Analysis Overview
SHA256
54b542bd706838bc61c23ef8189935fc74e0099b14e509d33649b43ff108d85f
Threat Level: Known bad
The file Redline-crack-by-rzt.zip was found to be: Known bad.
Malicious Activity Summary
RedLine
Process spawned unexpected child process
RedLine payload
Sectoprat family
SectopRAT payload
Redline family
Dcrat family
SectopRAT
DcRat
DCRat payload
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Scheduled Task/Job: Scheduled Task
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-01 21:19
Signatures
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Redline family
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Sectoprat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-01 21:19
Reported
2024-11-01 21:30
Platform
win11-20241007-en
Max time kernel
584s
Max time network
586s
Command Line
Signatures
DcRat
Dcrat family
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Redline family
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Sectoprat family
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Uninstall Information\fontdrvhost.exe | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
| File created | C:\Program Files\Uninstall Information\5b884080fd4f94 | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
| File created | C:\Program Files (x86)\Google\csrss.exe | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
| File created | C:\Program Files (x86)\Google\886983d96e3d3e | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Loader\Kurome.Loader.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Loader\Kurome.Loader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\Panel\panel.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Host\Kurome.Host.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\csrss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\build.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "10" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\Panel\panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\NodeSlot = "9" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 = 4e003100000000006159d6aa100054656d7000003a0009000400efbe4759005f6159d6aa2e0000004c570200000001000000000000000000000000000000eb462001540065006d007000000014000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 500031000000000047592d64100041646d696e003c0009000400efbe4759005f61598daa2e0000002c570200000001000000000000000000000000000000ef8e1b01410064006d0069006e00000014000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 56003100000000004759005f12004170704461746100400009000400efbe4759005f61598daa2e000000375702000000010000000000000000000000000000000fe15d004100700070004400610074006100000016000000 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| N/A | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\csrss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Panel.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Google\csrss.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Redline-crack-by-rzt.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Host\Kurome.Host.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Host\Kurome.Host.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe"
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Loader\Kurome.Loader.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Loader\Kurome.Loader.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\Panel\panel.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\Panel\panel.exe"
C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe
"C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe"
C:\Users\Admin\AppData\Local\Temp\Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Panel.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 6 /tr "'C:\Users\Default\SendTo\lsass.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Default\SendTo\lsass.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 12 /tr "'C:\Users\Default\SendTo\lsass.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 14 /tr "'C:\Program Files\Uninstall Information\fontdrvhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\fontdrvhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 11 /tr "'C:\Program Files\Uninstall Information\fontdrvhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Google\csrss.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\csrss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Google\csrss.exe'" /rl HIGHEST /f
C:\Program Files (x86)\Google\csrss.exe
"C:\Program Files (x86)\Google\csrss.exe"
C:\Users\Admin\AppData\Local\Temp\Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Panel.exe" "--monitor"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\FAQ.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Redline-crack-by-rzt\ReadMe.txt
C:\Users\Admin\AppData\Local\Temp\Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Panel.exe" "auth" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuHxEGx5Ev0OYR1Vp3A2QXgAAAAACAAAAAAAQZgAAAAEAACAAAACIdFbq1vdTqIAMdQBoIi+VKDWr80NARBqfBhIJZsTq9gAAAAAOgAAAAAIAACAAAABjbJt7aa/VFzFbTiACcNjCwAZXeP4AfHkZOOkP9ppPtBAAAABAwjRx3XjvTHzD7t7BJxx1QAAAAE3Lb63Oavd3b4TqfM/vRfN9DHuF9QhziQZ9RYSjtFFZHOSUogBBpdGoCN0CqzZx4LaCiWXDpHntDmHUJQ1Nfug=" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuHxEGx5Ev0OYR1Vp3A2QXgAAAAACAAAAAAAQZgAAAAEAACAAAAD59P5258WTiNp4sMaUSYDIdk1yjS2Z4d35SeyrFNqODgAAAAAOgAAAAAIAACAAAAAepQ2Sd4EvUrq37BOMmai71eWkMPoltxbT3frKc7KSQhAAAABreFoYgZ36TVyqITtWVMkhQAAAAD1oVez36kTrSAxWLfMjZgqkbAHjvqNCJlUSsXMh5t2Hvh2x4VGRhooTvxBNCuJd/YG7gRrMwApFUpFhmp74ArE="
C:\Users\Admin\AppData\Local\Temp\Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Panel.exe" "auth" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuHxEGx5Ev0OYR1Vp3A2QXgAAAAACAAAAAAAQZgAAAAEAACAAAACIdFbq1vdTqIAMdQBoIi+VKDWr80NARBqfBhIJZsTq9gAAAAAOgAAAAAIAACAAAABjbJt7aa/VFzFbTiACcNjCwAZXeP4AfHkZOOkP9ppPtBAAAABAwjRx3XjvTHzD7t7BJxx1QAAAAE3Lb63Oavd3b4TqfM/vRfN9DHuF9QhziQZ9RYSjtFFZHOSUogBBpdGoCN0CqzZx4LaCiWXDpHntDmHUJQ1Nfug=" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuHxEGx5Ev0OYR1Vp3A2QXgAAAAACAAAAAAAQZgAAAAEAACAAAAD59P5258WTiNp4sMaUSYDIdk1yjS2Z4d35SeyrFNqODgAAAAAOgAAAAAIAACAAAAAepQ2Sd4EvUrq37BOMmai71eWkMPoltxbT3frKc7KSQhAAAABreFoYgZ36TVyqITtWVMkhQAAAAD1oVez36kTrSAxWLfMjZgqkbAHjvqNCJlUSsXMh5t2Hvh2x4VGRhooTvxBNCuJd/YG7gRrMwApFUpFhmp74ArE=" "--monitor"
C:\Users\Admin\Desktop\build.exe
"C:\Users\Admin\Desktop\build.exe"
C:\Users\Admin\Desktop\build.exe
"C:\Users\Admin\Desktop\build.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe"
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe"
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe
"C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\build.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\GB[1996F3479105558F613CB87EDB6E18A4] [2024-11-01T21_26_46.0169245]\UserInformation.txt
C:\Program Files (x86)\Google\csrss.exe
"C:\Program Files (x86)\Google\csrss.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4d7fcc40,0x7ffa4d7fcc4c,0x7ffa4d7fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4376,i,6814739652153785919,2761265271755388724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | a0682132.xsph.ru | udp |
| RU | 141.8.197.42:80 | a0682132.xsph.ru | tcp |
| RU | 141.8.197.42:80 | a0682132.xsph.ru | tcp |
| US | 8.8.8.8:53 | 42.197.8.141.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:31731 | tcp | |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.12.31:443 | api.ip.sb | tcp |
| N/A | 127.0.0.1:31731 | tcp | |
| US | 104.26.12.31:443 | api.ip.sb | tcp |
| RU | 141.8.197.42:80 | a0682132.xsph.ru | tcp |
| RU | 141.8.197.42:80 | a0682132.xsph.ru | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
Files
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Host\Kurome.Host.exe
| MD5 | 4fde0f80c408af27a8d3ddeffea12251 |
| SHA1 | e834291127af150ce287443c5ea607a7ae337484 |
| SHA256 | 1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb |
| SHA512 | 3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5 |
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Host\Kurome.Host.exe.config
| MD5 | 5a7f52d69e6fca128023469ae760c6d5 |
| SHA1 | 9d7f75734a533615042f510934402c035ac492f7 |
| SHA256 | 498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0 |
| SHA512 | 4dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f |
memory/4700-65-0x00000000747BE000-0x00000000747BF000-memory.dmp
memory/4700-66-0x00000000003B0000-0x00000000003D4000-memory.dmp
memory/4700-67-0x00000000747B0000-0x0000000074F61000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Host\Kurome.WCF.dll
| MD5 | e3d39e30e0cdb76a939905da91fe72c8 |
| SHA1 | 433fc7dc929380625c8a6077d3a697e22db8ed14 |
| SHA256 | 4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74 |
| SHA512 | 9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8 |
memory/4700-71-0x0000000004DF0000-0x0000000004E16000-memory.dmp
memory/4700-72-0x0000000005670000-0x0000000005C88000-memory.dmp
memory/4700-73-0x00000000747B0000-0x0000000074F61000-memory.dmp
memory/4700-74-0x0000000004ED0000-0x0000000004EE2000-memory.dmp
memory/4700-75-0x0000000004F30000-0x0000000004F6C000-memory.dmp
memory/4700-76-0x0000000004FD0000-0x000000000501C000-memory.dmp
memory/4700-77-0x0000000005120000-0x00000000051EE000-memory.dmp
memory/4700-78-0x00000000747B0000-0x0000000074F61000-memory.dmp
memory/4700-79-0x0000000005300000-0x000000000540A000-memory.dmp
memory/4700-81-0x00000000051F0000-0x0000000005240000-memory.dmp
memory/4700-80-0x0000000005080000-0x00000000050A8000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Kurome.Builder.exe
| MD5 | cf38a4bde3fe5456dcaf2b28d3bfb709 |
| SHA1 | 711518af5fa13f921f3273935510627280730543 |
| SHA256 | c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e |
| SHA512 | 3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc |
memory/556-85-0x0000000000CA0000-0x0000000000CC8000-memory.dmp
memory/556-86-0x0000000005EB0000-0x0000000006456000-memory.dmp
memory/556-87-0x00000000057A0000-0x0000000005832000-memory.dmp
memory/556-88-0x0000000005680000-0x000000000568A000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\Mono.Cecil.dll
| MD5 | de69bb29d6a9dfb615a90df3580d63b1 |
| SHA1 | 74446b4dcc146ce61e5216bf7efac186adf7849b |
| SHA256 | f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc |
| SHA512 | 6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015 |
memory/556-92-0x0000000005DE0000-0x0000000005E3E000-memory.dmp
memory/4700-93-0x00000000747BE000-0x00000000747BF000-memory.dmp
memory/4700-94-0x00000000747B0000-0x0000000074F61000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Builder\stub.dll
| MD5 | 625ed01fd1f2dc43b3c2492956fddc68 |
| SHA1 | 48461ef33711d0080d7c520f79a0ec540bda6254 |
| SHA256 | 6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b |
| SHA512 | 1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665 |
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Loader\Kurome.Loader.exe
| MD5 | a3ec05d5872f45528bbd05aeecf0a4ba |
| SHA1 | 68486279c63457b0579d86cd44dd65279f22d36f |
| SHA256 | d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e |
| SHA512 | b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e |
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Kurome.Loader\Kurome.Loader.exe.config
| MD5 | 9070d769fd43fb9def7e9954fba4c033 |
| SHA1 | de4699cdf9ad03aef060470c856f44d3faa7ea7f |
| SHA256 | cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b |
| SHA512 | 170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518 |
memory/4900-101-0x00000000004B0000-0x00000000006E6000-memory.dmp
memory/4900-102-0x0000000006440000-0x0000000006A50000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\Panel\panel.exe
| MD5 | 1246b7d115005ce9fcc96848c5595d72 |
| SHA1 | fa3777c7fe670cea2a4e8267945c3137091c64b5 |
| SHA256 | f01393937f06be201400703d1dbfb35397c4a5162f16278ba9d9bb63ddcbcc78 |
| SHA512 | 5bf90904cf74a8c3775498578d856dd9f4837077928cd7ce24e4a6ccec00827bcfb28c2079498ba682a4f53204d7ad2bb8de2489005c429dc968e75e26d29101 |
memory/1464-107-0x0000000000400000-0x0000000001470000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mssurrogateProvider_protected.exe
| MD5 | fcbf03d90d4e9ce80f575452266e71d1 |
| SHA1 | 1b067d0e057db189c71b2f7ac4ee2483ebaf0fa7 |
| SHA256 | 2ec28f57e64fee2b2f1a40c78c079672f0dddb84da2a84fe3291bd68a4771a73 |
| SHA512 | 9ce9962f645ab542f135d8560a7095259fe6628afcf598a58dfcf8e96b0d1dfa73e59ce13af3ff97e6c03046634dbd46a278c6535f99f99b3a6051b7bbfcf380 |
memory/1336-175-0x0000000000050000-0x000000000048C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Panel.exe
| MD5 | f4e19b67ef27af1434151a512860574e |
| SHA1 | 56304fc2729974124341e697f3b21c84a8dd242a |
| SHA256 | c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a |
| SHA512 | a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77 |
memory/1336-180-0x0000000000050000-0x000000000048C000-memory.dmp
memory/4888-181-0x00007FFA50570000-0x00007FFA51032000-memory.dmp
memory/1336-187-0x0000000006700000-0x0000000006A62000-memory.dmp
memory/4888-190-0x000000001ACD0000-0x000000001AE70000-memory.dmp
memory/4888-189-0x000000001ACD0000-0x000000001AE70000-memory.dmp
memory/4888-188-0x000000001ACD0000-0x000000001AE70000-memory.dmp
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
| MD5 | 059d51f43f1a774bc5aa76d19c614670 |
| SHA1 | 171329bf0f48190cf4d59ce106b139e63507457d |
| SHA256 | 2eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d |
| SHA512 | a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7 |
memory/4888-206-0x0000000180000000-0x0000000180005000-memory.dmp
memory/1336-210-0x0000000005CC0000-0x0000000005D26000-memory.dmp
memory/4888-224-0x000000001DE80000-0x000000001DFC2000-memory.dmp
memory/4888-217-0x000000001DAB0000-0x000000001DBF2000-memory.dmp
memory/1336-228-0x0000000006D70000-0x0000000006DD6000-memory.dmp
memory/1336-225-0x0000000005EB0000-0x000000000602C000-memory.dmp
memory/4888-255-0x000000001DBE0000-0x000000001DBEA000-memory.dmp
memory/4888-261-0x000000001E650000-0x000000001E9B2000-memory.dmp
memory/4888-263-0x000000001F170000-0x000000001F202000-memory.dmp
memory/4888-284-0x000000001F410000-0x000000001F42C000-memory.dmp
memory/4888-262-0x000000001E9C0000-0x000000001EF66000-memory.dmp
memory/4888-247-0x000000001DBD0000-0x000000001DBDA000-memory.dmp
memory/4888-245-0x000000001DBD0000-0x000000001DBDA000-memory.dmp
memory/4888-243-0x000000001DBD0000-0x000000001DBDA000-memory.dmp
memory/4888-295-0x000000001F430000-0x000000001F5AC000-memory.dmp
memory/4888-242-0x000000001DBD0000-0x000000001DBDA000-memory.dmp
memory/1336-357-0x0000000006EE0000-0x0000000006FE0000-memory.dmp
memory/4984-416-0x0000000000140000-0x000000000057C000-memory.dmp
memory/4984-420-0x0000000000140000-0x000000000057C000-memory.dmp
memory/1336-419-0x0000000000050000-0x000000000048C000-memory.dmp
memory/4888-213-0x000000001DAB0000-0x000000001DBF2000-memory.dmp
memory/4888-212-0x000000001DAB0000-0x000000001DBF2000-memory.dmp
memory/1336-211-0x0000000006A70000-0x0000000006CF6000-memory.dmp
memory/4888-204-0x0000000180000000-0x0000000180005000-memory.dmp
memory/4888-202-0x0000000180000000-0x0000000180005000-memory.dmp
memory/4888-200-0x0000000180000000-0x0000000180005000-memory.dmp
memory/4888-199-0x0000000180000000-0x0000000180005000-memory.dmp
memory/4984-2199-0x0000000000140000-0x000000000057C000-memory.dmp
memory/3724-4126-0x000000001FD00000-0x000000001FF86000-memory.dmp
memory/3724-4125-0x000000001FC90000-0x000000001FCF6000-memory.dmp
memory/3724-4140-0x00000000201E0000-0x00000000201FA000-memory.dmp
memory/3724-4141-0x0000000020200000-0x0000000020818000-memory.dmp
memory/3724-4143-0x0000000020930000-0x000000002096C000-memory.dmp
memory/3724-4142-0x0000000020820000-0x0000000020920000-memory.dmp
memory/3724-4144-0x0000000020970000-0x0000000020982000-memory.dmp
memory/3724-4172-0x0000000020A10000-0x0000000020A4A000-memory.dmp
memory/3724-4187-0x0000000020B00000-0x0000000020BB0000-memory.dmp
memory/3724-4158-0x00000000209B0000-0x00000000209C2000-memory.dmp
memory/3724-4221-0x00000000210D0000-0x0000000021144000-memory.dmp
memory/3724-4238-0x0000000024940000-0x000000002498A000-memory.dmp
memory/3724-4239-0x00000000248F0000-0x0000000024940000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\Panel\RedLine_20_2\FAQ.txt
| MD5 | 53fc20e1e68a5619f7ff2df8e99d42c4 |
| SHA1 | 7a8ddc81d16aaab533411810acfad1546c30dc2f |
| SHA256 | fc7ceb47aa8796614f098406452ea67cb58929ded1d4c6bd944d4d34921bba0b |
| SHA512 | c1ad4f2dfd50528d613e9fe3f55da0bbb5c8442b459d9c3c989b75014c827306f72f2eb6ecbcd92ff11546e12087c09685b12a7dc258c5ea85c15ba5cc002d8c |
memory/3724-4255-0x0000000021CC0000-0x0000000021D5C000-memory.dmp
memory/3724-4256-0x0000000021E90000-0x0000000021EDF000-memory.dmp
memory/3724-4257-0x0000000024B00000-0x0000000024C0A000-memory.dmp
memory/3724-4258-0x0000000021FF0000-0x0000000022020000-memory.dmp
C:\Users\Admin\Desktop\Redline-crack-by-rzt\ReadMe.txt
| MD5 | 0e9ea2262b11db9e8c1656c949da4495 |
| SHA1 | f332749e10817048cea5e1584edf5e88f47024eb |
| SHA256 | ad8361226621c8261d69e1202e7f9831a00f3bb6549d77219d5deb0e8a6cbde6 |
| SHA512 | 00aae0c559823ff27ca8af431d24d4fe8a3f4683b0d776a80fb14a96d82030cedf6ec1ddf2efd7fc229e2c2b3ab3ac0b15326dc1912cdd07932ec7ff8f80975c |
memory/3724-4278-0x0000000021E00000-0x0000000021E22000-memory.dmp
memory/3724-4279-0x0000000026150000-0x00000000264BC000-memory.dmp
memory/3724-4294-0x0000000021E30000-0x0000000021E48000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Panel.exe.log
| MD5 | fa2242a848c015e90751992478acf1b0 |
| SHA1 | 9b54d26e4c0630490ab230b9d15119d036c3398f |
| SHA256 | 0b71c524f4b9a3964104689ba24c413a0811e83d1071a2bb066b66c91053f147 |
| SHA512 | 69d1962db48657f3c8b24e79a7846aa0e4fcfc2b27c3675915a7906913c897dff0e91bd06634615d6c5b62c4afae41827d7fa1944f84d11f8a731bab1cf7629b |
memory/3860-8280-0x0000000024B90000-0x0000000024BDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\serviceSettings.json
| MD5 | a0ef190d1ff273dcd337831f3c64bcbe |
| SHA1 | 357455f938663bdaa9d8c33f87b17eba4cbcecb9 |
| SHA256 | f796624293b2fe3db8f4734b1fc88dc61ade5f21d524d62e6d8cd0981de25031 |
| SHA512 | 3ea18e455a70104ac68b82fc16b61f43d20c46cc827b32911d09a0157fded9bacc2b2bdf5b45431b7b5e640994d7637b12e380189cef743fdc34fd6d039bac9f |
C:\Users\Admin\Desktop\build.exe
| MD5 | ca8b99c9d67aee4b846581461ec6bb2b |
| SHA1 | 7c0fd208b99bc69aaf003693aeafbe73cde4658f |
| SHA256 | d53b5ccdc46e2575b7c917ae6414b93028b9fe4df2deda7107a7a470080a9f3a |
| SHA512 | 027f3e669560a0668706665101bfb7ca258943f80cc660085428516015fb7a106266b34334afabfd95bf43c348d53d2fe6f9cbf7a6a737314d19524e4bc36a83 |
memory/3124-8334-0x00000000004E0000-0x00000000004FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 346086ede8fbeb44b1a9e1444e59dcb1 |
| SHA1 | 55f474b18256d4d548307f462021ddf527c7b99c |
| SHA256 | 18edfd8a26c67e1512749ebc6c28da15f1297738b7462615a8a9ef25477cfa07 |
| SHA512 | cfd75aa1fde8ace0ad449bd8971d65356ab4261a888cff8a0c99286202d905549a18f28d7d02c97d4fa0a33739e0bff6208928999a89fe88ea6f86fe023c6ee2 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Kurome.Builder.exe.log
| MD5 | dbbe8c484909b919340d7313bd994ae9 |
| SHA1 | 1183ce1f0d152dba87105d00f888353466f2cd50 |
| SHA256 | 2f651319ffe35d3b46360918df7fe5427231fa7e19c3ff75fe54a8ca2bfafa84 |
| SHA512 | 3a9e59f3138e2b17d6a1886081c6ba9c650d0c5d36e4b25477ae288ab265cc5f67a193558887bbf37817772f704853eb9ddb6555bf283af093cfd05b7d363ae1 |
C:\Users\Admin\AppData\Local\RedLine\@shadow_Path_ytoebgxjgkj3gjhngbhnmj3jxmiefwvd\0.0.0.0\user.config
| MD5 | 49d87cb1cb0b2e659129e320a6ccb525 |
| SHA1 | c6ab61960211bc624984fab309c1c3fc8939477e |
| SHA256 | f89b9eef021271a5339fb32d11f3965958f1c80d793ef3e88e9f56091e139fc1 |
| SHA512 | 7cabf73dd6498df0a06f06987a33d61a406e1fec6fbede7791e209c8dc760cf6b0ef67e5cb12309ea426551fd9ee6b3d3e86f2c348b0099d107e73dda9adba7f |
C:\Users\Admin\AppData\Local\RedLine\@shadow_Path_ytoebgxjgkj3gjhngbhnmj3jxmiefwvd\0.0.0.0\user.config
| MD5 | d35ff673d800139be08ca693b7258011 |
| SHA1 | d4f7cc63ba5b6c931c9a405f7ff9678f8191c04d |
| SHA256 | d0bebdd1e9c474fcb6948e15e22dc634da489e57401770b85933bc8c9abd15a0 |
| SHA512 | fcb862f6888c7b2cd6782bb2c65aa6b56e857c5e31fce59796c72569f071261379b8fda8862ff83af4b0cb5729c96abdcc3943a08a3a026bd54e9d1693410281 |
memory/5172-8661-0x00000000009F0000-0x0000000000A0E000-memory.dmp
memory/5172-8662-0x0000000006E20000-0x0000000006E50000-memory.dmp
memory/5172-8675-0x00000000074A0000-0x0000000007662000-memory.dmp
memory/5172-8676-0x0000000007BA0000-0x00000000080CC000-memory.dmp
memory/5172-8677-0x0000000007920000-0x0000000007996000-memory.dmp
memory/5172-8678-0x0000000007A80000-0x0000000007A9E000-memory.dmp
memory/3860-8688-0x000000001E050000-0x000000001E05A000-memory.dmp
C:\Users\Admin\AppData\Local\RedLine\@shadow_Path_ytoebgxjgkj3gjhngbhnmj3jxmiefwvd\0.0.0.0\user.config
| MD5 | 0831c61495e5e521cf28350b64128bb1 |
| SHA1 | 49b29ca205d911d9e54e0274801c0f02ca6df905 |
| SHA256 | e02842c6651862e01c654e814fe9e02db2487f81f6f08942d545d66b4d42e1c1 |
| SHA512 | ede6b0d19ff0768723a9214e0509df36eb2eda9d8ca70dea2aca56a01a2d7ec7f415f41dd5153bd4bacbd14e0cfa02fa0488a04d0dfcb90f3a804c03948ba13b |
C:\Users\Admin\AppData\Local\RedLine\@shadow_Path_ytoebgxjgkj3gjhngbhnmj3jxmiefwvd\0.0.0.0\user.config
| MD5 | 701f915779e9242cf5a0f72673d35b79 |
| SHA1 | 0c9ecbb251eafb35b9ced95f960634834db1f032 |
| SHA256 | 925577bde7aa7688cf5b13cfa96ae10d7441fd6eefa5bf857121c7943b77a2ca |
| SHA512 | 07949e86a7977e970c19a4af08f5121e7163ebef54141336a231fcdb59e916aaf0f5685346efc9fd43aed8d9557e4ff9528e9d755f4f0ff75c2e75438a9668c1 |
C:\Users\Admin\Desktop\New folder\GB[1996F3479105558F613CB87EDB6E18A4] [2024-11-01T21_26_46.0169245]\FileGrabber\Users\Admin\Documents\ComparePing.docx
| MD5 | 4f722e234d2cd469510142146e40574e |
| SHA1 | 3a56fb588bb6c775c432fc69c75bd0b322cfc9ff |
| SHA256 | 1c95bd0031e5f66fcf1765fb75b3efb09cba160f7fe1fae635cca830af0716c9 |
| SHA512 | ffe4200ba9165aec4e32b1be669933d372aa584678f42270f83dae391916c8a48238c76dc26eb48d017ebefdbd2d0b0fda4bf84150603f24b4a31d411a09c875 |
C:\Users\Admin\Desktop\New folder\GB[1996F3479105558F613CB87EDB6E18A4] [2024-11-01T21_26_46.0169245]\FileGrabber\Users\Admin\Documents\ReadJoin.docx
| MD5 | 53b40bf93adda06f18baa3d56b64f293 |
| SHA1 | fbef184a8899b9d6c33ef288d1d14d2d6690a05f |
| SHA256 | 6cefc8f3c61a87ddc9526b68adaa8e652a3df0a47217765fc541bf1665d67cb9 |
| SHA512 | e23f417a4795cbefa23ae180fef2f910540b8ae32c69ad96bb7d0385dc2a22844d8ecf52e34dd65a8f926ec6c9e5dfb78168f1f28342e722bfeac9ea04d2d242 |
C:\Users\Admin\Desktop\New folder\GB[1996F3479105558F613CB87EDB6E18A4] [2024-11-01T21_26_46.0169245]\FileGrabber\Users\Admin\Documents\AddBlock.docx
| MD5 | c4c9a3d309b8a2141fa78dba0955ea1a |
| SHA1 | 6c2cc057c135cf1041946dda03fd486945e41db9 |
| SHA256 | 48ad67699d26274d89517195d0606d832ac928e583fc7d64e3433279b2bc77d3 |
| SHA512 | 1f38ecec41cc04a9419d399ab8bb4d2615c2bbe71af4e459ced3a6a821b7a1f7697b86be841bf5a505de6c97068c35850643af47c69b877148e92e6afd946364 |
memory/4204-8901-0x0000000000140000-0x000000000057C000-memory.dmp
memory/4204-8902-0x0000000000140000-0x000000000057C000-memory.dmp
memory/4204-8904-0x0000000000140000-0x000000000057C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5a910edc-af4b-4d69-94ee-725c9a23ab83.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dcf4c0d0d7c5568caf03a63f506e753c |
| SHA1 | 80f8f96846a6dcf7ac844582677940271b928755 |
| SHA256 | 0f6669676689a5868da423b7c25450b03d51995ceb2015dd188477d21925d74c |
| SHA512 | b7f0cdf6fb25a62d7b8510541753dcb241620eb522a68aad3ea45895d9c6c163e24bc3c007bf51b783581b7b29b74371d03cabc67af1ff9bd6f640ecfb48e9d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c2d9256df52bafb9bb4a6578e8e0044 |
| SHA1 | dff19f1cf49b2db2c3ca5b4d541950d84d4aa423 |
| SHA256 | e8659a08eb1b75e671834e3eb3f3f4d3de603687bb8625a41ea34986593e4583 |
| SHA512 | ac3194ea36288b894e4476a7c7c74368d2dea8a6db85281e2e7da821d9ba48cc7b8f10d17215bdbbe83e03f58a17f38e019be326178410b5cdcb90613406f3b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d2e3f06084345e1f8d4cbb488fa80069 |
| SHA1 | fb0768a55428cda917d1449c8045a03325044bb3 |
| SHA256 | b8f936a9379b5ec0384309ac4e74940e719a0c45cd34dfc89a7c021dfc74eafb |
| SHA512 | 727e4f44d3654efe52931640ceda435f265dc9091dbdb989b7765a9431251933ee604cbf7479be30653d4a2fd267dc2fad76947ca5bce12abb9a3321ba0398b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 392ae723631ca7c3f0e6b9b1d73a7d8f |
| SHA1 | 1d04abcd4955fc7fa370b6c5ee4e6fdc5eb920e1 |
| SHA256 | cd334faf27788b1d22e76501c84c8836ed55386317fc909c7bc1b64b34442d61 |
| SHA512 | 0c9fabe4987283d0a238f23d98bfeaa0f45a82509310cb574142cd9070d2c80a746766a52ac4a6b3b9288d8bd59720d4a0acba9ab5c590d5cc2153d9c6cea907 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ca45d265d4170b3fe7f2090fa847311 |
| SHA1 | 01df6ee5a07af322493fd76372c4311aed84e9a6 |
| SHA256 | 0009e95b9cbfadd1c58ffe6f1cb68d0618bf9dd9d8d4b56d073cbbda7e770bed |
| SHA512 | 299c1a1b08faa9b20b2f7021ac3cd0a6d6fc4f30ce71ef3ccd4f43d15bfd85e196beb0df546fe03699881b84b7717950e8a22ea80d7b324392a16cb92de243a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d27fe7a89795ad63758cee86a85871c0 |
| SHA1 | c2d9f22ec91b5e3a3f9b3e91c531aab2663d48ba |
| SHA256 | f9e3210d34f040e3a1ad228a6ab31267c89c993a39b9d82b1eefa0445a697ef6 |
| SHA512 | 5af40c6d9647e19a5c028562af4e0cda4085755da9dcec89c75d88167e532495c85bcc273a20422941dc99ddc3a10ed5a1dc787e412d55cf2943b2c72e19d449 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6288e19b4ad394c900638c41d0fa4a6 |
| SHA1 | e9fc754a0f5537a656bef8502b685b136803281a |
| SHA256 | dc44a509f0ff6e22dce5ff145d309caef2966917850d48f7ac55569c1dae8988 |
| SHA512 | d29235b9c00a21d9a3f65783936e620aa3bc78cab4caf95f2999ea6aa6907bd0026ddcca31b2b395c57ebd1b7eec6ada8818fb082495877fd11eef373a9e54fc |