redline | hxxp://we[.]tl/t-y4fuIcYgRT

Resubmissions

23-08-2023 10:57

230823-m2eejada7s 10

23-08-2023 10:41

230823-mq39hsbe82 10

Analysis

max time kernel
624s
max time network
628s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://we.tl/t-y4fuIcYgRT

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/7876-849-0x0000000005190000-0x00000000051BA000-memory.dmp	family_redline
behavioral1/memory/7876-861-0x0000000005980000-0x00000000059AA000-memory.dmp	family_redline
behavioral1/memory/7876-863-0x0000000005980000-0x00000000059AA000-memory.dmp	family_redline

Executes dropped EXE 10 IoCs

pid	Process
4064	builder.exe
7876	RedLine.MainPanel-cracked.exe
6092	test.exe
6288	builder.exe
5732	Build.exe
3912	stub.exe
7992	builder.exe
3404	builder.exe
6160	RedLine.MainPanel-cracked.exe
6620	builder.exe

Loads dropped DLL 58 IoCs

pid	Process
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
7876	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe
6160	RedLine.MainPanel-cracked.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
260	whatismyipaddress.com
261	whatismyipaddress.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 3 IoCs

evasion

pid	Process
5728	taskkill.exe
5892	taskkill.exe
4580	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372618639000184"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 0000000001000000ffffffff	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	RedLine.MainPanel-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	RedLine.MainPanel-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 = 68003100000000002b54ca8310005245444c494e7e310000500009000400efbee3564e6f165769402e0000004d3202000000070000000000000000000000000000001b554b005200650064006c0069006e006500200053007400650061006c0065007200000018000000	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0	builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	RedLine.MainPanel-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RedLine.MainPanel-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0 = 5c003100000000009d53887810004c49425241527e310000440009000400efbee3564e6f16576b402e0000004e320200000006000000000000000000000000000000000000004c0069006200720061007200690065007300000018000000	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 00000000ffffffff	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	RedLine.MainPanel-cracked.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	RedLine.MainPanel-cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\NodeSlot = "6"	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\MRUListEx = ffffffff	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	RedLine.MainPanel-cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 7800310000000000e3564e6f10005245444c494e7e310000600009000400efbee3564e6f165767402e0000003b2e0200000004000000000000000000000000000000d701c6005200650064006c0069006e006500200053007400650061006c006500720020004200750069006c00640065007200000018000000	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	RedLine.MainPanel-cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	builder.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
2872	chrome.exe
2872	chrome.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1304	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
756	7zG.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
7876	RedLine.MainPanel-cracked.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1748	OpenWith.exe
4064	builder.exe
7876	RedLine.MainPanel-cracked.exe
6288	builder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1164	1568	chrome.exe	81
PID 1568 wrote to memory of 1164	1568	chrome.exe	81
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 2620	1568	chrome.exe	83
PID 1568 wrote to memory of 4744	1568	chrome.exe	85
PID 1568 wrote to memory of 4744	1568	chrome.exe	85
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84
PID 1568 wrote to memory of 4240	1568	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://we.tl/t-y4fuIcYgRT
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb631e9758,0x7ffb631e9768,0x7ffb631e9778
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4968 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4784 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5076 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3964 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5124 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3260 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5916 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3752 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3436 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5764 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6108 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2388 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3460 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6196 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2332 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6656 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7392 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7344 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7768 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7508 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7056 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6956 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6744 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6772 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8148 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8164 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8712 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8540 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8528 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9008 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9052 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9040 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9420 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8884 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9896 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9956 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9948 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9988 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9924 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11236 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11108 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10972 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10608 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10484 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9768 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11712 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11508 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9632 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11832 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12180 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12088 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10084 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=13048 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9248 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9208 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9944 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9256 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9192 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:7924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12420 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8452 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=8500 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11288 --field-trial-handle=1892,i,4375154538590880367,4875791856682975137,131072 /prefetch:1
  2⤵
  PID:5944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4132

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline Stealer Builder\" -ad -an -ai#7zMap940:106:7zEvent3056
1⤵
- Suspicious use of FindShellTrayWindow
PID:756

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4064

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\RedLine.MainPanel-cracked.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\RedLine.MainPanel-cracked.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:7876
- C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe
  "C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6288

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\test.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\test.exe"
1⤵
- Executes dropped EXE
PID:6092
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /F /PID 6092 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\test.exe"
  2⤵
  PID:5716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /PID 6092
    3⤵
    - Kills process with taskkill
    PID:5728
- - C:\Windows\SysWOW64\choice.exe
    choice /C Y /N /D Y /T 3
    3⤵
    PID:7512

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1304

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\Build.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\Build.exe"
1⤵
- Executes dropped EXE
PID:5732
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /F /PID 5732 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\Build.exe"
  2⤵
  PID:6084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /PID 5732
    3⤵
    - Kills process with taskkill
    PID:5892
- - C:\Windows\SysWOW64\choice.exe
    choice /C Y /N /D Y /T 3
    3⤵
    PID:1652

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\stub.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\stub.exe"
1⤵
- Executes dropped EXE
PID:3912
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /F /PID 3912 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\stub.exe"
  2⤵
  PID:7460
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /PID 3912
    3⤵
    - Kills process with taskkill
    PID:4580
- - C:\Windows\SysWOW64\choice.exe
    choice /C Y /N /D Y /T 3
    3⤵
    PID:5960

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe"
1⤵
- Executes dropped EXE
PID:7992

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe"
1⤵
- Executes dropped EXE
PID:3404

C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\RedLine.MainPanel-cracked.exe
"C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\RedLine.MainPanel-cracked.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6160
- C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe
  "C:\Users\Admin\Downloads\Redline Stealer Builder\Redline Stealer\Libraries\builder.exe"
  2⤵
  - Executes dropped EXE
  PID:6620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92dcfa9c-be26-4ac6-99c8-ff845adf9d38.tmp

Filesize
114KB

MD5
29fe141e70da67652f2a4347eb787d30

SHA1
fd4154df3f49c216b538e2140f307f70a52618dc

SHA256
907554bb7d148330b18935b0437e3222ea101efdd1f012cf843832dfbdff1917

SHA512
d9fe2d7ba6be19690c3866eae6e850da98ec408713d62054963be4e9fa50b830dd56453942e0b52eb83bf5b37edc793c06b6d97cebb1f44993052e87787db33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
39KB

MD5
6a3bb9c5ba28ee73af6c1b53e281b0cf

SHA1
d96e403c99c1707f82ea29c2c1f134e792c64097

SHA256
2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740

SHA512
6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
37KB

MD5
8986f8f0f61ae78fb334ff37b7f52764

SHA1
4cf391933abeab305506a2ed13fb7a2dd862562b

SHA256
ca79aeec5f367d1868968893c2b44805938ead12ccea674335f6a5b86c1ae3ec

SHA512
73cf5d2401ab8da231dfcc02f0242b048f39d919e35c852ef069e3878ed70bd98a73ca1c0fe41b225a0b0ad7f379f2b1d350b431cb85e92cf4ce2a61d3a1d680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81eeb63d8c6efa2c40b9154f894fe14f

SHA1
8816171e6f972421d2c7986ea5fba6aa11eff029

SHA256
c5a42f3daed8e070c81ecfa53eee4fd651ab28503c8143f9e08281d9f241f42f

SHA512
d530a9d3b29ea1d8f60c34732fcc59eae2334d91cc93a0a8932537fcf429fa3761064ac57065d821a7edc767af012ee9e9fc2f88f1c4f6d93388808a7d9b9f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b40870b07c6860fda0e3fab9010c1029

SHA1
3bd1c924f4cee17a4993d4492fe3be487dc52e0a

SHA256
4044cd5e1d2f55ff7d51db62c8f17987bf32d2d28612f867660eb143d44cfa6c

SHA512
9b6a889c3f66e469629431af1db482083fdc59b09a565d3b0b422e9eb1321304d537ceafde45389e794d95814efbc2e6a91183a4f788a341f4843f4ad02e88fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
1a1ecd3ccdd03761e7a7b9d0a844e00c

SHA1
bedc13a1e4d24b298d42cfb81386881192179f74

SHA256
b4e22a32a1ea57750adb95b3b2e0cf76c90346944e0966ee6764a2f47fbaf31e

SHA512
a0f7c639473dee51a08ff9d4ae26b32196d3661d642548e5f38b434d2b83738d93c82d3acedbbbcc7d8d3044482c78602ba491d2fa13dac2bbbd6d293a61bfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5b4aa3c66ce7cae7b1ac2654794cdd31

SHA1
b605727509e970673ae961ac73c174f609ffe83c

SHA256
20e0e1222fd2fabfd2f7ba1cc9b05185918c6f2c750cc0ad2fec53164fa3f993

SHA512
88da1109669706babcb36b1f66d5a53afc2016b3631cf36b3058e18a601cb9d4170b5a49043369e8a40941e2c0a3493c9a922591dce686a6a0defedccd075b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
34cd660be8ee22d033f677c078feccff

SHA1
6539721d6810e12c3dd40948211e62fa684355ce

SHA256
15729e43c1f669ee4bd125c10d9e6f744daeb3eb3d373bdc6e1f860f8dc487b6

SHA512
d9bb996079b51a33ee29ce1a35594f8bdfb7c27df1421fe6e0d9e2ce49b39148801caae37fb8a08bf8547394ed3f4d641f1bba5722a1e08ba5ae672688927f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c2ffcb1488759f24125d775ca3e84789

SHA1
1dea896e2e66975af311036fbb23f2bbc162b84e

SHA256
7da486e267449d9ede98692a2805050d9e3bd4c5b27613e7edcdea3bd3b86487

SHA512
d43d0d22819783e63a2b92f2c0502e2d3b1c59de0aeec96e8d421a4a5664a23982913bb7249d29130623ba67dab1bed8cac43f1b16a6bbf960ea41535421954d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
a2a2f5615c8c98a8b901d7b2f2746cac

SHA1
d953587dd5209908be51c76893bf120a40d6134f

SHA256
cb5083a5b3b85db48a335aae80120d16d4285cd2d55e97ef7d0f6559eaa02eb7

SHA512
4fe896dc16ed8352031e5945cf5629c1408512701af36a61e7057a74ef446dfb33e2b0a9675be27ed11e934716477f174af087d1ffe1550f5ba4f024d775a4ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3d938164f03e722068910252b9d700ec

SHA1
36990f6724c8147b09965acda08c9dbc6a7f3252

SHA256
0b91a6151cf655b2a69a542672161e5064915b9ff4307ad598c8e1d6ac5190b8

SHA512
3bd035dd7be54990490f37fa1504a6ff021022131d841d921a0b230d4eefad35bcd6df223d8261869c965aeeb16260a8b71db098bd338702374c515beecc43b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
00f53b1903582b73397109805b31a52d

SHA1
04a65567fa7fa0b2cdc3016d7f00860ddafb821b

SHA256
33436fbbd01343e7a18a690e7c996e737e18d8687de510875a5721507cd2da87

SHA512
ff6bdd910e48c220fc5ee726da8854a971321283aa90ba82edb547201f32a8ad986643cad44bbd39b7de8c84f5827a0b6b44bbb5cb8ce5dadb0a85ae2e6341c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c87f06ef8c47b4658d8ece827ed0499a

SHA1
cda1f13b161831b433d32cb5f5cdc384880cc39b

SHA256
f5caa401114b03c3103172d8ce21806bd0e9353e02e322cc3abe5ff1828544be

SHA512
f39545706340988d8d87ae096b7370f6c0e3868f15578504a1e339581af6ccb369fad41387b853f22f568289622ae129e2d0cee8e4a66036b61a1192ad177c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
2fe22da86a467abf9ca891cc320ebd81

SHA1
07b5092ba1fecede9715a6d3e9f2223141ce6208

SHA256
1cb72d67f39863b4afa2d3b9deb64bd23007befb3737bddfba343b44206ffa60

SHA512
03161489b2d05829d02047a2e76f4d4506a8f5d7feece86fdf73d98cf4ebf3010334e6974303d6c9d2acca18b5111514ab41458d4e252a4b38847543f3a41283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
605a56a1bdd9314cd038391c3b0b9daf

SHA1
b84effbdcfba0cf71eebe2509a1138cfec657aa0

SHA256
7e07e4c4090726a4992c0b3ce225022f8e065a0a1e0bbb2d9d884579737b7fb1

SHA512
9a520ed4aac2d62d91152dae9fe46b1aec4020e0b0133054c07ad222b244ffeb57c123f0c8bba0553fe1c8e5b1c8e36ffbaf5f013e32514aa7c81b4abebacd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
df10b1a70ebd51a5b96486c04a72cfd8

SHA1
181c061e1c8f0c188ff0f4fa47cf6cac897adfa3

SHA256
85cedbc205ae5ff432c18be8e463e502ca6943bb80984d0e3830ede67d902ef3

SHA512
0153153b14004f7839bcbc2b6fbe9b1d92731fafdcc7c515da2650e05cf7f59c0c077792c397740e1dda4ada179ea8f45ece1e8b6f78fe8a72cd4269e6eb4877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fadb77b7264d8fe7dd300b17da12e03b

SHA1
6c269eeacacfe09fd87135d924e3154636c4aae6

SHA256
ffd0406a208302754f3c405b4f9c547b59cca55bc5af40c7050c99a4bf2cc361

SHA512
bf82546b397bde37729e00b14675f11eec16cee60aaa227b4cc797fcab71677812e3a386e60b06a46410e96f99f552a62c0ae533e04676fa89e323fc99cbfc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f3e74bf7aa0aab1c87344c6086c40788

SHA1
e5381e4b974aa511d5e40a3f1629fd9286e2171e

SHA256
693633335482e97e2b615b0912bf2159582fe541a41366a7e368dae888d6ed76

SHA512
6438ab0729248f8a1f19f3ed5ba747528624a076ece26ce4b1e5dd0acd44d19c3df7b30ebc2d57019f1eaa183774afce6b982f66e901d48531a398a15a6feec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a14be50829c1a3cda5a127a9040f998d

SHA1
dc920b05710ab905c094f1dab45de0ce216b5f2d

SHA256
adeacd7bada2a801efe5e8082ca81cbe6205e1c2838ef78abc2a8acba082d7b8

SHA512
67e370ad9f7667b791b8c29d7bf7bb612c88417930b1cd85fec46bf97ce004015cbbbc720ca532a53ff640a647e29ad33d0c416a708a135a719588f5b69dc771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0597af11a6b01f3d31ecc998d9c63512

SHA1
db24a3a65f2eda5d4894cd22c1b0c0275a85dce4

SHA256
55766d4deeee68fccbda812b6fd7a74bcb940e138da0019048b6deb616297073

SHA512
a1f5d0ad92cfba251ff4c91ca8f530677ba56786e94e0b14ed9f53bde56d375900c1bbfbdccc62c185951b6de7bb53c9aed0a2fd91f3fb848886131dfef094b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
506ffafb91033958c3dbc66e34035bee

SHA1
ab3a12ff6545f800bbac9ca13c97cbbd407b8b01

SHA256
a7cdaf14106af0399cc71ed90a787567cf482e0120b276a2aced5dba328351c7

SHA512
40bf5f7512476ceb98e6467ebb0ea329c4ab1fd0208cf70730368b92240f6b2be0d24af0d6047d122c03e5660d34cbe3ddd9484eb1fb143c26b18a73eb87a19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8fa8212d2a8febcfb95b8d9bd9e28d5f

SHA1
360204a47893f32e2a1eba3cfe6e5b52740604c5

SHA256
a0d6f308b3b38be5f253d033b6c44f7b3588d677f765acb9eeb3bfe19f524efe

SHA512
c7f7615256b7a53d433294c07af7e8d514cdfb3421f1a9e7eb61c5e4eb0d348091f03c4856dfb59ceb5f6c6ba62823217ee66150cd70c988db33c61150c4eb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f3711f6f413ec4c2736a92e156fbbffc

SHA1
d7afdba3e579f97c1ab13a61079e07208ac42d7c

SHA256
30e26f2d80e02b041b99bc7d8887c7945dd3c09c50fb181979ff948d47e4ffda

SHA512
b6b1555a34d9472a3c900506a17889b8a32760f6e612f2086b3bae3b269e02f305c930b9409866e738e3fee13bca4708beee635229ad1860a01c35a9a22688e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
061f92e0bd3e5ab5017ab3b3b276ce26

SHA1
10115fb2a171a5dc6cc170303de1f29b037fe92c

SHA256
82f4d1daa09bbc7cbdd2279cb79e794a772ee0ca5a8df2bac4cfa00ddb3164f4

SHA512
c86b6561cffe5aaaa29c8cb1878df6e7d114c4acb818dcb7bba1a561ff694400a2510eb993a2d84854b4f8679b0c62b1415d70182e5d6bb3440541572fc1b7d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
22b9ba3a1125c6a64183e383e7e303c6

SHA1
c1c3814af16c1af9c9f43c4e9c0483372a120f3e

SHA256
55af4437164d28a723259353fef0cc6d7f0b975f5f322da64384cd13e080e8de

SHA512
0dd88f43be0a7b0ed9ada47d89af773034b69ca186a9a3ea9b51d3d473fd65747cef75081c4477ed2157b6a23abe79bf2d42f47aa3e35c8c47132b45746a8e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5902e4.TMP

Filesize
104KB

MD5
69dea1f33c7c96101bf7cce2c176d626

SHA1
f169ba03ce99f5eaa3c2fcb9f2c7f7e8853c5194

SHA256
da1dd880ef13d408700981280f5c7496a5f96f41449ff974adf20541e6f5705e

SHA512
37af5d92707a44027a3c2a3a78a40822e817e8c457a34251a3674bf2deea8a30a57639c3b7ba2547ae3636813e8f6c4f6d028e4e546e264c8919fb303065e234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Redline Stealer Builder.7z

Filesize
1.6MB

MD5
3317523fcb65de0cad16632d204adf2c

SHA1
8d68b943b791774933acfc6a9b4e6a1e018b2439

SHA256
4f758849cc2c1a02baf4c275ea8fc9cc2fd9a380c157d066a984162fd43cbfe3

SHA512
df0a952becbd4925aa14a1d54dc8ac4b6519043d19960daad27b99f0fc83eeaa07a1dee53b3f0e582d3db0a5012cbbbb6ad67037347f79cb0717c756eb92a796

Download Submit
C:\Users\Admin\Downloads\Redline Stealer Builder.7z

Filesize
1.6MB

MD5
3317523fcb65de0cad16632d204adf2c

SHA1
8d68b943b791774933acfc6a9b4e6a1e018b2439

SHA256
4f758849cc2c1a02baf4c275ea8fc9cc2fd9a380c157d066a984162fd43cbfe3

SHA512
df0a952becbd4925aa14a1d54dc8ac4b6519043d19960daad27b99f0fc83eeaa07a1dee53b3f0e582d3db0a5012cbbbb6ad67037347f79cb0717c756eb92a796

Download Submit
memory/1304-919-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-925-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-920-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-921-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-924-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-922-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-923-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-915-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-914-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/1304-913-0x000002A4718C0000-0x000002A4718C1000-memory.dmp

Filesize
4KB

Download
memory/3912-962-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4064-817-0x00007FFB50AF0000-0x00007FFB515B1000-memory.dmp

Filesize
10.8MB

Download
memory/4064-818-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/4064-816-0x0000000000110000-0x000000000011A000-memory.dmp

Filesize
40KB

Download
memory/4064-831-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/4064-830-0x000000001AEB0000-0x000000001AF0A000-memory.dmp

Filesize
360KB

Download
memory/4064-832-0x00007FFB50AF0000-0x00007FFB515B1000-memory.dmp

Filesize
10.8MB

Download
memory/4064-833-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/4064-834-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/4064-846-0x00007FFB50AF0000-0x00007FFB515B1000-memory.dmp

Filesize
10.8MB

Download
memory/5732-960-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/5732-959-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/5732-961-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/6092-903-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/6092-902-0x0000000004F40000-0x0000000004F50000-memory.dmp

Filesize
64KB

Download
memory/6092-901-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/6288-958-0x00007FFB4FFF0000-0x00007FFB50AB1000-memory.dmp

Filesize
10.8MB

Download
memory/6288-939-0x00007FFB4FFF0000-0x00007FFB50AB1000-memory.dmp

Filesize
10.8MB

Download
memory/6288-940-0x000000001B360000-0x000000001B370000-memory.dmp

Filesize
64KB

Download
memory/6288-943-0x00007FFB4FFF0000-0x00007FFB50AB1000-memory.dmp

Filesize
10.8MB

Download
memory/6288-944-0x000000001B360000-0x000000001B370000-memory.dmp

Filesize
64KB

Download
memory/6288-945-0x000000001B360000-0x000000001B370000-memory.dmp

Filesize
64KB

Download
memory/6288-955-0x000000001B360000-0x000000001B370000-memory.dmp

Filesize
64KB

Download
memory/6288-957-0x000000001B360000-0x000000001B370000-memory.dmp

Filesize
64KB

Download
memory/7876-899-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-879-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-895-0x000000000ADC0000-0x000000000ADE8000-memory.dmp

Filesize
160KB

Download
memory/7876-894-0x000000000AE20000-0x000000000AF2A000-memory.dmp

Filesize
1.0MB

Download
memory/7876-896-0x000000000B270000-0x000000000B2C0000-memory.dmp

Filesize
320KB

Download
memory/7876-897-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-898-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-853-0x0000000005850000-0x00000000058C4000-memory.dmp

Filesize
464KB

Download
memory/7876-900-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-852-0x0000000005740000-0x0000000005752000-memory.dmp

Filesize
72KB

Download
memory/7876-883-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-882-0x000000000A800000-0x000000000A83C000-memory.dmp

Filesize
240KB

Download
memory/7876-851-0x0000000005760000-0x000000000579E000-memory.dmp

Filesize
248KB

Download
memory/7876-850-0x0000000005280000-0x000000000528A000-memory.dmp

Filesize
40KB

Download
memory/7876-849-0x0000000005190000-0x00000000051BA000-memory.dmp

Filesize
168KB

Download
memory/7876-848-0x00000000007D0000-0x0000000000874000-memory.dmp

Filesize
656KB

Download
memory/7876-847-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/7876-881-0x000000000A5B0000-0x000000000A5C2000-memory.dmp

Filesize
72KB

Download
memory/7876-880-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/7876-893-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-869-0x0000000005C20000-0x0000000005C2A000-memory.dmp

Filesize
40KB

Download
memory/7876-868-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-927-0x0000000001140000-0x00000000011DC000-memory.dmp

Filesize
624KB

Download
memory/7876-867-0x0000000007170000-0x0000000007788000-memory.dmp

Filesize
6.1MB

Download
memory/7876-937-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-938-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/7876-866-0x0000000005B30000-0x0000000005BC2000-memory.dmp

Filesize
584KB

Download
memory/7876-865-0x00000000065A0000-0x0000000006B44000-memory.dmp

Filesize
5.6MB

Download
memory/7876-942-0x0000000074820000-0x0000000074FD0000-memory.dmp

Filesize
7.7MB

Download
memory/7876-864-0x0000000005820000-0x000000000583A000-memory.dmp

Filesize
104KB

Download
memory/7876-863-0x0000000005980000-0x00000000059AA000-memory.dmp

Filesize
168KB

Download
memory/7876-862-0x0000000005D40000-0x0000000005FF0000-memory.dmp

Filesize
2.7MB

Download
memory/7876-861-0x0000000005980000-0x00000000059AA000-memory.dmp

Filesize
168KB

Download
memory/7876-860-0x00000000057F0000-0x00000000057FE000-memory.dmp

Filesize
56KB

Download
memory/7876-859-0x0000000005930000-0x000000000597A000-memory.dmp

Filesize
296KB

Download
memory/7876-858-0x00000000059E0000-0x0000000005A90000-memory.dmp

Filesize
704KB

Download
memory/7876-857-0x00000000057A0000-0x00000000057AE000-memory.dmp

Filesize
56KB

Download
memory/7876-856-0x00000000057C0000-0x00000000057DC000-memory.dmp

Filesize
112KB

Download
memory/7876-855-0x0000000005720000-0x0000000005730000-memory.dmp

Filesize
64KB

Download
memory/7876-854-0x00000000058D0000-0x000000000592A000-memory.dmp

Filesize
360KB

Download