438682a4c6bf57dcaad2835a9a293f712284fbe1af4ba6059011396cdbd180

SHA512
f954b4e56e3ace2c8e0961149cb5bd433f35530bc1c5e38ec5d2223ec3591df0998903b3928668c5d8c05f16eaa1c2adf41fc999690c42dafa794800fc4b193e

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ctr.pyd
Filesize
14KB

MD5
6adf70fd22d5ca90269466e5fc2aca2b

SHA1
1d4cdf2b08154b33738c5244a8886284c71693b9

SHA256
2f9dfa9de351bfe553dde60ae891e9b54a2e08546d723c7165234fd41c3ceed4

SHA512
efbd7133e5b5ef035f5a09d92b3b12d3ad367d6c35856a842536102d36a1ef53afe62ea3c3a5a4ae641bb28b6caaed18afa3519a637aa36f71f71979d4f61239

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ecb.pyd
Filesize
10KB

MD5
64f6350fc1145db6337a9e3dfb83222f

SHA1
fea799c3f2a655d5104a46b788d98ea272557ae5

SHA256
821a86630238beaf4e303196ce26a250ef873f7a98b92644566b3c7d683d400e

SHA512
58f90099630b98a632db38d7cc4a2f44c70bb012f55b3b5a69dffc3a76f6a2b30ab81d678b95e807c135b96633a0d8ed83428924a1c9d1dfdb7f2a3962a44d31

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ofb.pyd
Filesize
12KB

MD5
670c2baf75e559b89435283298f75bef

SHA1
be1e5a0711c6c0bb1e2aef4ed18a15ed5759b027

SHA256
236650fc42b347b9caa5e3a84a13da9e40586d97762f87730c9016dcb81abf06

SHA512
52554fe5308f7b758b66b48262aae1c180191358e15fdd85b7d5ef47a35677e079c3ef6a54e63d1520038bbfc79bad5b2534b1c2808217ffb53c55b7e8862fdb

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Util\_strxor.pyd
Filesize
10KB

MD5
db1f79a96a1390028df325dd183ff9f1

SHA1
8373b6c44fdbece2c1ee5327a2bb5e5b0a719ed4

SHA256
6429928799a5eea9e090224a2d7083b469892d725a28ea9dcc2a95f94286b0da

SHA512
dad71f250340e529883e3347e90e66a445641f019351e745940c6700145c6c923a9d5575efaf42436823bd8f1db44e9b00c99eb1cc41dc49425ea9db9847590e

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd
Filesize
81KB

MD5
a4b636201605067b676cc43784ae5570

SHA1
e9f49d0fc75f25743d04ce23c496eb5f89e72a9a

SHA256
f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c

SHA512
02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
Filesize
119KB

MD5
87596db63925dbfe4d5f0f36394d7ab0

SHA1
ad1dd48bbc078fe0a2354c28cb33f92a7e64907e

SHA256
92d7954d9099762d81c1ae2836c11b6ba58c1883fde8eeefe387cc93f2f6afb4

SHA512
e6d63e6fe1c3bd79f1e39cb09b6f56589f0ee80fd4f4638002fe026752bfa65457982adbef13150fa2f36e68771262d9378971023e07a75d710026ed37e83d7b

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd
Filesize
154KB

MD5
b5fbc034ad7c70a2ad1eb34d08b36cf8

SHA1
4efe3f21be36095673d949cceac928e11522b29c

SHA256
80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6

SHA512
e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
Filesize
75KB

MD5
e137df498c120d6ac64ea1281bcab600

SHA1
b515e09868e9023d43991a05c113b2b662183cfe

SHA256
8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a

SHA512
cc2772d282b81873aa7c5cba5939d232cceb6be0908b211edb18c25a17cbdb5072f102c0d6b7bc9b6b2f1f787b56ab1bc9be731bb9e98885c17e26a09c2beb90

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\_sqlite3.pyd
Filesize
95KB

MD5
7f61eacbbba2ecf6bf4acf498fa52ce1

SHA1
3174913f971d031929c310b5e51872597d613606

SHA256
85de6d0b08b5cc1f2c3225c07338c76e1cab43b4de66619824f7b06cb2284c9e

SHA512
a5f6f830c7a5fadc3349b42db0f3da1fddb160d7e488ea175bf9be4732a18e277d2978720c0e294107526561a7011fadab992c555d93e77d4411528e7c4e695a

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd
Filesize
28KB

MD5
adc412384b7e1254d11e62e451def8e9

SHA1
04e6dff4a65234406b9bc9d9f2dcfe8e30481829

SHA256
68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1

SHA512
f250f1236882668b2686bd42e1c334c60da7abec3a208ebebdee84a74d7c4c6b1bc79eed7241bc7012e4ef70a6651a32aa00e32a83f402475b479633581e0b07

Download Submit
\Users\Admin\AppData\Local\Temp\ONEFIL~1\sqlite3.dll
Filesize
1.4MB

MD5
926dc90bd9faf4efe1700564aa2a1700

SHA1
763e5af4be07444395c2ab11550c70ee59284e6d

SHA256
50825ea8b431d86ec228d9fa6b643e2c70044c709f5d9471d779be63ff18bcd0

SHA512
a8703ff97243aa3bc877f71c0514b47677b48834a0f2fee54e203c0889a79ce37c648243dbfe2ee9e1573b3ca4d49c334e9bfe62541653125861a5398e2fe556

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\python310.dll
Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1236_133272546723436651\vcruntime140.dll
Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
memory/792-1293-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/792-1761-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/792-1999-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/792-1632-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/792-1897-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/792-1635-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/896-781-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/1236-819-0x00007FF71CE50000-0x00007FF71CE76000-memory.dmp

Filesize
152KB

Download
memory/1236-1872-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/1236-1869-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/1236-1760-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/1236-786-0x00007FF71CE50000-0x00007FF71CE76000-memory.dmp

Filesize
152KB

Download
memory/1236-1879-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/1424-1907-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1424-1952-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2120-1101-0x0000000002620000-0x0000000002630000-memory.dmp

Filesize
64KB

Download
memory/2120-987-0x0000000002620000-0x0000000002630000-memory.dmp

Filesize
64KB

Download
memory/2120-1102-0x0000000002620000-0x0000000002630000-memory.dmp

Filesize
64KB

Download
memory/2224-785-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/2672-787-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/2684-783-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/2708-1750-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2708-1759-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/3068-1142-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3068-1247-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/3248-799-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/3248-788-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/3444-1647-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3444-1645-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3444-1409-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3600-1633-0x0000000005180000-0x0000000005190000-memory.dmp

Filesize
64KB

Download
memory/3600-1286-0x0000000005180000-0x0000000005190000-memory.dmp

Filesize
64KB

Download
memory/3600-1646-0x0000000005180000-0x0000000005190000-memory.dmp

Filesize
64KB

Download
memory/3716-2079-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/3716-2070-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/3716-2069-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/3716-1953-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/3764-784-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/3840-739-0x0000000005240000-0x00000000052D2000-memory.dmp

Filesize
584KB

Download
memory/3840-710-0x0000000005850000-0x0000000005D4E000-memory.dmp

Filesize
5.0MB

Download
memory/3840-752-0x00000000051B0000-0x00000000051BA000-memory.dmp

Filesize
40KB

Download
memory/3840-732-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/3840-638-0x00000000008F0000-0x0000000000918000-memory.dmp

Filesize
160KB

Download
memory/3840-730-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/4104-942-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/4104-821-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/4104-822-0x00000000051A0000-0x0000000005206000-memory.dmp

Filesize
408KB

Download
memory/4104-980-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/4104-820-0x0000000000840000-0x0000000000870000-memory.dmp

Filesize
192KB

Download
memory/4104-952-0x0000000006E00000-0x0000000006E12000-memory.dmp

Filesize
72KB

Download
memory/4104-943-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/4104-946-0x0000000006160000-0x000000000616A000-memory.dmp

Filesize
40KB

Download
memory/4120-618-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/4296-793-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/4296-790-0x000001FDB84A0000-0x000001FDB84A1000-memory.dmp

Filesize
4KB

Download
memory/4296-797-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/4780-780-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/4788-779-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/4792-782-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download
memory/4800-789-0x00007FF6BC1B0000-0x00007FF6BCEB0000-memory.dmp

Filesize
13.0MB

Download