Analysis
-
max time kernel
211s -
max time network
212s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04-04-2024 15:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://file.io/fG4XRZNmgT6b
Resource
win10v2004-20240226-en
General
-
Target
https://file.io/fG4XRZNmgT6b
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 5 IoCs
Processes:
redline.exeredline.exeredline.exeredline.exeredline.exedescription pid process target process PID 7000 created 3048 7000 redline.exe sihost.exe PID 8104 created 3048 8104 redline.exe sihost.exe PID 3612 created 3048 3612 redline.exe sihost.exe PID 7552 created 3048 7552 redline.exe sihost.exe PID 2496 created 3048 2496 redline.exe sihost.exe -
Executes dropped EXE 5 IoCs
Processes:
redline.exeredline.exeredline.exeredline.exeredline.exepid process 7000 redline.exe 8104 redline.exe 3612 redline.exe 7552 redline.exe 2496 redline.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 15 IoCs
Processes:
msedge.exeOpenWith.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\ݰ耀\ = "md_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\open OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\.md OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\edit\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\open\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\.md\ = "md_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\ݰ耀 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\md_auto_file\shell\edit OpenWith.exe -
Opens file in notepad (likely ransom note) 2 IoCs
Processes:
NOTEPAD.EXENOTEPAD.EXEpid process 5092 NOTEPAD.EXE 2312 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 42 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exeredline.exedialer.exeredline.exedialer.exeredline.exedialer.exemsedge.exeredline.exedialer.exeredline.exedialer.exepid process 4772 msedge.exe 4772 msedge.exe 3496 msedge.exe 3496 msedge.exe 6856 identity_helper.exe 6856 identity_helper.exe 1832 msedge.exe 1832 msedge.exe 7000 redline.exe 7000 redline.exe 5204 dialer.exe 5204 dialer.exe 5204 dialer.exe 5204 dialer.exe 8104 redline.exe 8104 redline.exe 8072 dialer.exe 8072 dialer.exe 8072 dialer.exe 8072 dialer.exe 3612 redline.exe 3612 redline.exe 1712 dialer.exe 1712 dialer.exe 1712 dialer.exe 1712 dialer.exe 7844 msedge.exe 7844 msedge.exe 7844 msedge.exe 7844 msedge.exe 7552 redline.exe 7552 redline.exe 7232 dialer.exe 7232 dialer.exe 7232 dialer.exe 7232 dialer.exe 2496 redline.exe 2496 redline.exe 3624 dialer.exe 3624 dialer.exe 3624 dialer.exe 3624 dialer.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
OpenWith.exeOpenWith.exepid process 5192 OpenWith.exe 1424 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs
Processes:
msedge.exepid process 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
7zG.exe7zG.exedescription pid process Token: SeRestorePrivilege 7588 7zG.exe Token: 35 7588 7zG.exe Token: SeSecurityPrivilege 7588 7zG.exe Token: SeSecurityPrivilege 7588 7zG.exe Token: SeRestorePrivilege 1676 7zG.exe Token: 35 1676 7zG.exe Token: SeSecurityPrivilege 1676 7zG.exe Token: SeSecurityPrivilege 1676 7zG.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe 3496 msedge.exe -
Suspicious use of SetWindowsHookEx 26 IoCs
Processes:
OpenWith.exeOpenWith.exepid process 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 5192 OpenWith.exe 1424 OpenWith.exe 1424 OpenWith.exe 1424 OpenWith.exe 1424 OpenWith.exe 1424 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3496 wrote to memory of 3768 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 3768 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4016 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4772 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 4772 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe PID 3496 wrote to memory of 2340 3496 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:3048
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5204
-
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:8072
-
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712
-
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7232
-
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fG4XRZNmgT6b1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa93e46f8,0x7fffa93e4708,0x7fffa93e47182⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:82⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵PID:5164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6780 /prefetch:82⤵PID:5184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:12⤵PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:5288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:12⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:12⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:12⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:12⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:12⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:12⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:12⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:12⤵PID:6028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:12⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:12⤵PID:6044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:12⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:12⤵PID:6060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:12⤵PID:6600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:12⤵PID:6684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:12⤵PID:6692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:12⤵PID:6896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:12⤵PID:6904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:12⤵PID:6988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11548 /prefetch:82⤵PID:6584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11548 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:12⤵PID:6940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:6948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:12⤵PID:7156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:12⤵PID:6596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:12⤵PID:6696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10652 /prefetch:12⤵PID:7260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:12⤵PID:7336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:7408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:7752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:12⤵PID:7764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:12⤵PID:7836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:12⤵PID:7916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:12⤵PID:8036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:12⤵PID:7968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵PID:7280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:12⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:8120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵PID:7216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7032 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:7844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11944 /prefetch:12⤵PID:7008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11720 /prefetch:12⤵PID:8080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵PID:7188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:12⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:12⤵PID:6892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11848 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:12⤵PID:7404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8704720668934138794,5833182718038373809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:4500
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2556
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3860
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x3841⤵PID:2772
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6092
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline_Stealer_2024\" -ad -an -ai#7zMap17113:102:7zEvent125431⤵
- Suspicious use of AdjustPrivilegeToken
PID:7588
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:7000
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:8104
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\" -ad -an -ai#7zMap26603:186:7zEvent255771⤵
- Suspicious use of AdjustPrivilegeToken
PID:1676
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3612
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:7552
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5192 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\README.md2⤵
- Opens file in notepad (likely ransom note)
PID:5092
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1424 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\README.md2⤵
- Opens file in notepad (likely ransom note)
PID:2312
-
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\redline.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
Filesize
610KB
MD5021a1bca80f1419ccc165dc9c66fb9d7
SHA1824e135d7d62412f1711bd054b9de1d14000eeff
SHA256ad7a74600ce83af0ce07cc333a8c4ddd6938ca1e6be3705dd59957d8bff5b14b
SHA5122e53fc9dd45dba0600373261d3b2851d1072f34a532bfd1ab6011d3a77fe33569159fe26d29ef11a79774f18ca41cc1f4548c19a649ae11e477e0a676ebfa443
-
Filesize
242KB
MD5f956edde726a7fcfeb3719374e05ae21
SHA12621a5d035cdf56c2e762cdddcd7ba4147afb46e
SHA256189fe4b4e8fe5d24df4abded9d160251dec0dc80046ea08edec3d716c0f094e0
SHA5124dbb6f109f4b5aaca90fd9d898ebea16124065822c7e451ee47ab0f62f18427427817fca5ecc5feb394c3697d3b21ad66dbc4765d69cda227d9f233fbcb8ad14
-
Filesize
39KB
MD551a81fac6bd5a2e3a91e62b6969f6e76
SHA109ab4a8d192be268f6ccbe56ef64adeb4aa34e5e
SHA25685c92ce5f430907b465a5b25d7288f39f69b9215d4b823939a828b65f5adce30
SHA5129f3cb8ab74fffb78f979379befef68f3bf148552b3932ac245c8be0c2c6b7bd397aaf5be6aecd1dfb0b7f893a0bab150030ddc0c2a0762c3e3d271af77fb6e4c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5d3dafe66cd809631b3bb42f5864b0de8
SHA10a3436d95bc3d62e0ed04d9a301fbae6dea9baa1
SHA25627fee71ad1fded77a4e040c3935ade4f8096c0ae3c49f7c1693e068172e42d0f
SHA5121f61346c4a669df24484a897888b5fdbad52974e5dfdaf0866c9bf70facaa696709d06b0af14d6fd9589d099b673dbf80c70ab3d63aaac2d6d2d4660d601d872
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
14KB
MD5b641f1ff6fbfa8c5f4d6b0281c240729
SHA1c138bf4feaca31fff0070a0d2f02e793552c6985
SHA25629421fe501c4ae5db41290b2c7f73196ffb6cf5918fa59e7aac6051736128ca5
SHA512e35521c815ab5a7a8959ede55eb0494e8334081643718de7a8f516548b7a0808624903714eab0f1ef392ab7e767c9c13f45d7d1c79ae352399c8a80686d68277
-
Filesize
14KB
MD5b272dc8163ea1e1978ebec0c1ae8fa7b
SHA10785de7aaab1a7377c8553d8d338ee8586bbf97b
SHA25682be3afc2d582a014aafcc5aaeb6a88943d0378d647987d57b1c2eaffb8c2cad
SHA5126b9fafadadbbe5e04f5838985e86d879dee3d3bb0528b59a977ca6a825958d829829cc866731dc5a84402f4d4d85d58dd697c4ccd982c94dc7e588d84b48444d
-
Filesize
21KB
MD50898b6df65764f78f7dc8e4396c75b83
SHA1a1fea15664219aac29db7ba979fd2848d9cfca27
SHA256edb9d021cc1e477f44c8de4c862686d8da2da639a1503d05e4dc1f07fe6b09bd
SHA5127ee4f18e2811ac80ec9a9b98085b70eff97025278a1f020dd36adec3e2d07045927cff22780ea6815f0ebf1e6d7eb19d3f8dce85beffc819467e184fea609ef5
-
Filesize
13KB
MD51f3a9570adc6bd9a312e2d92567c4219
SHA16bb2e508e498933aeeee294fa84e2eb3b97dc3ec
SHA25669485b96905d5177dafb938880b5f6650c0f36003fc60b9371a670f7fd37abb1
SHA512747103d18a9e0ea652d36fc2a5baf323c5f10907b2a40f56db15ca0e5cf426422c080d843e6b5e0c25fe17f091ac7012cdf5fefb59bac0802fd649b1e589b592
-
Filesize
20KB
MD5fa7b0e0f206f7c05911f236e52f1864d
SHA10cbd40ed36495b6fec8a0ef22e59b68a38ba8058
SHA25672fe595688cc49ec14e3ac289e4dba2adf93c7d6ee729d0bb013da1e8388bc84
SHA512c5b51d98f71bf245f5968b7888be0cbe93e98106b2c664a1e8852bb10ea18c282f03a2b9fd5e12fc702d4ad4890da8a95ab0a9bde69dc72de02e063bdc505114
-
Filesize
5KB
MD579d78a931539fc37acf5a6685950e7c9
SHA16963476185d9fcbed194bca11fb1fcf2415e73e3
SHA256a40da8f744f39e4853fbdf48c9726317f620d4519f450bb212c5e0f92ebb0d1d
SHA512ffc30144c49d633c8abb646592ea12546a4a8fde0d2665963d6c6806ed0e4c6070b2c32b62d0700164a06100803287a48ce6a9aaaea9c2a7bde6052a1e9f314e
-
Filesize
4KB
MD595930f5ff6c44ba301a5b16ba6281957
SHA181d2f21a0db9f3ef72f79a00f5e6255f4722e76a
SHA256ac47bb6fe4d5ddc64e71e361f865235aeaaa9b4e7c98ed4436993b973f29d080
SHA512de275b8a5afe9dad0696909dc91d5a7298d168eeaa8ecb900e210aa562970ea7fa3e6ecbb6829a36ed1e7a4776efc496e84291a4bde31036b6b6aea96bac6307
-
Filesize
4KB
MD5f99ae499d1e1a96b76f365f8155aa9bf
SHA1be73b3386c3c188d410effd866db315745fa33eb
SHA256268718489ebfb6d83b2bafc0d0fec957757381e6393a13aeafb6571dd9ae1013
SHA5121725544e5b31fca62014b87b93332bf7e7ee6c47d67793a5ac615929d7798ca245d25e2d26618a43da6c77a4bcfb3ffac1c96f48102f49b18d20a842b87a1e70
-
Filesize
2KB
MD553ad9c7610664857d0c2bc1ac31fa633
SHA115bc1b5f4f53f7fcda03389617d4e6a7c3d6a406
SHA256655c925612c5425272f7e59b6da43a4fb926f3b7bf3c6d2c9d1b7b8a97d0ef1d
SHA512b4113a7ad52635b6ef6e2005d49b86a762a7a5b551f937d4556142823c6518795deb0cdf493385b2b3f011750af13ac78feffdfaad5dec1d140e5fc2677ce77c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be2864e1-1e7d-4a3d-a338-242c8367a430.tmp
Filesize6KB
MD59ff789d14d64b50bd0de69f7109706ce
SHA172aef9d1abbc7b29a9dee88a9119a4c817fe71ab
SHA2562958ab916e2826a258506dde98cde5a514d66d69feead919f987cb66a2dbedd1
SHA5122f4d94ca67c6cf080d13c540f88d2e041b95388a072be4923d43c5054b030fac81a59cd421228b491d93436cc056e405358e1e9ec9b18a3c99106c16de65836c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD568908455481312a3e11c1c124beae026
SHA1c218321ee0add170cc0ea4047104258922a6484e
SHA256ca367b4c8357ae11d415de3773b556d8f28f3c949539c6147360debab073d47d
SHA51213fa46c7f31299f0b17e3cb36f08ca061ad8f98e9fab990718236d738ea94d38189a0f739b75dd36f2eb44ef9471be265f5aa7db39fc8ebd4c46874a7777ee51
-
Filesize
11KB
MD5e2bb5de8bf5af65b9bb5ba080ad4ed3d
SHA1fa6372930e897cbd301ab49a7e3ded3657af96e7
SHA2564d5ed83fd44659c17c938539a5605a13d307682cfaa0c9d17b1a2304aaf41b97
SHA5128bfa77c3c5edb4a257c3d9e2845aadd9fb46132e5cc2287c31f25aef3aeb2654b20943b85f525aba701590bd945caba58ffaea8ac94266a7998fd784341d5e70
-
Filesize
23.1MB
MD562965351557e481381b2874e4140ac00
SHA18d7d377718cefd5e6796136ce538be95d2c45213
SHA2564683a889198c3d4dcf0aa42d88726fb30f5b45664f5533ba2601aeaac4280d76
SHA512fb1c7b30a0771fb6e3c03be91bfc9125d717d85f1d874690fcaa780f5c3922038a7ba8c6da1bec4d7f2a5757fe24c1c55b095bb100a1a80eefe3014db385e61f
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\#.svg
Filesize373B
MD51e04efb419f370f1f5f044488dfd18f0
SHA1525dc1bc05a5d4ec6976eece428a1b16404d14cb
SHA2563cc12b5f866301d5344a2d43eb88ffcb343b1636aada9e1ff46fc734286d4656
SHA512e8e054ce6ffcdc99bbab58f938d3d5c5b23751f1fac91cd2cf04a312fb4c58069d904a332a8ecd66819bcfec0a0f05bf631c85ddd1d4de96e49c8fbc804c8b59
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\$.svg
Filesize1KB
MD5135df615d918ac90b94f054420bda173
SHA1024bbcf9bd26ade55d17ca34adfdab4fea576b08
SHA256e795421b518c7e34fd255d0f1f147b5a53a5f5e349d7bdd5fec72a97d9e2a2a9
SHA512aea8bb9139974f572e020f7adb6a2023996787d702fde9ffa565695ddb22bcce960ffd554ab86a383b952e4567ccc97d3d45e6a69cc0e5fe6b5240aa7db739a7
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\+.svg
Filesize234B
MD5334944216f18531e42e093ca38ad9b13
SHA1a5f54675a109e5ffbbc31fc1fdbfefef7fffa244
SHA256a26bd6457a8594602ee825ef832c415e71fb95c0e0e661b8e9302f86a6053f9e
SHA5126c2e5cdc4ba42160510193b88f392bb31e4f9da25835f4df3b3d0b2e7837b6c7699ff68be53a0b3cb1a9ad972450f27fc11aea85b5b7d80d5ef48eb555075161
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Ellipse 1.svg
Filesize157B
MD5c182441c2c012643033f88cc3ffe59b1
SHA161e88c80171f35de39b622f0ead21cea34a9443e
SHA256d2c99dcbf2f2eb53e0ea0b79a8e3db468c6e4e6ca8ded7648273f681405a7773
SHA51277b1169c1d1687eebb51946174cdc09acf35dc6ac8530cc3e2195376c831cdcea4a86d4cb3fcab2b3ee2a9481a1f166f74c23778d49badeacf9f26589913c130
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Ellipse2.svg
Filesize485B
MD50ad775b72aa74cae0db732655b9ac041
SHA14e6b2bf9d7c46bb81934325f37fd2e2ba5bc226a
SHA256061b3b0ada2cabedb8deaa5fb039dd8850321b8e7ed4a76587a6b3723aa5ea31
SHA512b0886b68476a08d87adce71eabb254584c8f3119385235ec761d19b9a2ef7cbc2030cffa6e836dbaf00b4fb78e379b992cecec4d974698b43716c858556c1e7e
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Group.svg
Filesize357B
MD5ab22847b1d23ecae23fbdb7b389a1eef
SHA19c1aa82f8f7d56a18ecdcbe27d4be6be8f1c4267
SHA256494c090e8b31f507d6511e8d6f5ad20bae635c29fb2b669cb658ec8ba3e92173
SHA5124598cef4c7b3fa235eab36a331d475b1e123b0a1641c7cc9812e1b4d890adf2670fd3b781d10ee9c8d2f8feb85dd97b188b3d765c00409ad65bd69b3b5405754
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Rectangle275.png
Filesize131KB
MD5a5101651691600b8e93e9e51db5aa965
SHA1c67a17131b1db8a34fccc0e8bcdf3c285d6a926b
SHA25674d178b90870be5a8f3be42ab91e518daf89b7ea1f0223587670f164ad8e4b48
SHA512b9904a25a313963bee367c027418e8680ebde72e56e0f490c57d52374a1ac6ee3d26aff15d50a2689514d80cdc474600d28f95dbc65c5d61a5dd7a574b4c42cb
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\Vector (5).svg
Filesize4KB
MD567604cd1e62596eebdd8c928b647c3bc
SHA16b4656a9cf4bd72afefbdadb6bd94a7d2876289e
SHA256c3bfe41c20a0313d18d0d970399795e8c251562c42c2077574d8ea0d2ffcc37c
SHA5123d50064d17399199a40f8853e4290afe156b34329379f99a2dc5de41c8f5fcf9629965ae3314681ac82dd582d4dc9e8ebd2214d195a87bbdd06ac45d4293bef6
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\emoji-heart-eyes 1.svg
Filesize2KB
MD5b9d478ebac55470a3d04f93327413967
SHA12e89bba6baae46947068ee886d9a66996705987d
SHA2561a9c2d52186c0c18e0d9c202381517b484a6b579296ad7630d817269611625be
SHA51290c7ccfc2359f24529f542dd9cb8f90ce0c5aa1f1217390de97f3809e95cabc66d0e5fe4d49b2368681950694d6dffcda0b9c067456ec5ea040a611cca357b95
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\emoji-heart-eyes 2.svg
Filesize2KB
MD509cdf3768f6198d89aa7836154cacfcf
SHA1e8f42cd6ce969abbfe636580af9ebda9e4c8b157
SHA25665ea216efe36abcdc525de68990a4f4c2b64ff28707efc1e387285979988e290
SHA512aa393d663f5f4b28428786fdc995fb4cfb9e58960083208ac9308a048c0b5d5f46d098634a5f6d69677f77dd91fe5438911c6c071d6db70d5fd82a27e7b23a88
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\gear (1) 4.svg
Filesize5KB
MD5d5b4c49f7772d358dc7bd8796cef2fb2
SHA1a2d59d01fda76355c0abd58dabfc6aeceb634019
SHA256df11ff4584c426cadf0e9eb8bc5a87898a2b4494cf836e372ddda8e42516a39c
SHA51283c982b8990cdf3bb367d4b558ac73407ee35952635655c1e9626bf17edb53275562362de54211eac9cf8d8cbf30e612298dbed040db6e4fbd7f8bb78480ec9a
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\image 2.png
Filesize1.0MB
MD57b9226c81d8a8f293418c963476a70f6
SHA1ee9cd44aa608dbed85043a3093115981edb8b15c
SHA256da46b8fd282ced802fe959f3556c11a743f9dc5e0f97abfbc380d18c91f08025
SHA5124a0168dae4db53256514259cc40970f807fed5e23fad98721e86d971aafb1552cc8ed752cb813a287e30052734c6ec7600aa76a8fec14b8aa1ac61b6b2522781
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\assets\man.svg
Filesize1KB
MD5ce734cc5bd315d37831043ec4a9fcafe
SHA1181455ae69f9136af65f8cfce538eaaf21f37115
SHA2567fbeb61fb27b0170b05fec45d6b678cc85b9e205b6530324078e1bd4cd20cd2e
SHA51221d563622855b90120a87c3a43e4cbeea28382d2641a6f3ccbf532acfb8a79eee2a4933230b7017f4399f71f0fea11dd6b4f74a301ab1096ca1cecf52fbf0c0b
-
Filesize
50KB
MD5f2ac5f00e667230fde09c37f8c462e2f
SHA104822b4470beaff59ddd9820b19c3581f77e6b0c
SHA2568b1abbb51594b6f1d4e4681204ed97371bd3d60f093e38b80b8035058116ef1d
SHA5122a80e943662830b4a66e75d86cbdda61e47e1c2a1fd9a0a42f4c79cd0e5e7c2bdf54d3569afed512bb40b506ec29bb2595c49c87102e820c615f339790c2b4a8
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\commands.html
Filesize46KB
MD5b471f17f6058643084420cf1beeda806
SHA1540751cae241a1b2b25d4dd78f7d1f52967ca8d2
SHA256e9cf3e7d2826fa488e7803d0d19240a23f93a7f007d66377beb1849c5d51c0af
SHA5128630f6843d626426d1a00379d4da44d31998009699b9994c817401604a8752306d1e6002d51425e108f26c594ee43029806c85f6c5d2bed398f6f3407e6027a4
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\css\style.css
Filesize60KB
MD5b9beffe41a5c1e12b6250de643bc650c
SHA1da3c6cd9a23226721c02e5615c035b6fd2277d36
SHA2565bc0353980c4e51bda07dbfe8c6c8ed7bc861a9440069c8641376ac12f64bb41
SHA512e830b22bc7f198e5b392159db3fd77e903f3d74e970db5125e993fd2b12e47959a0f943530ff2520dfa2251d34356b8c4d912252bf1c4c23f6514d942e9ce85d
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\css\style.min.css
Filesize16KB
MD50da556c97b3f6123e9c38c903b008937
SHA1f5fd89b13a821f26f3b8a425b059763f6bee5d18
SHA256433eadf3ef0a5ad43286d61239823d888eaef8b3344128420ecc555582741b96
SHA5129ea47fbaf0909107103e96185ac56e832f61aeca59f0dcbf87c721323f1f63386e87fe56c39dd36ab22938feba136414a87dfbc7d5be58211d31ebabbeeaea83
-
Filesize
55KB
MD576f09673ac96b4cbdc1a4271f6d3c44d
SHA1ff366b0029b3725e720c7dcfd0872c5cac2b9e68
SHA2561def6bdec3073990955e917f1da2339f1c18095d31cc12452b40da0bd8afd431
SHA512dcd2d5003645a1e1363083abf9f171947c762254b272d937bdaeae58cedb56e54fed8ee37454b6cc028b50c1d3b3873c08372613d0dad259c2b5d31223f791a0
-
Filesize
74B
MD57f2ecdbcb581b2ed6da4d8d3156b2558
SHA14dbe1386aea5d0f1644db64eff3f5f6b05e8ade7
SHA25687635864b24fd38a1fce814301b4ebef9addc96caca2c0783f8a74412d8071ea
SHA512a7a33a20693a05ac90d2400383926f567bb865ce9e61d765ef7ca0f6ffa99c9f5bde11282a86e5632058cda5c0d35d5ea899ac391b3e4dd0734df0fe26ed4ed0
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\js\app.min.js
Filesize465KB
MD55ed5f8af5f246a29820fb875f563507f
SHA1ac0523ff2dc729f5d8af346359f96dd9ed5255f2
SHA25616691c1cebb95b2e0af0a8061cd8f0545dced6dc1191aa5b4b9c4619417cf3cc
SHA512db8280aa102985897e3ef3c55b4378f79bb8b78d6f83d298820d9198974d73e8d92b5b288f1f29f34048773f7a71f7b14cf6fae43939bec65564943e592556ce
-
Filesize
1KB
MD569f8e1d04cb2292ec4ed3c40a8a77ff8
SHA1cfa03dada1e766aa41846d868c6467c41ad86254
SHA256abb591fb5c5c3a2a38cbf68fe7db4cfbca01bf5bfcfbf5ae13c999ca1290f740
SHA5123e467a7c06d15b317d00526c21d04c33fc0f94aba7796560a27e77b6295127ed5693f8d7efee02a6240ceef0fe138df667b8bfd2339b1dfa0f0159d492034df4
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\rergister.html
Filesize16KB
MD51b11a8aadc72b2b6849c173edd89cab9
SHA14a81908f7c2b8a3c1d1f8295753952bd433d54c4
SHA256d7829f17583b91fb1e8326e1c80c07fc29e0608f1ba836738d2c86df336ea771
SHA5126c92e567be238b55e1c003f17ff26f0a7f2a623900a3926117c64cb2802473c5ce4c3bcb6e41c6ab7596015f6581c9d1868fd1d40b53423483ca8c4159e2b2b8
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\settings.html
Filesize61KB
MD53b88dccfbe45812174b6ca51c3518cb5
SHA1819c0c37389be53989ca25c3529c1473bebd0d64
SHA2561b88624936d149ecdea6af9147ff8b2d8423125db511bdf1296401033c08b532
SHA512ebcd9bf0fff3959299be89ca79d7e73968204e367fb827fd4f71f2818aab8fdb6d23d517ee2a53e5dc775e9d8d579753742c9e784bda2f581542bb1ad1169cf6
-
C:\Users\Admin\Downloads\Redline_Stealer_2024\Redline_Stealer_2024\Redline_Stealer_2024\statistic.html
Filesize10KB
MD572208f63646db492311708c3d1561516
SHA1d9997465b824b261cfe5a70ce1aa857e383f0991
SHA256f1ba92ae32fcaeea8148298f4869aef9bcd4e85781586b69c83a830b213d3d3c
SHA51267b0186c8c770a66d983f1b8795f7821773e9defb9bb632c2f68af4c7d1b6bf09497026ec244f4f95bfa6be312ce00edfaec904083afcec568891257beb6e298
-
Filesize
355KB
MD5bb84cc2853596d21a318576c4995fcce
SHA1477a224d5b4e398b34a978ac19def1cbafb211d3
SHA2566135bdbcfd9f824b3da0bef2ba73018a998967e20c5d0274c6a1c0433649b017
SHA512aa32be3d91bf6e2c8fed0d0e0407723466b477ab0d27c5d3cd705ac73365ab4c56de4f16d4786ee586e750d6835eba09775dbf5a93b0da0eaea4326f2fc2bd5c
-
Filesize
24.6MB
MD5374113d902b966da0bf173de3888ed94
SHA1a0bb16983023daf8994f6994810c84369c8c0ede
SHA2565a4d17bb2af1f1dd256931363684da48ad796aec595066996041b99a82af8aad
SHA5120fcdeeaedf415a03114073ed4f69980d9633f3273b50f40fbc2c2dea1f03b2ef0221ba52078ee06dc513e0802a074c9b33fa875ca37733386ee0d09875112500
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e