Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.upload.e...

windows10-2004-x64

10

Analysis

  • max time kernel
    599s
  • max time network
    595s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2024 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.upload.ee/files/15813082/REDLINE_STEALER_V20.2_-_CRACKED_EDITION.zip.html

Score
10/10
redlinesectopratdiscoveryinfostealerpersistenceprivilege_escalationratspywarestealertrojan

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 10 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 45 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Opens file in notepad (likely ransom note) 4 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.upload.ee/files/15813082/REDLINE_STEALER_V20.2_-_CRACKED_EDITION.zip.html
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1efb46f8,0x7ffc1efb4708,0x7ffc1efb4718
      2⤵
        PID:4560
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        2⤵
          PID:4392
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3472
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
          2⤵
            PID:1484
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:812
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:2596
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                2⤵
                  PID:4060
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                  2⤵
                    PID:1060
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                    2⤵
                      PID:2804
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
                      2⤵
                        PID:4456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                        2⤵
                          PID:4352
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
                          2⤵
                            PID:2236
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2192
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                            2⤵
                              PID:3484
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                              2⤵
                                PID:2284
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6328 /prefetch:8
                                2⤵
                                  PID:1620
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                  2⤵
                                    PID:1904
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                                    2⤵
                                      PID:4656
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                                      2⤵
                                        PID:1612
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                        2⤵
                                          PID:2852
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
                                          2⤵
                                            PID:64
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
                                            2⤵
                                              PID:5368
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6268 /prefetch:8
                                              2⤵
                                                PID:5452
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
                                                2⤵
                                                  PID:5688
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5932
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:6072
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1290000908955645985,1021114666861162066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6312 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5848
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:2676
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:548
                                                  • C:\Windows\System32\rundll32.exe
                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                    1⤵
                                                      PID:5256
                                                    • C:\Program Files\7-Zip\7zG.exe
                                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\" -spe -an -ai#7zMap1224:140:7zEvent12618
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:116
                                                    • C:\Program Files\7-Zip\7zFM.exe
                                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION.zip"
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5936
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Kurome.Builder.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Kurome.Builder.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:4888
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Host\Kurome.Host.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Host\Kurome.Host.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:2012
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Loader\Kurome.Loader.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Loader\Kurome.Loader.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Windows directory
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:2508
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe"
                                                      1⤵
                                                      • Checks computer location settings
                                                      • Executes dropped EXE
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1856
                                                      • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe
                                                        "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe" "--monitor"
                                                        2⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:5932
                                                        • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe
                                                          "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe" "auth" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAygTvc7fGkk2HnyPrZuq/igAAAAACAAAAAAAQZgAAAAEAACAAAABPkC5yDnvwfwNBktpfwOPN962dcEOqdJujN3UQOO7F+gAAAAAOgAAAAAIAACAAAACQH2J1ndkofXUYMLb+xjxryhI/NfFytPkPWIuOpj6AaBAAAACzQiugfz7Js6xdl0qTGG+8QAAAAIF4a5KaCk1Kp7muiCD0MZIclYFjWaxIrwnDxRWrNiuwRahpP2flqcs5v+Ohj79OxcXWRoNw0ycvGsOXF56Y+eQ=" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAygTvc7fGkk2HnyPrZuq/igAAAAACAAAAAAAQZgAAAAEAACAAAAA7Ixb68ddAhmmKma55Q/1kmF5UHXueaxmzpWhUIPb42QAAAAAOgAAAAAIAACAAAAC4zDyWqk4+GZBX+s84lGoOeqvNjF4NRlX5DFlg8S2cnhAAAADEKhGhOwPTbjPDUOnj1wy6QAAAAPxrUtgdwJnCP88TbCw/Lb+F2VTkPGnrEvFPuuP9vzoF+RBmcWeuTlpsH1PwifXqtt8aZiR+gHyUjebCBc4PWyg="
                                                          3⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4884
                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe
                                                            "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe" "auth" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAygTvc7fGkk2HnyPrZuq/igAAAAACAAAAAAAQZgAAAAEAACAAAABPkC5yDnvwfwNBktpfwOPN962dcEOqdJujN3UQOO7F+gAAAAAOgAAAAAIAACAAAACQH2J1ndkofXUYMLb+xjxryhI/NfFytPkPWIuOpj6AaBAAAACzQiugfz7Js6xdl0qTGG+8QAAAAIF4a5KaCk1Kp7muiCD0MZIclYFjWaxIrwnDxRWrNiuwRahpP2flqcs5v+Ohj79OxcXWRoNw0ycvGsOXF56Y+eQ=" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAygTvc7fGkk2HnyPrZuq/igAAAAACAAAAAAAQZgAAAAEAACAAAAA7Ixb68ddAhmmKma55Q/1kmF5UHXueaxmzpWhUIPb42QAAAAAOgAAAAAIAACAAAAC4zDyWqk4+GZBX+s84lGoOeqvNjF4NRlX5DFlg8S2cnhAAAADEKhGhOwPTbjPDUOnj1wy6QAAAAPxrUtgdwJnCP88TbCw/Lb+F2VTkPGnrEvFPuuP9vzoF+RBmcWeuTlpsH1PwifXqtt8aZiR+gHyUjebCBc4PWyg=" "--monitor"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:892
                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\FAQ.txt
                                                      1⤵
                                                      • Opens file in notepad (likely ransom note)
                                                      PID:5540
                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\ReadMe.txt
                                                      1⤵
                                                      • Opens file in notepad (likely ransom note)
                                                      PID:4752
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Loader\Kurome.Loader.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Loader\Kurome.Loader.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Drops file in Windows directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:6008
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Host\Kurome.Host.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Host\Kurome.Host.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      PID:4764
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Tools\NetFramework48.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Tools\NetFramework48.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1292
                                                      • F:\f4a64d8d495ba2cc3c3b3e0dd6\Setup.exe
                                                        F:\f4a64d8d495ba2cc3c3b3e0dd6\\Setup.exe /x86 /x64 /web
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • System Location Discovery: System Language Discovery
                                                        • Checks processor information in registry
                                                        PID:812
                                                    • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Tools\Chrome.exe
                                                      "C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Tools\Chrome.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1956
                                                      • C:\Program Files (x86)\GUM2D4C.tmp\GoogleUpdate.exe
                                                        "C:\Program Files (x86)\GUM2D4C.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={147E1A31-5E49-ACD4-7646-E2EE6FA22B56}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
                                                        2⤵
                                                        • Event Triggered Execution: Image File Execution Options Injection
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Drops file in Program Files directory
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies Internet Explorer settings
                                                        • Modifies registry class
                                                        PID:3964
                                                        • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                          "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:844
                                                        • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                          "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:3600
                                                          • C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:5276
                                                          • C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:1904
                                                          • C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe"
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:4208
                                                        • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                          "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC4xMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM0LjExIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezZFM0JDNjYwLTgzRUItNDQ2RS1BQjU5LTk2OTZEMTVCRjY1RX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntDOThDNkE5Qy05NjgwLTQ4M0ItOEZCQy1DNjMyRDM2NTJGNjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zNi4zNzEiIG5leHR2ZXJzaW9uPSIxLjMuMzQuMTEiIGxhbmc9InJ1IiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7MTQ3RTFBMzEtNUU0OS1BQ0Q0LTc2NDYtRTJFRTZGQTIyQjU2fSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI4NTkiLz48L2FwcD48L3JlcXVlc3Q-
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                          PID:4916
                                                        • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                          "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={147E1A31-5E49-ACD4-7646-E2EE6FA22B56}&lang=ru&browser=3&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{6E3BC660-83EB-446E-AB59-9696D15BF65E}"
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          PID:3168
                                                    • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Drops file in Program Files directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5644
                                                      • C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\131.0.6778.86_chrome_installer.exe
                                                        "C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\131.0.6778.86_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\guiAF6D.tmp"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:5348
                                                        • C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe
                                                          "C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\guiAF6D.tmp"
                                                          3⤵
                                                          • Boot or Logon Autostart Execution: Active Setup
                                                          • Executes dropped EXE
                                                          • Drops file in Program Files directory
                                                          • Modifies registry class
                                                          PID:2420
                                                          • C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe
                                                            "C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff79d045d68,0x7ff79d045d74,0x7ff79d045d80
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Drops file in Program Files directory
                                                            PID:4572
                                                          • C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe
                                                            "C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:5712
                                                            • C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe
                                                              "C:\Program Files (x86)\Google\Update\Install\{C5E15996-C692-4CF2-A085-D2E56DBEEE1B}\CR_518BA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff79d045d68,0x7ff79d045d74,0x7ff79d045d80
                                                              5⤵
                                                              • Executes dropped EXE
                                                              PID:4448
                                                      • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC4xMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM0LjExIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezZFM0JDNjYwLTgzRUItNDQ2RS1BQjU5LTk2OTZEMTVCRjY1RX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntEQzM0ODUyMi04MkNDLTRCMTctOUE2NC00RjYzQkI4M0IzRjR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzQy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjY3NzguODYiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InJ1IiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNTUiIGlpZD0iezE0N0UxQTMxLTVFNDktQUNENC03NjQ2LUUyRUU2RkEyMkI1Nn0iIGNvaG9ydD0iMTpndS9pMTk6IiBjb2hvcnRuYW1lPSJTdGFibGUgSW5zdGFsbHMgJmFtcDsgVmVyc2lvbiBQaW5zIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL2VkZ2VkbC5tZS5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL2FkbWd4bHQ0ZDVjNXJjdG5venczd3pwaHcyd3FfMTMxLjAuNjc3OC44Ni8xMzEuMC42Nzc4Ljg2X2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSIxMTYxMTk0MDgiIHRvdGFsPSIxMTYxMTk0MDgiIGRvd25sb2FkX3RpbWVfbXM9IjIzOTg4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTA5MCIgZG93bmxvYWRfdGltZV9tcz0iMjQ4NzkiIGRvd25sb2FkZWQ9IjExNjExOTQwOCIgdG90YWw9IjExNjExOTQwOCIgaW5zdGFsbF90aW1lX21zPSIzMDkzMiIvPjxkYXRhIG5hbWU9Imluc3RhbGwiIGluZGV4PSJlbXB0eSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • System Location Discovery: System Language Discovery
                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                        PID:5452
                                                    • C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe
                                                      "C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe" -Embedding
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1772
                                                      • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4048
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
                                                          3⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • Drops file in Program Files directory
                                                          • Enumerates system info in registry
                                                          • Modifies data under HKEY_USERS
                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                          • Suspicious use of SendNotifyMessage
                                                          PID:4804
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=131.0.6778.86 --initial-client-data=0xfc,0x100,0x104,0xd4,0xe0,0x7ffc0c58fd08,0x7ffc0c58fd14,0x7ffc0c58fd20
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3932
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=1988 /prefetch:2
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:2264
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2236,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:4320
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2392,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3088
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3292,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=3332 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:5496
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:5908
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4104,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:2
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:1568
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4756,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:5260
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4896,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:1
                                                            4⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:4668
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5560,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:5344
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=728,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3612
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4352,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=1060 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:1568
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5584,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:6080
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4460,i,3620748562970455175,5699363353963083604,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:4620
                                                    • C:\Program Files\Google\Chrome\Application\131.0.6778.86\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\131.0.6778.86\elevation_service.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:1184
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:5504
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                        1⤵
                                                          PID:5572
                                                        • C:\Program Files\7-Zip\7zG.exe
                                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\" -spe -an -ai#7zMap11267:140:7zEvent16115
                                                          1⤵
                                                            PID:4072
                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\ReadMe.txt
                                                            1⤵
                                                            • Opens file in notepad (likely ransom note)
                                                            PID:6028
                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\ReadMe.txt
                                                            1⤵
                                                            • Opens file in notepad (likely ransom note)
                                                            PID:4944

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Reconnaissance

                                                          Resource Development

                                                          Initial Access

                                                          Execution

                                                          Persistence

                                                          Boot or Logon Autostart Execution

                                                          1
                                                          T1547

                                                          Active Setup

                                                          1
                                                          T1547.014

                                                          Event Triggered Execution

                                                          2
                                                          T1546

                                                          Component Object Model Hijacking

                                                          1
                                                          T1546.015

                                                          Image File Execution Options Injection

                                                          1
                                                          T1546.012

                                                          Privilege Escalation

                                                          Boot or Logon Autostart Execution

                                                          1
                                                          T1547

                                                          Active Setup

                                                          1
                                                          T1547.014

                                                          Event Triggered Execution

                                                          2
                                                          T1546

                                                          Component Object Model Hijacking

                                                          1
                                                          T1546.015

                                                          Image File Execution Options Injection

                                                          1
                                                          T1546.012

                                                          Defense Evasion

                                                          Modify Registry

                                                          2
                                                          T1112

                                                          Credential Access

                                                          Credentials from Password Stores

                                                          1
                                                          T1555

                                                          Credentials from Web Browsers

                                                          1
                                                          T1555.003

                                                          Unsecured Credentials

                                                          1
                                                          T1552

                                                          Credentials In Files

                                                          1
                                                          T1552.001

                                                          Discovery

                                                          Browser Information Discovery

                                                          1
                                                          T1217

                                                          Query Registry

                                                          5
                                                          T1012

                                                          System Information Discovery

                                                          5
                                                          T1082

                                                          System Location Discovery

                                                          1
                                                          T1614

                                                          System Language Discovery

                                                          1
                                                          T1614.001

                                                          System Network Configuration Discovery

                                                          1
                                                          T1016

                                                          Internet Connection Discovery

                                                          1
                                                          T1016.001

                                                          Lateral Movement

                                                          Collection

                                                          Data from Local System

                                                          1
                                                          T1005

                                                          Command and Control

                                                          Exfiltration

                                                          Impact

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateSetup.exe
                                                            Filesize

                                                            1.1MB

                                                            MD5

                                                            92cfeb7c07906eac0d4220b8a1ed65b1

                                                            SHA1

                                                            882b83e903b5b4c7c75f0b1dc31bb7aa8938d8fa

                                                            SHA256

                                                            38b827a431b89da0d9cdd444373364371f4f6e6bf299e7935f05b2351ca9186c

                                                            SHA512

                                                            e2ee932f5b81403935a977f9d3c8e2e4f6a4c9a1967b7e1cf61229a7746a24aae486ac6b779fb570f1dff02a3ff30107044f0427ce46474b91d788c78c8fcfbf

                                                            Download Submit

                                                          • C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
                                                            Filesize

                                                            450KB

                                                            MD5

                                                            cdbe4728d075ca5050b3b9fa7138f8b8

                                                            SHA1

                                                            f4e9c3646e948ae324f85d32c1adb4fbc880242f

                                                            SHA256

                                                            051c42124192595ec6d22577e4870fad2a8ac52f04a43cb77372a99d48a9b718

                                                            SHA512

                                                            7c7c11e5c7a8e91f3b361ce1dd4db230b1fc2c82c1dfc99d8771632fbb77c353a142dab34ca0322357b73c44cb0432e610e4a510df35e63cc34feaf4e91c847c

                                                            Download Submit

                                                          • C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                            Filesize

                                                            151KB

                                                            MD5

                                                            82f657b0aee67a6a560321cf0927f9f7

                                                            SHA1

                                                            703175455354cdbd4244668c94704fee585a9228

                                                            SHA256

                                                            794cf7644115198db451431bca7c89ff9a97550482b1e3f7f13eb7aca6120a11

                                                            SHA512

                                                            5407eac0dc840aee05265bdc0810865890fed09d7b83ff0dc3f3e4ed4a322a3716710c35208fe8a95ffb0ab2a051e5305825c3251ceb2dd7e0cde6e9cc4f97c2

                                                            Download Submit

                                                          • C:\Program Files\Google\Chrome\Application\131.0.6778.86\Installer\setup.exe
                                                            Filesize

                                                            5.8MB

                                                            MD5

                                                            288b7ac41c7aee8f1eb192faae30b665

                                                            SHA1

                                                            5c48a395de873d25313a7b1a6191a7a9fb0387fe

                                                            SHA256

                                                            e92a14f9bbe4da7405002b4803740d69e96d0a29a2944513d503b89f2faa46c9

                                                            SHA512

                                                            880e087fa5b3cc8b758de49580a6c8821b3dc7b52d9c1fbb077268a1042df85ae4043a73b14586c60f82e0af483646ea3f10b1b7f071535a5bdd6f73bb77353b

                                                            Download Submit

                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping4804_1057225532\Filtering Rules
                                                            Filesize

                                                            72KB

                                                            MD5

                                                            c6af15da82a8a9172fc9cafc969de4f9

                                                            SHA1

                                                            81f477e181036d551ef6f09cb875c6b280bebe00

                                                            SHA256

                                                            782009d9765c6104a1b4d1eac553834e7e399d749a082ead42bb47abb42895b5

                                                            SHA512

                                                            f541cb1703a0bd31fcb6e293acbc6e20f73b365ff8d2270a6d44780e9d5731b8d7803aecacd49d73e0da065dd1026c9fa95f9cad2bf0776ce1e2c3c9fca052c6

                                                            Download Submit

                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping4804_1057225532\manifest.json
                                                            Filesize

                                                            114B

                                                            MD5

                                                            3ee731d0e5bfb74cacb3d9e2dfdc7768

                                                            SHA1

                                                            ee15cb60213bb402fd90308f0f67d7b6160c9751

                                                            SHA256

                                                            5dbf79f09d999ea982d90df45eb444ebf66a0c700e51d4c9856afbe7326e9d69

                                                            SHA512

                                                            f38e3fedd392f9b273565cbe321a56051edaf48db75a0ebb539d57e8d1238d4bac41e973f037395f9c5d4a189df5e68726ed2c000134fc36bb7e7295c9a779c1

                                                            Download Submit

                                                          • C:\Program Files\chrome_Unpacker_BeginUnzipping4804_810587605\manifest.json
                                                            Filesize

                                                            95B

                                                            MD5

                                                            e53e4e822be5b02d30ad763632ed201d

                                                            SHA1

                                                            d2e64af78dd8cf290b4f035d2d52991409efaf5a

                                                            SHA256

                                                            a82d8a4c8705904bc72b274f804199692e39f900934b0a1f4d3197e22bdc5eae

                                                            SHA512

                                                            8bce59e87685e13078fbf0a29d25b2ba42bf61a9215d02d995f75f81ae1928967a8a502295f2d17414b8f3a2b1ba6de21e0de875b9ef2353ed999ef6ad58bcda

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\9352\crl-set
                                                            Filesize

                                                            700KB

                                                            MD5

                                                            1927992257326573691d9e9b77e82bb1

                                                            SHA1

                                                            381bf56dc300592d3dfa5ea0f23ffd72582de845

                                                            SHA256

                                                            bbd82c76eb6eefbe4c665d07407f75c67e7e62ab5b453170891c8da792c8811f

                                                            SHA512

                                                            4c03f10692b67a1ca7eb3937db3533c13f8ad3f264181a6b1ff33260ca9d1760c2644de51a79efa867ff5bc1e33f4093691e58a87c3f27d68d5e2a7e0ce506f7

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                            Filesize

                                                            414B

                                                            MD5

                                                            72c267692ae9fcdc756f23a9228d7121

                                                            SHA1

                                                            e6e5f1f703ece80980ab93ecd9b74da54df52241

                                                            SHA256

                                                            dc19bdb465e2b9c5c4cbde974a017ea08fc1bbbe615a3dcf0d5e3752a5183d73

                                                            SHA512

                                                            edcf55593981a3d77d0f69586362c5020b471337026b967bbb6696847ae3c293fdc7df811f9c4fe308489feffd1d78a26281a36a370c42c2505fd5bf83eb1745

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            96B

                                                            MD5

                                                            8dd0932adceb4bbdf52289a6781c547c

                                                            SHA1

                                                            fd20ae447c4fa77c51421364dfcb13266c8bdab9

                                                            SHA256

                                                            4d35561f0697e9b01cc6b0077575382922ef03077e983df813866d15c0ea07c2

                                                            SHA512

                                                            04c63ed1d5ef31a5437520aaa5dafa676bebeb1aecb97be06a1a2af47fb6c951245f823c3180eceb86ed617daded3ea1d5f556e88ba478ff7b03b7b1036d2db9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
                                                            Filesize

                                                            192KB

                                                            MD5

                                                            505a174e740b3c0e7065c45a78b5cf42

                                                            SHA1

                                                            38911944f14a8b5717245c8e6bd1d48e58c7df12

                                                            SHA256

                                                            024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

                                                            SHA512

                                                            7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            1cfe1c7a23c6723ebff97dd23eabd09c

                                                            SHA1

                                                            baee8480ea8459ee0288a0f1e983bdd6609d69f4

                                                            SHA256

                                                            571185277ba21c0c480ccd85ba18c4ad452cdaeff82075a5296c1f13dc258b44

                                                            SHA512

                                                            3179a0dd213356347afa5c396b5e6d81af1c5d941b24f469abce355d46d3eb9b471a0df3658cf7e6e980c1537b274ad924f8cfe9a0e6c53cd01d3c09e7e7ba9d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                            Filesize

                                                            2B

                                                            MD5

                                                            d751713988987e9331980363e24189ce

                                                            SHA1

                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                            SHA256

                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                            SHA512

                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                            Filesize

                                                            356B

                                                            MD5

                                                            e253820daffd852dbff0c75b07101fea

                                                            SHA1

                                                            a260f334fa5b9f08d639bb8d9d432bca4b35ad74

                                                            SHA256

                                                            c01f8dd384bf232e9103f6e652a2562bb5ec2c9aeb09b92218da53615700f9b6

                                                            SHA512

                                                            fdc97cc28d77b0a0be0c8caa1c16eebcfc8bedd87e35e97c5e9878f837a35a23b63d5d5bc332dd1e6770e3676f123153896c29d58ff60bd3805d3e3f11b5ef4f

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            e34b25b50606bb6ae0f255a7f0b5191d

                                                            SHA1

                                                            18468e3ed5b9dc6d075cd3972e8cb70d2680be42

                                                            SHA256

                                                            f63b2190f228a3e82cd9d34c22c50d5a830f51ecd585e2f3e21f8e49a84b59d2

                                                            SHA512

                                                            9266722e2eb35a96da9a4f095ceac0fd029fa52bde137e5f10499c5949cdbadc28cb1a05940a81690a9930378a8e14b04059f7e222c8c3c896d175e8d5e7ab72

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                            Filesize

                                                            15KB

                                                            MD5

                                                            5187d30b204ed0462ab83271de4e5723

                                                            SHA1

                                                            6fbc475ef6559ae76adfbc10ff6ea399a072fef6

                                                            SHA256

                                                            32c0cc09e340f069635617eda8275b09c79a3eb4e083fb43a3e956af0e73673d

                                                            SHA512

                                                            8197460223be85054abffea8e713fbbb16af08a73393445bb4191b8a6ea76ba94767636e69832c9988abbdfafa7d83fe5dec96827b050907f67535533012fe78

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb
                                                            Filesize

                                                            38B

                                                            MD5

                                                            3433ccf3e03fc35b634cd0627833b0ad

                                                            SHA1

                                                            789a43382e88905d6eb739ada3a8ba8c479ede02

                                                            SHA256

                                                            f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

                                                            SHA512

                                                            21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            116KB

                                                            MD5

                                                            e30d84da98780f817ec2df8684265376

                                                            SHA1

                                                            2f6857cbbd0559729b91f8dbb74cc18969808c95

                                                            SHA256

                                                            c5ab89c22f8d7f1bff6f4770c18764a0a24c52a6ae940d0ce7e116e420ebb28c

                                                            SHA512

                                                            bdf0655475797811de81f11438de6355815b591e341bf090970c3894809a8b401a99801b620c7061af5b3862fd9b133c68ccb38c7bfe82baa6790d49bd987bf0

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            198KB

                                                            MD5

                                                            af8329b426f9a552926d84aca56bd491

                                                            SHA1

                                                            3fa0da1d7f4f6ef885c68f4570d1e95fed3911dd

                                                            SHA256

                                                            20dee321e41e3854f6c5b4e8872531b3a95499417951154b8fd4e41296b56b79

                                                            SHA512

                                                            96257c54a5dbb7a042eda20f283d6d519ef9b6d026cfdfce97d574215b3af7c5392df6ff701a41ec205841af08d79cbe41a54e3e24f199b96a43243dc1b04835

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            201KB

                                                            MD5

                                                            7ff73068faf2733f96d6f3661baf9aa1

                                                            SHA1

                                                            1895f3580ad88bef5df9714aa123ec83774dce4a

                                                            SHA256

                                                            b09012b7a2c5a9e3eede9ab96d3d072ade7b65932220e7fc5dcb625c64990a4b

                                                            SHA512

                                                            bc4286f2123dfa2994278f66e928ca1cbe3da36c4ab4b698f32a99b59a77229a8c8a2706e18e44b9164346a770c007a5648a7fa71e5cfca873ed812fec7d35f7

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            115KB

                                                            MD5

                                                            4077ea9106d58c4ff32fbb3aa406a636

                                                            SHA1

                                                            f4ee15b8e01d4882d6dd5fa3c9d3e5205c046c9d

                                                            SHA256

                                                            b4f2531f6b2fbafca257c5390e4cbcb93036720a06cbb2f845ba630cc11466cf

                                                            SHA512

                                                            58f9d9c0c1953cfae2426744c89e1a01411c21ca76b62d5e4f2bd231922d7c1378a6e74f250c188b3eea4d7c8205f683f28eea6bd3fc79cd94846ba16882f4f5

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            198KB

                                                            MD5

                                                            bd15fb6f687d91d255e65caff705ecc2

                                                            SHA1

                                                            4784bb255c7f574a5e9ad21aed835fc68d14c8e8

                                                            SHA256

                                                            83301a880af2aa56505c62aee63ba862f0b8b18811c445308e96b951438bd35f

                                                            SHA512

                                                            321b28cf7c86b58d83467a63a65b1d39807201be2ce81e39f90edb232f8a606a44efcd8b12de9d5cdc9c09a90c0742af1e4c04e48ac8bac09ea80e70e88383cb

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Kurome.Host.exe.log
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            fdea78a6384b0889bf6453f3ce8955bf

                                                            SHA1

                                                            8cc88e32179fa9c93babaea16d8fe00c2e530367

                                                            SHA256

                                                            80354e4770c72bee34e5fafaa2c226bc51ce46526520176cd477e134356ecd84

                                                            SHA512

                                                            c02bec1376776f82a742bff11486e6c9d8c72d554e171f7f697d11ab13a2e88d55741bb09f2d43335f96798b41c7f40073324f34af4b05498225469bb7b89604

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Kurome.Loader.exe.log
                                                            Filesize

                                                            425B

                                                            MD5

                                                            4eaca4566b22b01cd3bc115b9b0b2196

                                                            SHA1

                                                            e743e0792c19f71740416e7b3c061d9f1336bf94

                                                            SHA256

                                                            34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

                                                            SHA512

                                                            bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            d7cb450b1315c63b1d5d89d98ba22da5

                                                            SHA1

                                                            694005cd9e1a4c54e0b83d0598a8a0c089df1556

                                                            SHA256

                                                            38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                                                            SHA512

                                                            df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            37f660dd4b6ddf23bc37f5c823d1c33a

                                                            SHA1

                                                            1c35538aa307a3e09d15519df6ace99674ae428b

                                                            SHA256

                                                            4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                                                            SHA512

                                                            807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            264B

                                                            MD5

                                                            10e34dbfc04a41dc904ccfc6c42a2fdf

                                                            SHA1

                                                            aa8617693d74418855e2ef21a7d41e3762b4f4c6

                                                            SHA256

                                                            2b39ee39e673dd94bc7d6ca6b17a95d2541b500938fde094756715c362a1d6ac

                                                            SHA512

                                                            66048619faa0014f2b7d04819cad962a8f639e5b1242d5feedf3bdf15f51b3bee0b263b55facd58e326b696d50554543a3e20a83ca41b5167ededd4f1ae246c8

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            8999d8ac1b40fcccb3470e180a1654b0

                                                            SHA1

                                                            d462a3cfa1ffe38374ac8fbeb33ce8f0bbb89547

                                                            SHA256

                                                            3b0bfdb20b4e149dca3cb19b1db6ab156777452d1f42ff83921f600d9c894ca8

                                                            SHA512

                                                            19971c7e17c511e30c354203f2792fd50232928e8c57b698738fa8a522741c482e1a31af2943fec61cfc2b0b642cd9ead209dfad2a9521e8965b5d0f43251256

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            f98dc7c6643acaf2fb866b3d98e764f1

                                                            SHA1

                                                            b0605dd5bbccc786f3cc245d703c804810334d68

                                                            SHA256

                                                            46d18bece6c065b24ec39a4c83f7a1866cd9cdd353c6b90015db6f8f5397c42c

                                                            SHA512

                                                            ef672d5a92cefa38bfe1cc602dd15e39a82ff71814e8867b68f0aa2acf63dc46a7ee623fce44bbb9cf2efd5f944416f80ee3e4c7f8e6dc7916a1198494462b61

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            b6c905e731438b56955382ca51cfcd00

                                                            SHA1

                                                            c59a7a0593e22cd701fd3fd8e70ddcbbf6d09337

                                                            SHA256

                                                            e4efdfa0afc2954720b03f28923eed28eb57b4e3e2ed56737417970c8b562ef4

                                                            SHA512

                                                            70d12d382fe6202ba28f7233b7faf3a597a2e73344103192dc5b35ed1d38bb5472c7a9f1199c7023cd17b478617872295e40694252f73e519b0a89ed82e6d1ac

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            56727c15039329747a0ba199cf44ec7a

                                                            SHA1

                                                            dfabb08064ddea381a22fd8674d49489eb7be5e8

                                                            SHA256

                                                            218ca3e84e052af973a62a4c766326ad1e00ea91316edf1b68a139cf348c55e7

                                                            SHA512

                                                            8b9e124724461537f62d786b5d786c4418576ec595984c200f17b018df0b0d6e4faff35589e9c57f695ab6fa870bb1017b557f8eb6cbb853a43f0d9541609932

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            0f95fc4e1252abd7b98064f6e4e949d5

                                                            SHA1

                                                            0094ab30a91596ac5c702ba9a33429718bb06d81

                                                            SHA256

                                                            5faeb1fa0c84470f2cba175f60f1d644d649dd30bbe2dc957634e22fd9753f94

                                                            SHA512

                                                            6272a5b79c9f64a4e85a807accbaa8dc4d9be4b5b69c06a721e3f55caa530b5f34d86cfa58e2e011af4351b36fef86bd420b7ce16ed2db84853b946dc3693df9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            73132300a9ddc703ffe3a938bf8ab1db

                                                            SHA1

                                                            ea6de9216f5f670696610c68968b42f00480e893

                                                            SHA256

                                                            096a7cbce8b78ffabfd7872de936c24912085a578572e4dedd4b7460266ba042

                                                            SHA512

                                                            2c19af2b2660385b81b9c973333ceae708458a28e880065c08728180b1d03dbb4492bac855536549b71ed110d9637f80df276486d2621dc373ef16f4d55d7b09

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6b6.TMP
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            23008906d54a59ae67a06d2b04d668e4

                                                            SHA1

                                                            c92e9f39ca4c6d63eb730a20653ee7678d74a7d0

                                                            SHA256

                                                            6aa1ca349a9f2d69f38edb796f4690fbae7c1f968fce729bcc23954f4ac94a48

                                                            SHA512

                                                            eedded35ce70c84677f92e36d34ab737f4bd195659ec3e77e8f11a721c5699ec4174a628ce8f6017d17955e28c8408a1fa06bc6116bc6949f7d36e21eacc7c96

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                            Filesize

                                                            16B

                                                            MD5

                                                            6752a1d65b201c13b62ea44016eb221f

                                                            SHA1

                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                            SHA256

                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                            SHA512

                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            716e1d164cf0852eb7b6161e86217bbd

                                                            SHA1

                                                            68e6d1ab0eefdd16543a6b439b905ac967046633

                                                            SHA256

                                                            9754905ea81a801bccd05b8346df84d171c9fd371d7696e66c5ef74cc1e9717d

                                                            SHA512

                                                            e2b21e49ee9b66b09656fe3d1a476de51f025cff20df025c848e6a52fdbaec3322ba2a2215a3d5fa01c4cf22fec14490425fbce1408a874d0aa4930aefd3bc18

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            10KB

                                                            MD5

                                                            e6be83e2a280ef1e94abfd625ad0972b

                                                            SHA1

                                                            248806439176f5fc8f3ee8af9d15d360f7b73dae

                                                            SHA256

                                                            832fd9509cb17ae6f88d6e45370d01cf2aaa3f31a09496b30d3877c1fb266e9d

                                                            SHA512

                                                            cba7f60c15e6171960f96a55b98d1dfb1bcfd48c6466f95eb270c4aa72098cb26aec37ce3468141ec9ae9979f19a80e661b3f2fb922c0cb6372a2338b0e44814

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\HFI35F.tmp.html
                                                            Filesize

                                                            17KB

                                                            MD5

                                                            08bf811afac2ee7e49fc326bf59d6df6

                                                            SHA1

                                                            69472a6040ce729a6e5b39b42387af93528aeb2d

                                                            SHA256

                                                            6294a8ccfd63b9e0a286231639ee184b4837653789a010fcab03cee16d51e157

                                                            SHA512

                                                            09d67e27a0bbd8d016e9ea9d7e7f244aab438cf321b2fdb1f9e64054f7b5f227323f8213b45c7afa40bc3d1504c7d32c621afef012d4976badae5dfb49cdd7cb

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Kurome.Builder.exe
                                                            Filesize

                                                            137KB

                                                            MD5

                                                            cf38a4bde3fe5456dcaf2b28d3bfb709

                                                            SHA1

                                                            711518af5fa13f921f3273935510627280730543

                                                            SHA256

                                                            c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e

                                                            SHA512

                                                            3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Kurome.Builder.exe.config
                                                            Filesize

                                                            189B

                                                            MD5

                                                            5a7f52d69e6fca128023469ae760c6d5

                                                            SHA1

                                                            9d7f75734a533615042f510934402c035ac492f7

                                                            SHA256

                                                            498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0

                                                            SHA512

                                                            4dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\Mono.Cecil.dll
                                                            Filesize

                                                            350KB

                                                            MD5

                                                            de69bb29d6a9dfb615a90df3580d63b1

                                                            SHA1

                                                            74446b4dcc146ce61e5216bf7efac186adf7849b

                                                            SHA256

                                                            f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

                                                            SHA512

                                                            6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Builder\stub.dll
                                                            Filesize

                                                            96KB

                                                            MD5

                                                            625ed01fd1f2dc43b3c2492956fddc68

                                                            SHA1

                                                            48461ef33711d0080d7c520f79a0ec540bda6254

                                                            SHA256

                                                            6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b

                                                            SHA512

                                                            1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Host\Kurome.Host.exe
                                                            Filesize

                                                            119KB

                                                            MD5

                                                            4fde0f80c408af27a8d3ddeffea12251

                                                            SHA1

                                                            e834291127af150ce287443c5ea607a7ae337484

                                                            SHA256

                                                            1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb

                                                            SHA512

                                                            3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Host\Kurome.WCF.dll
                                                            Filesize

                                                            123KB

                                                            MD5

                                                            e3d39e30e0cdb76a939905da91fe72c8

                                                            SHA1

                                                            433fc7dc929380625c8a6077d3a697e22db8ed14

                                                            SHA256

                                                            4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

                                                            SHA512

                                                            9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Loader\Kurome.Loader.exe
                                                            Filesize

                                                            2.2MB

                                                            MD5

                                                            a3ec05d5872f45528bbd05aeecf0a4ba

                                                            SHA1

                                                            68486279c63457b0579d86cd44dd65279f22d36f

                                                            SHA256

                                                            d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

                                                            SHA512

                                                            b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Kurome.Loader\Kurome.Loader.exe.config
                                                            Filesize

                                                            186B

                                                            MD5

                                                            9070d769fd43fb9def7e9954fba4c033

                                                            SHA1

                                                            de4699cdf9ad03aef060470c856f44d3faa7ea7f

                                                            SHA256

                                                            cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b

                                                            SHA512

                                                            170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\FAQ.txt
                                                            Filesize

                                                            19KB

                                                            MD5

                                                            53fc20e1e68a5619f7ff2df8e99d42c4

                                                            SHA1

                                                            7a8ddc81d16aaab533411810acfad1546c30dc2f

                                                            SHA256

                                                            fc7ceb47aa8796614f098406452ea67cb58929ded1d4c6bd944d4d34921bba0b

                                                            SHA512

                                                            c1ad4f2dfd50528d613e9fe3f55da0bbb5c8442b459d9c3c989b75014c827306f72f2eb6ecbcd92ff11546e12087c09685b12a7dc258c5ea85c15ba5cc002d8c

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe
                                                            Filesize

                                                            9.3MB

                                                            MD5

                                                            f4e19b67ef27af1434151a512860574e

                                                            SHA1

                                                            56304fc2729974124341e697f3b21c84a8dd242a

                                                            SHA256

                                                            c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a

                                                            SHA512

                                                            a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\Panel\RedLine_20_2\Panel\Panel.exe.config
                                                            Filesize

                                                            26KB

                                                            MD5

                                                            494890d393a5a8c54771186a87b0265e

                                                            SHA1

                                                            162fa5909c1c3f84d34bda5d3370a957fe58c9c8

                                                            SHA256

                                                            f2a5a06359713226aeacfe239eeb8ae8606f4588d8e58a19947c3a190efbdfc7

                                                            SHA512

                                                            40fbd033f288fee074fc36e899796efb30d3c582784b834fc583706f19a0b8d5a134c6d1405afe563d2676072e4eefc4e169b2087867cab77a3fa1aa1a7c9395

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\REDLINE_STEALER_V20.2_-_CRACKED_EDITION\REDLINE STEALER V20.2 - Edition 2022\ReadMe.txt
                                                            Filesize

                                                            748B

                                                            MD5

                                                            9c3c1f40fe3d331c3445c8b8411aa942

                                                            SHA1

                                                            5a64f7689b12c2507369ad84c3eaa66b9c4de15a

                                                            SHA256

                                                            b610fcf8ae03a05877aee8109ce27468fc4395cd60197d84a5f747a1d65d0f61

                                                            SHA512

                                                            db5c34e5e13c993535c7222a540a71b611677977451e3e61ec06f7361ffd142634c553d4ba4d3a867a4329acc7a84e2adfb235ebffb88d438d3ace3733b0c4b4

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\Unconfirmed 326479.crdownload
                                                            Filesize

                                                            14.9MB

                                                            MD5

                                                            c0bf941aa51e64e26e10f5253672f9fd

                                                            SHA1

                                                            05ece31ee2466221f9f0f512acdfadff84f882f3

                                                            SHA256

                                                            392cbc3fb00a0db2060d65c5c993cb32fa747d6f5a78ba89348b4edf269e865b

                                                            SHA512

                                                            67cc5dd7abeb65f0f94d55d62e188712cd8594d10fb701650c17b64c27a3fecd09b86f6b23fbeec243fe11a572c4d3fb2c75180ade4ccd7c0092068b8f14f2e2

                                                            Download Submit

                                                          • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
                                                            Filesize

                                                            3.4MB

                                                            MD5

                                                            059d51f43f1a774bc5aa76d19c614670

                                                            SHA1

                                                            171329bf0f48190cf4d59ce106b139e63507457d

                                                            SHA256

                                                            2eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d

                                                            SHA512

                                                            a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7

                                                            Download Submit

                                                          • memory/892-8441-0x0000000023FD0000-0x000000002401F000-memory.dmp

                                                            Filesize

                                                            316KB

                                                            Download

                                                          • memory/1856-359-0x000000001AD10000-0x000000001AEB0000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                            Download

                                                          • memory/1856-428-0x000000001E920000-0x000000001EEC4000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                            Download

                                                          • memory/1856-412-0x000000001AFD0000-0x000000001AFDA000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/1856-410-0x000000001AFD0000-0x000000001AFDA000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/1856-408-0x000000001AFD0000-0x000000001AFDA000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/1856-407-0x000000001AFD0000-0x000000001AFDA000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/1856-380-0x000000001DA70000-0x000000001DBB2000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                            Download

                                                          • memory/1856-374-0x0000000180000000-0x0000000180005000-memory.dmp

                                                            Filesize

                                                            20KB

                                                            Download

                                                          • memory/1856-372-0x0000000180000000-0x0000000180005000-memory.dmp

                                                            Filesize

                                                            20KB

                                                            Download

                                                          • memory/1856-370-0x0000000180000000-0x0000000180005000-memory.dmp

                                                            Filesize

                                                            20KB

                                                            Download

                                                          • memory/1856-369-0x0000000180000000-0x0000000180005000-memory.dmp

                                                            Filesize

                                                            20KB

                                                            Download

                                                          • memory/1856-450-0x000000001DBA0000-0x000000001DBBC000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/1856-461-0x000000001F370000-0x000000001F4EC000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                            Download

                                                          • memory/1856-429-0x000000001F0D0000-0x000000001F162000-memory.dmp

                                                            Filesize

                                                            584KB

                                                            Download

                                                          • memory/1856-427-0x000000001E5B0000-0x000000001E912000-memory.dmp

                                                            Filesize

                                                            3.4MB

                                                            Download

                                                          • memory/1856-421-0x00007FFC0D970000-0x00007FFC0DABE000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                            Download

                                                          • memory/1856-420-0x000000001DB70000-0x000000001DB7A000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/1856-385-0x000000001DA70000-0x000000001DBB2000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                            Download

                                                          • memory/1856-393-0x000000001DE40000-0x000000001DF82000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                            Download

                                                          • memory/1856-381-0x000000001DA70000-0x000000001DBB2000-memory.dmp

                                                            Filesize

                                                            1.3MB

                                                            Download

                                                          • memory/1856-376-0x0000000180000000-0x0000000180005000-memory.dmp

                                                            Filesize

                                                            20KB

                                                            Download

                                                          • memory/1856-360-0x000000001AD10000-0x000000001AEB0000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                            Download

                                                          • memory/1856-356-0x00007FFC0A450000-0x00007FFC0AF11000-memory.dmp

                                                            Filesize

                                                            10.8MB

                                                            Download

                                                          • memory/1856-358-0x000000001AD10000-0x000000001AEB0000-memory.dmp

                                                            Filesize

                                                            1.6MB

                                                            Download

                                                          • memory/2012-341-0x00000000049C0000-0x00000000049FC000-memory.dmp

                                                            Filesize

                                                            240KB

                                                            Download

                                                          • memory/2012-346-0x0000000004C70000-0x0000000004CC0000-memory.dmp

                                                            Filesize

                                                            320KB

                                                            Download

                                                          • memory/2012-345-0x0000000004B00000-0x0000000004B28000-memory.dmp

                                                            Filesize

                                                            160KB

                                                            Download

                                                          • memory/2012-344-0x0000000004D80000-0x0000000004E8A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/2012-343-0x0000000004BA0000-0x0000000004C6E000-memory.dmp

                                                            Filesize

                                                            824KB

                                                            Download

                                                          • memory/2012-334-0x0000000000030000-0x0000000000054000-memory.dmp

                                                            Filesize

                                                            144KB

                                                            Download

                                                          • memory/2012-338-0x0000000002430000-0x0000000002456000-memory.dmp

                                                            Filesize

                                                            152KB

                                                            Download

                                                          • memory/2012-339-0x00000000050F0000-0x0000000005708000-memory.dmp

                                                            Filesize

                                                            6.1MB

                                                            Download

                                                          • memory/2012-340-0x0000000004960000-0x0000000004972000-memory.dmp

                                                            Filesize

                                                            72KB

                                                            Download

                                                          • memory/2012-342-0x0000000004A30000-0x0000000004A7C000-memory.dmp

                                                            Filesize

                                                            304KB

                                                            Download

                                                          • memory/2508-351-0x0000000008000000-0x0000000008610000-memory.dmp

                                                            Filesize

                                                            6.1MB

                                                            Download

                                                          • memory/2508-350-0x0000000000F60000-0x0000000001196000-memory.dmp

                                                            Filesize

                                                            2.2MB

                                                            Download

                                                          • memory/4764-4436-0x0000000005840000-0x0000000005870000-memory.dmp

                                                            Filesize

                                                            192KB

                                                            Download

                                                          • memory/4764-4433-0x0000000005580000-0x0000000005806000-memory.dmp

                                                            Filesize

                                                            2.5MB

                                                            Download

                                                          • memory/4764-4434-0x0000000004D20000-0x0000000004D6C000-memory.dmp

                                                            Filesize

                                                            304KB

                                                            Download

                                                          • memory/4764-4435-0x00000000060E0000-0x00000000061E0000-memory.dmp

                                                            Filesize

                                                            1024KB

                                                            Download

                                                          • memory/4764-4432-0x0000000005280000-0x00000000052E6000-memory.dmp

                                                            Filesize

                                                            408KB

                                                            Download

                                                          • memory/4888-309-0x0000000005D40000-0x0000000005D9E000-memory.dmp

                                                            Filesize

                                                            376KB

                                                            Download

                                                          • memory/4888-305-0x0000000005960000-0x000000000596A000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/4888-304-0x0000000005860000-0x00000000058F2000-memory.dmp

                                                            Filesize

                                                            584KB

                                                            Download

                                                          • memory/4888-303-0x0000000005E10000-0x00000000063B4000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                            Download

                                                          • memory/4888-302-0x0000000000D40000-0x0000000000D68000-memory.dmp

                                                            Filesize

                                                            160KB

                                                            Download

                                                          • memory/5932-4263-0x0000000020880000-0x00000000208BA000-memory.dmp

                                                            Filesize

                                                            232KB

                                                            Download

                                                          • memory/5932-4441-0x00000000244B0000-0x00000000244D2000-memory.dmp

                                                            Filesize

                                                            136KB

                                                            Download

                                                          • memory/5932-4232-0x00000000200A0000-0x00000000206B8000-memory.dmp

                                                            Filesize

                                                            6.1MB

                                                            Download

                                                          • memory/5932-4231-0x000000001FE50000-0x000000001FE6A000-memory.dmp

                                                            Filesize

                                                            104KB

                                                            Download

                                                          • memory/5932-4217-0x000000001FAA0000-0x000000001FD26000-memory.dmp

                                                            Filesize

                                                            2.5MB

                                                            Download

                                                          • memory/5932-4216-0x000000001F8E0000-0x000000001F946000-memory.dmp

                                                            Filesize

                                                            408KB

                                                            Download

                                                          • memory/5932-4233-0x00000000206C0000-0x00000000207C0000-memory.dmp

                                                            Filesize

                                                            1024KB

                                                            Download

                                                          • memory/5932-4249-0x0000000020820000-0x0000000020832000-memory.dmp

                                                            Filesize

                                                            72KB

                                                            Download

                                                          • memory/5932-4235-0x000000001FE70000-0x000000001FE82000-memory.dmp

                                                            Filesize

                                                            72KB

                                                            Download

                                                          • memory/5932-4459-0x00000000244E0000-0x00000000244F8000-memory.dmp

                                                            Filesize

                                                            96KB

                                                            Download

                                                          • memory/5932-4442-0x0000000026020000-0x0000000026389000-memory.dmp

                                                            Filesize

                                                            3.4MB

                                                            Download

                                                          • memory/5932-4234-0x00000000207C0000-0x00000000207FC000-memory.dmp

                                                            Filesize

                                                            240KB

                                                            Download

                                                          • memory/5932-4327-0x0000000024410000-0x0000000024460000-memory.dmp

                                                            Filesize

                                                            320KB

                                                            Download

                                                          • memory/5932-4326-0x0000000024460000-0x00000000244AA000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/5932-4278-0x0000000020970000-0x0000000020A20000-memory.dmp

                                                            Filesize

                                                            704KB

                                                            Download

                                                          • memory/5932-4312-0x0000000020F90000-0x0000000021004000-memory.dmp

                                                            Filesize

                                                            464KB

                                                            Download

                                                          • memory/5932-4374-0x0000000021EA0000-0x0000000021ED0000-memory.dmp

                                                            Filesize

                                                            192KB

                                                            Download

                                                          • memory/5932-4373-0x0000000021C50000-0x0000000021D5A000-memory.dmp

                                                            Filesize

                                                            1.0MB

                                                            Download

                                                          • memory/5932-4372-0x0000000021C00000-0x0000000021C4F000-memory.dmp

                                                            Filesize

                                                            316KB

                                                            Download

                                                          • memory/5932-4361-0x00000000006C0000-0x000000000075C000-memory.dmp

                                                            Filesize

                                                            624KB

                                                            Download

                                                          • memory/6008-4405-0x00000000057F0000-0x0000000005B52000-memory.dmp

                                                            Filesize

                                                            3.4MB

                                                            Download

                                                          • memory/6008-4406-0x0000000005D60000-0x0000000005EDC000-memory.dmp

                                                            Filesize

                                                            1.5MB

                                                            Download