redline | hxxps://mega[.]nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ

Resubmissions

17-06-2024 09:46

240617-lr276svgjh 1

16-06-2024 18:43

240616-xdarjssdrd 10

16-06-2024 18:43

240616-xc49rssdqd 1

Analysis

max time kernel
350s
max time network
350s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16-06-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ

Score

10^/10

redline 123 infostealer

Malware Config

Extracted

Family

redline

Botnet

123

191.101.209.39:1912

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/4652-565-0x0000000000AE0000-0x0000000000B34000-memory.dmp	family_redline
behavioral1/files/0x000900000001ac88-617.dat	family_redline
behavioral1/memory/4652-619-0x00000000002F0000-0x0000000000342000-memory.dmp	family_redline

Executes dropped EXE 2 IoCs

pid	Process
4652	build.exe
2696	build.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\WF.msc	mmc.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4272278488\2581520266.pri	mmc.exe
File created	C:\Windows\rescache\_merged\3418783148\2566861366.pri	mmc.exe
File created	C:\Windows\rescache\_merged\4185669309\3653706970.pri	mmc.exe
File created	C:\Windows\rescache\_merged\1974107395\975126586.pri	mmc.exe
File created	C:\Windows\rescache\_merged\423379043\145411833.pri	mmc.exe
File created	C:\Windows\rescache\_merged\81479705\712695724.pri	mmc.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	mmc.exe
File created	C:\Windows\rescache\_merged\1301087654\4010849688.pri	mmc.exe
File created	C:\Windows\rescache\_merged\1476457207\876982712.pri	mmc.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	mmc.exe
File created	C:\Windows\rescache\_merged\2483382631\1954082820.pri	mmc.exe
File created	C:\Windows\rescache\_merged\2878165772\3817587045.pri	mmc.exe
File created	C:\Windows\rescache\_merged\3623239459\11870838.pri	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630370388695694"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4608	chrome.exe
4608	chrome.exe
712	Panel.exe
4740	Panel.exe
4740	Panel.exe
712	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe
712	Panel.exe
4740	Panel.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
216	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: 33	2144	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2144	AUDIODG.EXE
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe
216	mmc.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
216	mmc.exe
216	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 1032	4392	chrome.exe	74
PID 4392 wrote to memory of 1032	4392	chrome.exe	74
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 3608	4392	chrome.exe	76
PID 4392 wrote to memory of 4768	4392	chrome.exe	77
PID 4392 wrote to memory of 4768	4392	chrome.exe	77
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78
PID 4392 wrote to memory of 2532	4392	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffde1649758,0x7ffde1649768,0x7ffde1649778
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4860 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3600 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4668 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5272 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=688 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1788,i,3467891295187190422,5400440278269584373,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2144

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:60

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\WF.msc"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:216

C:\Users\Admin\Desktop\RedLine_30\builder\RedlineBuilder.exe
"C:\Users\Admin\Desktop\RedLine_30\builder\RedlineBuilder.exe"
1⤵
PID:4652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RedLine_30\builder\builder.bat" "
1⤵
PID:524
- C:\Users\Admin\Desktop\RedLine_30\builder\RedlineBuilder.exe
  RedlineBuilder.exe -ip 191.101.209.39:1912 -id 123 -by_parts
  2⤵
  PID:2512

C:\Users\Admin\Desktop\RedLine_30\Panel\Panel.exe
"C:\Users\Admin\Desktop\RedLine_30\Panel\Panel.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:712
- C:\Users\Admin\Desktop\RedLine_30\Panel\Panel.exe
  "C:\Users\Admin\Desktop\RedLine_30\Panel\Panel.exe" "--monitor"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740

C:\Users\Admin\Desktop\build.exe
"C:\Users\Admin\Desktop\build.exe"
1⤵
- Executes dropped EXE
PID:4652

C:\Users\Admin\Desktop\build.exe
"C:\Users\Admin\Desktop\build.exe"
1⤵
- Executes dropped EXE
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
36d665c1c93228c623e21847116ce458

SHA1
8e14236d32170ff87d3571524d2dd93e4fb640d0

SHA256
4f2009fe84c72562f3761fe544a0d3038f7b694d69443b7910dcb3d2e9021d65

SHA512
078d97fdece960433d94f4648eb5d6d457da71091a0f24203a16b541066406b8b9337692a8f9c7e7ce439b4bb5d4e6cbbf92c1a3988931be9c533a0d1f98006f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e82e9d0e149569bc385754345a0d8e62

SHA1
ba6aabe78e201c4c8fbbb5027b280c3272e2b775

SHA256
59e1f132f501e4b31f68f338b86fdfccaed2c82f53d942f7aedaaec7726c6aa2

SHA512
6e306a89638d0f4eee871e483e81a312c9f720446610dd64695cafe5f5932a40df69684f9fb5e343db626dfba07c8dd62e473ce3fd0b0d9077a32271dd426017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f69b75d0b62789fbadc668ff51b0578e

SHA1
7cd1810417a80cc0f3a36602a686bd555e119879

SHA256
272ea8b9d7dba6ea2c2395e2a9d5ec9a51a7908b8ac4f24ba7c346798a550b79

SHA512
4cccb2a86428300847d8601e7402b09e4889d4687b05b8671616ded1785a1599bbdadd2aa35711ef7ca5fedc831af499c411d24994c8171b8f730631d9b65d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

Filesize
4.5MB

MD5
a1b1845c79c6b9626272e30eb599014b

SHA1
e4f96c9c662b1d6f277b5eac4a764e9bd91a23c5

SHA256
c35bf5bc5a95d9698f36ce56ab13d00b5a5202e5bb8c37b83fc494909382cde0

SHA512
753dd5ee1edda24f313da08f137bfe2115f496aa85bd4f6861846e9989452b430fcd8b26bcfece5824a828ea159e9c5f04810ea7b50e43e13451d18d1c01326b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
11KB

MD5
3c3463500e1d1c92a2b545fb586ab2c3

SHA1
88b0e86aea8c990b7379bd6b02d79d12eda27565

SHA256
b3bda005d8ec6b4912def01a932b902517feb3b68847f2813b38d03db3600429

SHA512
39778381e43fc3d39447bfb434ccfb1fdbc967b5cb50aec609f67caf495bf8acc78311b638daad401028114f1352e11dd976f962f7b9f65ebc8469afc8242964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
de8d4cf703fcec598f96ec2b4d265948

SHA1
45055fa269da5466efdedc584f2e4ab6505cf1ec

SHA256
9bb85fc237d317465af233c17f9de624dd6fc824de72e09bbcb1fb43096dc696

SHA512
4c7546da63cac3f3b043103e4c5511f4f3ac0f3a66b56d3f52a0abae6ef3b4742b4980973296ca6d2f52999d70669cbca659c52f87311114bdd9fec7e7cb4e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
340de44a9d067fde411cc649471fa1e9

SHA1
f609078b4cc08c8b047e9895a35a37a1d3225065

SHA256
2da1bda444092a93443b9a899afa59283f65c163ada254978a85b07c83de9b40

SHA512
090cf92e46aa3a47cbde68fb1782745a35430ac614202aa24ce361e487ee916b4d2f6ee76b4e1d47d6010fd59a17cb60e9b3508ccc54bf7c32eb7d0a0a8dfb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
74e26a1f625d68205ee55374f94155b2

SHA1
cf9c0907ba4d9e4cd033de02a9b50f5d8273a65e

SHA256
5316b0ec21914abb79b0f4594c1754972e37aed21de338f8be0d5bef2f00c521

SHA512
af3b727e26b99698d65ea037894cfe15363bb14bc6dd3fa6028086b4a2b522d6b6dc6f011b6f0ab618d33476db0eb51bef99502a94d0815e49eb64be828f5e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
3c0788c212569bab39fd6bbe68143266

SHA1
18db1c8f74a4ec1776b114089a624e4a4e5cacfc

SHA256
53c5db29fd30b52b0da411e21c4f0af67f4110df435117ba6f0baafd637a66a0

SHA512
22662ea7608fd4e94f4deae68ad31fb9cfa6e51c156eb81cca7feec1c58fa632260e98d4cab8d18f3deeedb001c5d05e2238193a063d79ad2fc17c528b00bff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
376B

MD5
3382db25854feb7a39288ccb6949a55c

SHA1
dc77fd5fc2d3fc735d167ea435a4fa18c7013119

SHA256
9a2c30c0a68be2c7f036693dcb8c7d1b851aacbdf9ff9c9c6ff1eef71ec47dc6

SHA512
07923915bfdee575314735f03c2d50a6ce8c81f4ae0d4dab09ad415d9f14c633e27e6907ea831628df523aa726850bc7e6ed550df7d34f5ae196314f3e004bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57a7d9.TMP

Filesize
335B

MD5
0439ea1769cc659ebf6f94f039782ad9

SHA1
5a5b0efd098f515dd99eaad07ecad5775eab4ed1

SHA256
44242ab520c2b0263bdd361961e76b997d17dc41ad1620e64df7df9767bdced1

SHA512
f33ae379331a94b06a80fa4f92619a396e941fab3c7b39cf7aec299d2ead513e3549e899e525d3557fafaff1e412805104229a6e8ba5f2b7db44256e5308f99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c5a58d24d8a2ef8958c38eb05ad2cb6

SHA1
1cdfea01f44b3256ada98181ace722403897ed94

SHA256
5e0fa919b2084db59729e19e96d5a10f64ddb3f600078b5a2be5cd4802345a70

SHA512
33609748672607becbd31c64e24b52446e7b4a026276d9a0d31fbd2d4e2f47d0f100a5acacccf3a1a5f4c73315c1f130382774ff37c81dfc446bd94ff2819ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
280b9433503cf317f878b48e012b1087

SHA1
65402e0eb19406e39e245f0500997c80a8c03c3f

SHA256
e1ca0200547d4d7a53fd41fcd9bd503bf825589223024945f09f595911a2fb29

SHA512
6d6376075704ae0932e758fde33aad18307edf70cea0811101bdb084ca9e934332efab0997e4033d1f7ed87061a1f92256291fd9e78824466446242822b4620b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
53a22d79e13b277ba55ae75fa4c141c0

SHA1
a3f52bb8759583d5de4023dd8673944fdf481a13

SHA256
ee5c727e1033876db7683498172b4d84267a5839f044f86b9873b5af0379a111

SHA512
1e39a3053cf9dfea2d793664c4440a2f7766421cccd95a038b0908fb5ab56788647302a328e9ce0fbc181f9438ced0b71ffba4817246b64a8f8306996dba1cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5402eb54fc9aa9e3896cee2ded7c1fd2

SHA1
e192aeac025372cd4e80357abb4213527dd3f98f

SHA256
7a3fed20f5fe4e1218b0f255f607268e9d4f3fade418b2f1be679f7ed72f8281

SHA512
b03d297637ee4243c634434ff671c57bf839617735ceda08cb3e09749b177bc1f5a9de0e8fd7ee985c2955981b7a7229cef2dbde4190c0869bc1b2d6002579c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
07eba6546823684649f27e65caea9ffe

SHA1
b4923f95879b826f580b5f2d5d258d1296fd9812

SHA256
86b81bbcc4847d396f8219217e1d2a8b55f20315d4e4896fd8451de5f27a5af4

SHA512
d096233a16af1ac264d3c84aa70a30b685d44a5d011096c049b086bdf2760b5e80baa6504d4fef7aaa44c92d73f924c4720a5c6a394cbd6f68ac476d4cf76e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c0ed54b606b3800db7147497a9d3af9

SHA1
3ccab64505fd60535fcd6ad9d13fd59a6faa54a0

SHA256
9f9b5fee9b0726be6ac2aa7da1235f771dcc43b1fe20dd98c382fb123916d318

SHA512
ec64dc47d1aeaf743afb5b0a7eab1f43fba7fb20050c789bd67231c7d3ee12a967b7a5202dc02a9cb45b412404230a6a088b0936b2c66c0a42f6eaafa1a08435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f45e6d24302c6f59e551796fb81cfaa2

SHA1
44b0b98a92759a179ce892224df9a73bf047daec

SHA256
5ffc0a5fdc74f2fa24a95f3acc5c6f67eff0077e00394b52972dc81d1e87d1db

SHA512
3a5f87d5282d07c027aa02ac5910baf0d4ac6f9b3e7ce3108db80b9ad49f8bcc9fba9ec6ad8fbf0ba222dc44416cbb555c3fbb2e0eb07741444d29ab240d5b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91a731a65a6aee4b9369d4044481f9b5

SHA1
f311851f3013d49dfba6e3de5d8f1007b4157ae0

SHA256
ead405d22d580252faeb71832b11896de3185171c456bce990645f2d74ad8275

SHA512
84069012d10a78742448b282033f35974f37762ca970febbec890205d28e578950a2f71e05c2e0abebe3919799c025d0e2900470a8e3800970872a6e6c80c835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15383f73505d8d3485c2d27a66cc4e5c

SHA1
dd77057ad25fdc14c127af10a95cc21c6ee18193

SHA256
671153f8f46fdb0dd9906b35177bdb338698cb81a348f60fd58b387bcad85331

SHA512
c6801286d03fee896c2f49e2ee69508ee2dbe2c4783d99f80a3782a14bb222afb09e76b2899b925378c224947df4cbb477dbef1b5f0a5c3f42bd7ae3ccc244a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80c31f0199850ebdf7be6d3cfd460742

SHA1
c46fc60283c9d336361f22c1ea708df92656a907

SHA256
d51a3b0aeeee67db0e0836c3d18a216f5606b9bd9c5658536ca590e2872be9d5

SHA512
68412b19da9f5a573ef21a11978de3852476a311ba89879051c4a0be09c9ab1699de44f56ccc493d1219eeaf5c08f5930c4363fe30e8f48fe4f1e86bb742d9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5dba3f30fcad9ca4641848ec91aff27

SHA1
b070da5b0adc84e4fb41b9db7d32f6930bfba5bd

SHA256
3fe83b6fb5fa2ad7e927729e69b24aabc89286767d159d38994cc3862dbbfa7b

SHA512
8effe3468a0f757a256ee87abb5eea1d6ed4f7138efa7801bbeb4630c13433a7157883c047a6b0c7a3987bb3e64aa38dc6d46725c5ccefea869d8b7db75e653c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b8f75972017d88a0ecbfa3acbc084040

SHA1
0b8bc9cfdc5cf230c85f0f1775c0546d05d4b426

SHA256
e4503910ee98fa224bf7a8428c9115ed038905cb8ffce0977fc2fd70d328f588

SHA512
70cfbda99712e8deec13460414c0581c836cf2ed248fa76696844abaff92f2d86177e130e096a168d3fbf570b980aa67e24b3797db1ca9184d318af7fbb49ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2cd73a6b3551fd00311e134bdab5a8a2

SHA1
2dc88a48f1bafa153fc2bbe40f2f4950aae01b00

SHA256
95260813d3d53074dcd5eb9af6b12fcce36c2080d9656520822799bb54156157

SHA512
e4c8750cafeb60c7c2eeb91e5058c6f75503a018fe41c0f2d676995b5129fd1c1683550e964387915544c1a4dbf06c92b14ea668f33b550b44180a816b83cb4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57da52.TMP

Filesize
48B

MD5
efae60f1c6e167bc6e4ca7c8b82b77d1

SHA1
489c5a0565c71935694a0de14aadad83685019b0

SHA256
baf584751fd47a2b0f9cf5f01d6b4de572aab21bd83947ec0d7831f046607eed

SHA512
42c99d6a56667e7fd9e977126308b84c09652cab047d56f740d684bd357cc1266200e204018658dcb91365bd0b5654739f052b4522905828063ca0f7bb61578a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
3831a7c8874915077dc5522db95a13ac

SHA1
21a2d4b3cfef8b891287b4ee6e6d1dc81aa1fbfe

SHA256
7d12e8aa01a306fdf790f96a1d0790d327daf00f7f3cbd77efd1e4569c4dfe6a

SHA512
e9a6b4b7be550d8fc73f7dd2369e95d87ff0bb7de5cea6a83329e73bc8a27f5812b0603c2778e6bbd51ca889e49956203fec20bc5e7a015dde64f6127cb9c241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
3a9e93f0ef4990ae7d78cde608b14e98

SHA1
31259bc40fef848fbcd12537e0234c7dfa0fb86f

SHA256
be0df388326ca7a2004aba82a405503ff5859a32d57aa70a6c5d9c0ef5cf153a

SHA512
e477d945b161adf90ac75d9882fe77ca811c74214fa17a06f41bd0c764d6f520303b387d1e782dbad72256d390443b1c4053ff76c6be4454894564c63d8cf74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b36d.TMP

Filesize
98KB

MD5
83256ff4824801f071722570f040abda

SHA1
36cdf9c8433bb7ad05734403a220efe5ddeb7dce

SHA256
b8eedd43d5c4c4ce03f32eead6541c1b68f369db79fd30a94da291daf707172f

SHA512
0b36b42c35fc728289f833b721868a3c70ca94b4e7a455c5f6f1c06ce87f39190017cf700b8b5f7ce4079c26ead7eea65bd0c66498b9c33675eb6117e59a14f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RedlineBuilder.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\Desktop\RedLine_30\Panel\stats.json

Filesize
174B

MD5
0f91aea181cd167baad6ef0f2f07176d

SHA1
924f29e47a17e4933a4d8db2627344657acbca20

SHA256
60f69cf6704a36cfdb8ca2b1304db90b8dc60ff1364ff225c9c97c928b4577cf

SHA512
025ecaaeb9972978792c86a5c5f0d4aa53dfcaf30ea867808cd398ed7ab1acf53e179393aeab0424bd23115fc267723d4fcb70107347fbb8ad3f1ff8e9c3d3dd

Download Submit
C:\Users\Admin\Desktop\build.exe

Filesize
300KB

MD5
890528004db6312fb56785c787ffa7f5

SHA1
ee5ca545dec43270bd61527c0cca5383ef82d5c5

SHA256
7a88f9f3cdf93b6145543980750290fb1b69ed58e51958b85be29a4569b4d61d

SHA512
3bd9b3d0fef2b21a1599c78a89adde1ab1c9f739a6fdd13b78f11269f9da1d844073c8a213c4c295eaf16975d3c5cda88cb5e3c93346b29e92d94b64c082f1b5

Download Submit
memory/216-475-0x000000001F410000-0x000000001F432000-memory.dmp

Filesize
136KB

Download
memory/216-416-0x000000001D810000-0x000000001DCF4000-memory.dmp

Filesize
4.9MB

Download
memory/712-588-0x000001DE497C0000-0x000001DE49970000-memory.dmp

Filesize
1.7MB

Download
memory/4652-565-0x0000000000AE0000-0x0000000000B34000-memory.dmp

Filesize
336KB

Download
memory/4652-626-0x0000000004E40000-0x0000000004E7E000-memory.dmp

Filesize
248KB

Download
memory/4652-566-0x0000000005420000-0x0000000005546000-memory.dmp

Filesize
1.1MB

Download
memory/4652-627-0x0000000004E80000-0x0000000004ECB000-memory.dmp

Filesize
300KB

Download
memory/4652-625-0x0000000004E20000-0x0000000004E32000-memory.dmp

Filesize
72KB

Download
memory/4652-624-0x0000000004F30000-0x000000000503A000-memory.dmp

Filesize
1.0MB

Download
memory/4652-623-0x0000000005B70000-0x0000000006176000-memory.dmp

Filesize
6.0MB

Download
memory/4652-622-0x0000000004BC0000-0x0000000004BCA000-memory.dmp

Filesize
40KB

Download
memory/4652-621-0x0000000004C00000-0x0000000004C92000-memory.dmp

Filesize
584KB

Download
memory/4652-619-0x00000000002F0000-0x0000000000342000-memory.dmp

Filesize
328KB

Download
memory/4652-620-0x0000000005060000-0x000000000555E000-memory.dmp

Filesize
5.0MB

Download
memory/4740-592-0x000002078D5B0000-0x000002078D5C2000-memory.dmp

Filesize
72KB

Download
memory/4740-593-0x00000207A6130000-0x00000207A61A4000-memory.dmp

Filesize
464KB

Download
memory/4740-602-0x00000207A6B40000-0x00000207A6B50000-memory.dmp

Filesize
64KB

Download
memory/4740-601-0x00000207A6BB0000-0x00000207A6BEE000-memory.dmp

Filesize
248KB

Download
memory/4740-600-0x00000207A6B50000-0x00000207A6B62000-memory.dmp

Filesize
72KB

Download
memory/4740-594-0x00000207A9630000-0x00000207A967A000-memory.dmp

Filesize
296KB

Download
memory/4740-596-0x00000207A6B00000-0x00000207A6B10000-memory.dmp

Filesize
64KB

Download
memory/4740-591-0x000002078D580000-0x000002078D5A2000-memory.dmp

Filesize
136KB

Download
memory/4740-589-0x000002078D540000-0x000002078D57A000-memory.dmp

Filesize
232KB

Download
memory/4740-590-0x00000207A5FF0000-0x00000207A60A0000-memory.dmp

Filesize
704KB

Download
memory/4740-595-0x00000207A9600000-0x00000207A9618000-memory.dmp

Filesize
96KB

Download