hxxps://gofile[.]io/d/SRT9tP

Resubmissions

05/07/2024, 16:54

240705-vesbwavapf 10

05/07/2024, 16:49

04/07/2024, 16:17

04/07/2024, 16:14

04/07/2024, 16:11

Analysis

max time kernel
90s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/SRT9tP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4812	Kurome.Loader.exe
2380	Kurome.Host.exe
4660	Panel.exe

Loads dropped DLL 10 IoCs

pid	Process
2380	Kurome.Host.exe
2380	Kurome.Host.exe
2380	Kurome.Host.exe
2380	Kurome.Host.exe
2380	Kurome.Host.exe
2380	Kurome.Host.exe
4660	Panel.exe
4660	Panel.exe
4660	Panel.exe
4660	Panel.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll	Kurome.Loader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
4044	msedge.exe
4044	msedge.exe
1920	identity_helper.exe
1920	identity_helper.exe
4516	msedge.exe
4516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	3176	7zG.exe
Token: 35	3176	7zG.exe
Token: SeSecurityPrivilege	3176	7zG.exe
Token: SeSecurityPrivilege	3176	7zG.exe
Token: SeDebugPrivilege	4812	Kurome.Loader.exe
Token: SeDebugPrivilege	2380	Kurome.Host.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
3176	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 1256	4044	msedge.exe	83
PID 4044 wrote to memory of 1256	4044	msedge.exe	83
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2980	4044	msedge.exe	84
PID 4044 wrote to memory of 2904	4044	msedge.exe	85
PID 4044 wrote to memory of 2904	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86
PID 4044 wrote to memory of 2684	4044	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/SRT9tP
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0d1746f8,0x7ffe0d174708,0x7ffe0d174718
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4500

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline Crack\" -ad -an -ai#7zMap3744:88:7zEvent15991
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3176

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline Crack\Redline Crack\ReadMe.txt
1⤵
PID:2772

C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe
"C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4812

C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe
"C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2380

C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe
"C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
6ee405d1ae1268b0c60bceb368e84abc

SHA1
4d1f3fe4fa35abe4cbf46485554b5c6de59d5199

SHA256
4d3fcb0413e85ee6f212946807db4bd21d4db243e1aac43a34e22a4fe349c5b1

SHA512
9a7ec3c39cf4e82c25791ef66af0de4236a6efc90153de0a5fc78666efc3136fdf4af3c736e7f1875e893f9bc630912e6bdd0fc6a5cf9383b004acb227d27c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
afc6cddd7e64d81e52b729d09f227107

SHA1
ad0d3740f4b66de83db8862911c07dc91928d2f6

SHA256
b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

SHA512
844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f5927b2c30b93913eeea4b349ec75b8

SHA1
7f443467594be2cdcd1f2421ea0dab315b9572ae

SHA256
ad9de075981e450c9a1c670c63effde5a9dcef5a995ee83b32a9469e470c3053

SHA512
37d0e70072105c49bb5ed0ae6ed04adf62823213ae7be799ad87c07738b07ebe3c735390188de9e7c0dd9a0899145befe97afc6c6982a94a60acc6b7798b1a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7b2e4b348c725752b0bf221a1175943

SHA1
6e0ac2c51eed44940bd5a9fb7453a7fd927bea2a

SHA256
9c01fc256805c7966d07f026e3c62c701f0b895c5d9c44624ac9294ba05c6bfa

SHA512
9805057442465dc3647cbf21dce24248b9987dd39c3c33f2968c855239890d5746d898f61e80de109cc3dd6b24c1a33f2cce9fdbd41236f2a2f76b957f321752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ead01bb2088c65a461609ca4357be060

SHA1
e2862a20c371ba8643002810dee056cd3511154d

SHA256
7cf5ef15f5fe8d2ca859417931ebb095368e7cf6f4b0d7ef75eaa1af09ed3863

SHA512
73ea293a1168bee22b32e1c0c53ecb4b386faac61183705316314fd53b386deb8a3e7887620844b13b774c0a3db19ae3fc692d3e273d0ffaa84530a8d8fb9528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bd249d02b23b7ebdc5adbe68dc224c3

SHA1
df80820ca184ea154da2d9db332f3fcc011f093c

SHA256
b3efac4490b2987318f3577bae62b1a4dc52fbcd892352fe939c0292694c5da0

SHA512
5b29e6b7881cf1001b518d3a4328fc09d6453af5398ed26976e8d958fa4d098780354d83b1b549057be8d9417f3e820266631c684fd11f3656d3ffe77f86ba3c

Download Submit
C:\Users\Admin\Downloads\Redline Crack.rar

Filesize
8.1MB

MD5
074ab00a6884e6ae21bd0ec676484c84

SHA1
2ae50e1fe181a80467f5aaca6978857381599e15

SHA256
4e33bacb99e5faef2d9d99dc712dd0b6b053414fafa29a83905e6ccb2afc2eb7

SHA512
13bd0745f497749038e032de2735ffff2f879c1eed69a83416c785c1435a4cd3de4e239603b5085eb2ba910fba67a4d5fe1182de5730d1fcd13d1d6b0a3ef129

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe

Filesize
119KB

MD5
4fde0f80c408af27a8d3ddeffea12251

SHA1
e834291127af150ce287443c5ea607a7ae337484

SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb

SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe.config

Filesize
189B

MD5
5a7f52d69e6fca128023469ae760c6d5

SHA1
9d7f75734a533615042f510934402c035ac492f7

SHA256
498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0

SHA512
4dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.WCF.dll

Filesize
123KB

MD5
e3d39e30e0cdb76a939905da91fe72c8

SHA1
433fc7dc929380625c8a6077d3a697e22db8ed14

SHA256
4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

SHA512
9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe

Filesize
2.2MB

MD5
a3ec05d5872f45528bbd05aeecf0a4ba

SHA1
68486279c63457b0579d86cd44dd65279f22d36f

SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe.config

Filesize
186B

MD5
9070d769fd43fb9def7e9954fba4c033

SHA1
de4699cdf9ad03aef060470c856f44d3faa7ea7f

SHA256
cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b

SHA512
170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe

Filesize
181KB

MD5
d12407c805a128099e2ae7929ec81030

SHA1
d5de8f0adff0d33780d1307ddbaa08c210b21432

SHA256
74e5079e7eb3e39ecf0f0d2d48a119770100bfd44f7f776a12ec0c25ed5936b8

SHA512
bc67efe96ef236eec83dbfd6b5258f79c2e99e1454132f75e399fdcede06f4468e355d263c06c507f47dc0c7273b87e99fd142a1f6841d9c56ef318908f8bef1

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe.config

Filesize
26KB

MD5
494890d393a5a8c54771186a87b0265e

SHA1
162fa5909c1c3f84d34bda5d3370a957fe58c9c8

SHA256
f2a5a06359713226aeacfe239eeb8ae8606f4588d8e58a19947c3a190efbdfc7

SHA512
40fbd033f288fee074fc36e899796efb30d3c582784b834fc583706f19a0b8d5a134c6d1405afe563d2676072e4eefc4e169b2087867cab77a3fa1aa1a7c9395

Download Submit
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\ReadMe.txt

Filesize
401B

MD5
0e9ea2262b11db9e8c1656c949da4495

SHA1
f332749e10817048cea5e1584edf5e88f47024eb

SHA256
ad8361226621c8261d69e1202e7f9831a00f3bb6549d77219d5deb0e8a6cbde6

SHA512
00aae0c559823ff27ca8af431d24d4fe8a3f4683b0d776a80fb14a96d82030cedf6ec1ddf2efd7fc229e2c2b3ab3ac0b15326dc1912cdd07932ec7ff8f80975c

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

Filesize
3.4MB

MD5
059d51f43f1a774bc5aa76d19c614670

SHA1
171329bf0f48190cf4d59ce106b139e63507457d

SHA256
2eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d

SHA512
a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7

Download Submit
memory/2380-204-0x0000000005270000-0x00000000053EC000-memory.dmp

Filesize
1.5MB

Download
memory/2380-217-0x00000000054A0000-0x00000000054C8000-memory.dmp

Filesize
160KB

Download
memory/2380-203-0x0000000004F00000-0x0000000005262000-memory.dmp

Filesize
3.4MB

Download
memory/2380-209-0x0000000005A10000-0x0000000006028000-memory.dmp

Filesize
6.1MB

Download
memory/2380-210-0x0000000004D30000-0x0000000004D42000-memory.dmp

Filesize
72KB

Download
memory/2380-211-0x0000000004DD0000-0x0000000004E0C000-memory.dmp

Filesize
240KB

Download
memory/2380-212-0x0000000004E80000-0x0000000004EE6000-memory.dmp

Filesize
408KB

Download
memory/2380-213-0x0000000005680000-0x0000000005906000-memory.dmp

Filesize
2.5MB

Download
memory/2380-214-0x00000000053F0000-0x000000000543C000-memory.dmp

Filesize
304KB

Download
memory/2380-215-0x0000000005510000-0x00000000055DE000-memory.dmp

Filesize
824KB

Download
memory/2380-216-0x0000000006140000-0x000000000624A000-memory.dmp

Filesize
1.0MB

Download
memory/2380-208-0x0000000004C40000-0x0000000004C66000-memory.dmp

Filesize
152KB

Download
memory/2380-218-0x0000000005630000-0x0000000005680000-memory.dmp

Filesize
320KB

Download
memory/2380-219-0x0000000006030000-0x0000000006130000-memory.dmp

Filesize
1024KB

Download
memory/2380-220-0x0000000005920000-0x0000000005950000-memory.dmp

Filesize
192KB

Download
memory/2380-197-0x0000000000370000-0x0000000000394000-memory.dmp

Filesize
144KB

Download
memory/4660-232-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/4660-233-0x0000000005280000-0x0000000005824000-memory.dmp

Filesize
5.6MB

Download
memory/4660-238-0x0000000004D70000-0x0000000004E02000-memory.dmp

Filesize
584KB

Download
memory/4660-239-0x0000000004F80000-0x0000000004F8A000-memory.dmp

Filesize
40KB

Download
memory/4660-240-0x0000000005060000-0x00000000050D6000-memory.dmp

Filesize
472KB

Download
memory/4812-182-0x0000000007850000-0x0000000007E60000-memory.dmp

Filesize
6.1MB

Download
memory/4812-181-0x0000000000610000-0x0000000000846000-memory.dmp

Filesize
2.2MB

Download