redline | hxxps://www[.]upload[.]ee/files/16918806/Redline_stealer_2024_Crack[.]zip[.]html

Analysis

max time kernel
571s
max time network
569s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/12/2024, 18:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/files/16918806/Redline_stealer_2024_Crack.zip.html

Score

10^/10

redline discovery evasion infostealer persistence phishing privilege_escalation

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 6 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023cd0-563.dat	family_redline
behavioral1/memory/2664-565-0x0000000000620000-0x00000000006C4000-memory.dmp	family_redline
behavioral1/files/0x0007000000023ccd-567.dat	family_redline
behavioral1/memory/2664-569-0x0000000005000000-0x000000000502A000-memory.dmp	family_redline
behavioral1/memory/2664-616-0x0000000005550000-0x000000000555E000-memory.dmp	family_redline
behavioral1/memory/2664-617-0x00000000056E0000-0x000000000570A000-memory.dmp	family_redline

Redline family
redline

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4800	netsh.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 1 IoCs

pid	Process
2664	RedLine.MainPanel-cracked.exe

Loads dropped DLL 30 IoCs

pid	Process
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe
2664	RedLine.MainPanel-cracked.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RedLine.MainPanel-cracked.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133788488319169148"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3060	7zG.exe
3124	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 4900	3936	chrome.exe	83
PID 3936 wrote to memory of 4900	3936	chrome.exe	83
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 4276	3936	chrome.exe	84
PID 3936 wrote to memory of 3672	3936	chrome.exe	85
PID 3936 wrote to memory of 3672	3936	chrome.exe	85
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86
PID 3936 wrote to memory of 2620	3936	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.upload.ee/files/16918806/Redline_stealer_2024_Crack.zip.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff38e0cc40,0x7fff38e0cc4c,0x7fff38e0cc58
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4796,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3312,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5636,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5276,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3528,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3372,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5380,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3396,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3336,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5520,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5144,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3104,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3864 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5020,i,10325296811716016004,13677724423106797719,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:5020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2380

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\" -spe -an -ai#7zMap31748:114:7zEvent1622
1⤵
- Suspicious use of FindShellTrayWindow
PID:3060

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Password.txt
1⤵
PID:1748

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\" -spe -an -ai#7zMap4635:222:7zEvent15659
1⤵
- Suspicious use of FindShellTrayWindow
PID:3124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\OpenPort.bat" "
1⤵
PID:3896
- C:\Windows\system32\netsh.exe
  netsh advfirewall firewall add rule name="RLS" dir=in action=allow protocol=TCP localport=6677
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:4800

C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\RedLine.MainPanel-cracked.exe
"C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\RedLine.MainPanel-cracked.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\31a30783-1f99-4300-8a6b-581202ef0bd8.tmp

Filesize
9KB

MD5
8bc2b78fd048f343ec4985c0a3895e84

SHA1
c3ac2656a99d4d4b38721b0b75c3e9cf7d5ebb74

SHA256
3296c145a5977428cefdf99f38af399e7ac23c3af91c48f037e012adf4ffde67

SHA512
6742d2757981be4cdb58701995f0121c3dcd1099be70bb9291cd902df05acf8568531899f847ea3834e9fb78e86a539555c2072c8258d8e21d9fbbcac4eaa188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bb25d6c9c0875a7a9241268b96499808

SHA1
d72cc839e4182b128b01050c4cf3b85ce74a5e09

SHA256
0891f654ba10fe13294087a96df037b7f1533bfe2ae11962a17aecb1d0f92f4f

SHA512
a7e6c610e16b31221e724c06944cf72b09f6b9518b6fd512af9b15a0a13584620cafd175f7b81c909afaccaaefcd21c3379e1dce7d53adefded8681607f1c331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
4be50037f12aa0b1067eb6ddb2b470e6

SHA1
2dadcbac333d5f871d664c3d39c548bd00166948

SHA256
deb1a8690dc4fdfe6e4e4edce555995d4a6f0b9bf27be773365eeec9c03768a2

SHA512
f62cb95a4514fb88661ce05d5eeb54681631eb7cc85814df5be3e64905633dcc3e2b2561de6c2ff572f90ada0a475e46d96d1579de5dd2e06c1159d67a137bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
dc621b79eca50eab389dee36cf678c1f

SHA1
aec5371ec617dba1c4ef094521d39d46b6dc0125

SHA256
a9bfef687b7e7dd9a200cc40587db7fa8da75a78ddc083ffd6544533af6984e3

SHA512
1abcce296ec151a8752d4bfe9958e8b0819f35c5712ffbcc80062fe8a12428d96cab4404c9244e566c2fb8c114f977f636773800d05cc0fdddfd58a39fd16107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b083144b61613afe2e48ba8e50d49241

SHA1
7cfd3037094d77dcb5b626810cdad58b1c6a6d9b

SHA256
f05e035068d7fd6450248d0fd5fac52e78fb6db95a1c1e8231108c224f0f7c01

SHA512
f687a1e8f4a0e42dd49e00018b5140127539ed4f034760d7c7d3b53d5d518d1090a917c07d244d4c5e7fbac75760dee123d4a33aeb58d4abdce72a5d16391265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c3a319efd8779f6d2455ef559a7a5cab

SHA1
524fbba2e99f5be5d292306867ecba33512e45a6

SHA256
3ae29305b7ba0c9e398df435820a5d760b519db2a07211c1559b561cf099c27a

SHA512
b485cd56789d7fd603a9406ec2bc9a1db3f8bd003b795c88a5a633e645b6383dec7118496c5a369bf04d74a07ab09579477320a274060e127050f5adb575f58e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0473d0e299ffd0f2dd7bd2eff3710341

SHA1
1765b27ab1db5e3859a8ec102e11479e26a6fb27

SHA256
699438bcee6efa835d0ed7c1d36dfd77b6413dfd1cc24a59f379b766d1b2df2c

SHA512
13016d4ec342d2afd208f6d36f62dd2ff4f80d9b2b821b3eef99b40cfd4e4b51d0c66281d6758c1cf2c564781436098ba040d1d33a15bc1063a28782a450aa14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d535403736b2ba88e37ea79f1ed209b

SHA1
a731d89fa382614f5c94377e6e4152e0cc14d1b7

SHA256
bd25e6299ec4d777aa4c260ff8c8659fce6c214ea0ff47c641e2e7fb2487990c

SHA512
1da8eae9dca9cf47c3a594db0d78c78c55e912ffaca1eabf35e980b8de16f983707dfdea5bfc00774097d153554e93a56f064c38a1229f878d70df801bda6245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc34f1356da139af06418eb437ff5833

SHA1
8240de398233ff8fb808d861d34687005ec787fe

SHA256
8e2f29663e6366038cb746a899d2dbba7d1c4229065a1f2995cd16e00868fc98

SHA512
0bfc5ce8ef792639d6a126d4d3326c7ec02946be03d012ce2f68b06752a259f992d54233cc5359c13a3e446b5cc99ff35d52cae04f1bb57a51e93a22f89d5b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a99c81203f07cd4c50d0b0fdf5df6a4

SHA1
589df704888eb2337f16451b9350a7235b20bd05

SHA256
0bdc301e1a95dcd105180036851840bfb385ee2d415f7e2ca36167b932ad85a5

SHA512
b9f2964e3a1f124b58772a86ce0207ba3d8bb947fafb0eee885d0036004f5d803a20a4e607c879ff477377683ae80ad723e484d6533abfc5097755e58f490fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f50d0df66c5389b2ab172f80a00c2f3b

SHA1
9e9a63639aa4e3060f4bcc8051461366314ffe9c

SHA256
d7539f54db094b42ddf2f2e6ec035df14cde05d40c57a01a622a0261c66da055

SHA512
a78e510620f7f8826a02e925abf7ae28a8bb81248a23305b6149d69f1d26061744f20d47e75538ba831584ff4775c4330f99ebc0d1001f7aee840b7a40778904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a13902747969179d146b11aa39607c2b

SHA1
9f5e61e615eb4f2e5bb11dc91ebfd548ddf1d44b

SHA256
2169dda70b0b52f5471365b0e87381f2c7b30d35f72fd00dab4662114f039272

SHA512
b654e849cbd1179b507e2af60d7329e077622d74d5c30668b0bb563082439c49719f48bd09051b9d7c7983e3ac25872ffb52c9fbc3cf2fd181b5777e96d2a9a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
412cba366fb23c8c09da1d38eee2ec30

SHA1
3dabf41748a944142e85bd0f40093b1c5bb3c83e

SHA256
c8f5e5044f9a01abe374ed70dba4a6208db62ac67b4c217098e967bb622384fd

SHA512
200d46cf90199a9c5e0678bfed900104ba8417bbcbe98b19f9e7771db889ef030dd41aa666387c7266838768d7db603c0e1cda7441ecabfe850ea651aef43a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8d6e2449e1aebf3c8e42da7805d576c

SHA1
990f581689ee9347bd37eacc6fa12d0c02f3a929

SHA256
850005547ca2d51b4ec956c54b3f8bba86e647bf0a75a506080a839744778a0d

SHA512
3c3b9a94f820c41890f040062df45683d9fbfa197bc13c2dca5201fd7e7d5b8f22324ce4d02132d3f27c0102217cad01f1c4c79e2cd87f0049279cca425d2051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9563b52409d70167e945f78adcfa8efe

SHA1
bc9a91257f8183087e04a02bed40469f47e01e0b

SHA256
3a377c2e247062cc92f7311fbde8a7d4a4d6bad0fab6a7566d7c09ea015e6ca4

SHA512
eb443685fa16a0602cef6fbb4435dc2ad69658de68d58b7ae00db54dbba2c049da88543bf6112ffbb74cca7a077f54a48bc3f535afa2b0b1b54526ecf62febe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f3167b893f9a3515cbf1ee7bd3305a6

SHA1
8263d1a82ed9e5e62c70771525bf6f5a4dfe7446

SHA256
3857961218f659189768cbb7c07fa792aca564e9c1fea8b4dc44da419f366cf1

SHA512
7f4c41785789b97de69c19a6c4357e314d3c5b93af0a8bdeae2b50d396a6aea7c807470e78ff0e5f605f4b1ac9ca39b06f1c9a2367051c04044d190b6dcb94c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ef10e28ff828e9aa14e4c96cd23b4ea

SHA1
016824725e38b48e1d5c7a8f6104f7ea9c22fcde

SHA256
123be0828ed907211ff497ab1940ebe9bc225b24ad64b881ae9461820c941bed

SHA512
ff258a23d13283d869d742e6f674e267e9bd8ca42b2c42e2a66107dbbea4abab522765875e964c25d15d2304f907703f2d6afdf78479f947d8191c3f638f1ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83b83d03723e0b2e992c78d656d5d723

SHA1
e965a0ecd65d1b869579ab472ba56d1dc6c8b786

SHA256
953baf33d0a19b019302991ad47a1ad0d50dc3ee356abefe747c205c271394a9

SHA512
b628853398f84aa2a4799f2ec412c4c99438b899697345f1d73d9a417be2097ae8a5bfecd6ab306e11930bfda754a559353e69e20520e9c73eb8f51a50cdcb82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fd84201d8e639faf8a4cc2b2e20ec97

SHA1
87f07b9e13cec108aeaef0da254ba48c16c70357

SHA256
dd39c003eee24f7159b8c128e16922c61fee3da1c409bafecc63295eddd6dd1a

SHA512
4d7234ca2393aee25f9e37e7e504532acecc15aab88415b8a45af7b11ade5ee36d9a1479c844299551273930b28483e0e6bedd2825f2ad9c07a8ba7849444064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd7ed59916e7befa375127021c5b4228

SHA1
e1804ffc51792ba7e825bb4f4bacc33384ede8f4

SHA256
60fa5ded7ebea7fd3f7eaa052f81194ee771b3c6ca3676f3e6233794b14b608f

SHA512
1b88612dec53d50f57d7e3c9abc26acfed42151bdfd762c84846696629d8d30ed2c5c0af34f28465670d232a64029a3980d53b066b32e6f178fe210d30e19209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4a2c0f3707c1dd2742ae807df0a1bb5

SHA1
2dbeef9aff3ad4d784788706ce24febe3790fec0

SHA256
542acda27e07f7af1b98ff13031ed252341cc4a27b72f2fad227b401c8a1ecad

SHA512
7a70b7123f0b59e4a4b7cd4cd771164125718266e8d589a0051070eb4ce26ce4882c225ac60839e23184c3f5eec9f528f210d95a5e5154053563ef3eea1852a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
809ba93052c9b94be76202d9c9ea5f84

SHA1
fe879a48dc2836043b5828286c2926aa38e19c03

SHA256
f40f3e5075598a9729639801e66b487c7c7e4e4e5a57ee724f449ff8ba7ada33

SHA512
1b73bb89ef23fc394314fe7b7a8b9c19384394a8cad85e9a8958f31d05ea23c4f95d8d648c3409bb945ae3e7e0580babbd3c2319c65b365ba73048f83334a930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce95fce33c885c7be481f82ba3357f9b

SHA1
0aeb1bedc9e5779dc07acdd8241e76c8431e0e72

SHA256
46cf256f6ce911655df1465d54d83cbfa2fd606d8ad6dd1893dd75c47f1c83b6

SHA512
0bb50937ef993fcd24534fc8c45d0f0bfedfb8cc94011dcc79cf7af5b4388ad02293daa35eea2fe7cd7d4b7d58fa0505b8a6ec967bb6b42bd0faa72ecb4a3d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9aa9cc3eff8bf07d8fddd5c8f0c3d9ae

SHA1
c5fdf4308d6f61bffc6d7a7e0bd9c5988001c901

SHA256
86bdc7d96ef3b42767a95fc5471ee0d0b71d9f82c4fd1fed3e6035d78532ef1f

SHA512
daf98417f2c7be51702415d3a20e34c14b2df5872e1a0b3740e62f0d8fb5cd5c760df14a2ff6aafb4b8b120a8618b9f2f62abd8da46008ab29b3bd3977a70392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70eb7f8f0528b8919f3f2b8c44a23121

SHA1
60c16583982eda7a232518da21d9a8e31f8b9c11

SHA256
996ad922b66b861c5d9acf121c06a825472d046cc2e499a6665b5a8ec357839c

SHA512
331f91df9512f208914d1ad84413b1e8d4428a7401de02c06bf75ab9dab04e23b5f0451e40d8de01c83bab1a1ad3662e11303bfdb3559e9b83988b0ba4abeb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc880fa094bd3e3d7b21b31574de9e83

SHA1
cacb9233e3f0f06dfe21ae1e5d669d74481fc19c

SHA256
1e96a9c2881a0a658b274bf8ad6b661039d600ac80f1ae9a5e089823a93f01a1

SHA512
8bd409d97b4b64bb75876fe4eca7e58b4a03c071fb3172cec945ca5f01a73e8b0bd7a61d7d72f5b0460c72c1252d0d6a52e52ed878db9bf96109e1f355d88e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0783d339164efd55d768e6129cfcd825

SHA1
c00cd6a6f96902dbaa1d61cced75a39c1867a283

SHA256
9b2f4cc3d94b1c69c77e868f5a444f1ee8c44c0981afbece5e3440f5c763f90f

SHA512
3547c0fc7520f8a1c0bc89f354372f46154d3f99a9884541b3fbb76ad29cc3b89eb9c91dc83db9bcbfe7aefcd0d36b4c7e5e6e2955c2cbac2eaa657d3f06fc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c22ea1745f473147cd83e6bcdcc7af58

SHA1
44868f9f9b6899284b27e08e28ebcf08b7b730e4

SHA256
c607b8b748143e19fdca20fd65b95d30ae4a689dddef4c53fe34c69c3df682a4

SHA512
08a3c3d7466909fb4147ffa27c1c621f14135f162f64b22a1497449e3957b9600cefa6dfdca328c918e7a1fbfa76aa23fce64f2e89ac2fa85b623fcd5693d6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12a6488ee086a7a5e76dc8434c472cdb

SHA1
cac9611819dcada741867a7a9064146be643d258

SHA256
a25b21566559c423e4aa11c90354ee562dad493793d70b2566b05683f7a735b2

SHA512
81be1ee8a61729dbaf45e824490533a5c978a0eaf2244ec8bec333493daa620f920354928e0ccc10ca184b6c1a5bdf7678e77a43dede5f9b77fe5625e7b98b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35dad739449db33ee62d0680d86cc511

SHA1
f0bc70396a1e3602a1401f72fedf7be9a8376ae1

SHA256
5497c813c77a917308385e171658efb462599632065bfa9c8bf38191c625f84d

SHA512
6661cedaf5518a7d10a81456306e9565a9400339b11c47d7ca6444620239687253c7f6efc6f9b911d99376a779ce8899974f1e7673fc34129ecebbaface953e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e95a7c3b8f169653f8e5a70eec942a3a

SHA1
5580f37eb1ceba3913d53ccd2f5ba52fbf5c6658

SHA256
44f2b8849b893b2a45825bcb26e821352f44d893d6416712b1650d6264b96ff7

SHA512
9af434f5e78fa125132bb4bae7eed1113a853ad9bc0ddf01725d29e59359e7ed1cd6cff8bcc519db91d9492e1ffbd609c97a7c8a843e7a989b5d0f6338890e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c65d82c4c5d3524298cee5cbea4dbb2

SHA1
4dc2a3c2df3c62250a16d8c0d050e03325ca8757

SHA256
f867728b75a09cf7a758f0058de63aa6064297f6cacec37bb561714a4a485a43

SHA512
154081d0904aa061a534d18bb71764db16e0b43249d7ada094b6e488f1308b85d02cd4babbe726eddc4177615ecb13d003823fa42b7af1d5299971f00b5c0ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
510f91801810e7e294892be90e44c578

SHA1
4d7c05aa2c1257a6b5189b8abd3a0157dfd45944

SHA256
ef8a6afed929caf64f117bfb0a25ee5f3e15347ed50e14669af1d1e0d97f7cae

SHA512
dfec23e0154412bea52374c547c54e18928b2a846f0405f283e16ac458e8270917582e848c4d7b648b43ce047c418bcca05de066e14e7c32bc3d577a6a0736e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d2802c88-5b65-4187-b3c5-64349c560d5b.tmp

Filesize
9KB

MD5
97537cf07b4b4e1254b1e952ec961aca

SHA1
126a5f92fd7952e6e1c8c019876ed5cce4a37f8a

SHA256
d3c1ab8767ac3f2352d2ceacf6262678ae8cf808ec426ef2c1c748666fc26c9f

SHA512
44c29dd5fd108a9a85d9c96f926894038132df0b4e66832bbcc202195b1645b167e3096b02eba421399f7363bad40b54f9fc663df3c33638a89d25893112572e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
78b2b57a135065980555308ca8166640

SHA1
901f796e27b3eea9f44dbf8191e7120fe8e25195

SHA256
48bdfd763cba2810aecf49cfbf58887cc24a57437d76faa359ce62994c1a07df

SHA512
b911751bf0141e4089bb797363a6d9ea858a937287ae0463ab69990d6481cb34429720893ee59393de48c16d03941e8b937007bd6895e00f338d06d2c7f9b6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f478cb8c850f6ea474e4c1c7961527dc

SHA1
3dfab57b1ca2d1f80d686a2f3ea73a519a7526fa

SHA256
27727ef852aa817eae02ba6ad60bb395e4200fc80821e0ebc44b3467314aee0a

SHA512
8f588c8b8afd3dc061724f908362be66cef52761c4e9e6f8f43cce0ccf8b10bf93dd777ec72d429153b42fa14325f3cbd85247a940d5aeef63955e78d7a35040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3cc01580e5c31dcd92351bd3bd302ead

SHA1
7cc051b7c8ed40ab494416bb0577d5bc18e36d96

SHA256
97d921e39aba8296b1adb090573642e775c60e95d2ae3e70ed06657f1170b5bc

SHA512
60c434c0dae1881d0c4d78c4611b98c61650fa7cc481815964300e4283014e7056beb08a4fb90b3de6a0d960dffb26be59450a08fcc79650a658acb747f27078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d1e0cf655b3eed152d6dd704d8d77842

SHA1
9e2ef902ca74a2e51db21b2651717d72f887d9e9

SHA256
3ee98ea844b85bce9d2af0d43ed39b68852a08efd57400259d982b4679b0867f

SHA512
c04145a82e1d64f190944dd5ef2280705c5a1f7676e7880bb01b4340f36504a4d5fc242066159084d7ec566c6f278dd0621392c4aefb44ca08c7712310d73f79

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack.zip

Filesize
10.4MB

MD5
b39d95a13bd1bc062ed021198a68b85a

SHA1
cbb4ebb0b44708f761ad1760c949f0d0cc05a21e

SHA256
ac04a96efb04c0a3c2b334a52c3fb09b7c58eae39476b169375bfaf8d6de4c3b

SHA512
2e378ea1367ce97b3922bcfa356828e69776786ad06dd6753d1e13b91f04eecea5730d8269a8bb9d12dc2d082fdd2cd2503d9ebcd656cb41c692a9d4abf79e03

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Password.txt

Filesize
19B

MD5
74c1d4c44f8b390b493a4328332d079b

SHA1
f55ce3f4da35f57ae23ab0f2937c3498e0fbd173

SHA256
d62b8a03a0ee992d25266b477ed200b15f7af793319a5a914b9fbc4680e1bab6

SHA512
13a81af5d1fc29feda0f32a90a1337ee63030622dbad84cfc21a7ade54214a352c1d3304383da20d0eec1450377064767c43e770fa0ec46828deed329b8b25ee

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack.exe

Filesize
10.5MB

MD5
b04aabc9ef2d948b4c9b9de83cfa451d

SHA1
334a5eeec5dbad61bcc14a1bf2f3691fc26427e7

SHA256
8287d913323910905b3b7d3b3a4f67562ddd22b16fa55dd4042030a502ecb340

SHA512
87a27c98e99a27d1cf568edee5af5e42df1f172c1d4b3e65fb8b4719f9d6d11599715210f64273be12b50300dfa01a967bb8ac9666bacfd8d9420eb0b641049a

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Build.exe

Filesize
141KB

MD5
a6d61364cbd2bb44f847fd4600305e22

SHA1
13adec1c8c320cbaafeb2adf409af02a29af94b3

SHA256
17e503b29ac6dfe2b3c7c2462448ad16c61b0585b989fb5be2edd81f1ca55a8c

SHA512
5389e3cd5d18d2594491643bc2395c78b8a8245073b1cd67dc731be224b259f155f69098e82c26286aefe665bb663cada6eaef36aadb940f1771de48ae0444ba

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Bunifu_UI_v1.52.dll

Filesize
219KB

MD5
5eca94d909f1ba4c5f3e35ac65a49076

SHA1
3b9cb69510887117844464a2cc711c06f2c3bd19

SHA256
de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474

SHA512
257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\GuiLib.dll

Filesize
50KB

MD5
eaf9c55793cd26f133708714ed3a5397

SHA1
1818aa718498f0810199eca2b91db300dc24f902

SHA256
87cfc70bec2d2a37bcd5d46f9e6f0051f82e015ff96e8f2bc2d81b85f2632f15

SHA512
b793ae1155bd7be247b42c0fc1bc53e34cf69e802c0e365427322dac4b5cc68728d24255a717aaffa774b4551a6946c17106387cff4cfdb6ce638d8a4ecab4d9

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\MetroSet UI.dll

Filesize
436KB

MD5
f13dc3cffef729d26c4da102674561cf

SHA1
5f9abff0bdf305e33b578c22dada5c87b2f6f39c

SHA256
d490c04e6e89462fd46099d3454985f319f57032176c67403b3b92c86ca58bcb

SHA512
aa8699c5f608a10a577cb23715f761ee28922c4778f5ea8a5ec0a184e1143689fba5a08003fd5cbf3c7dd516eac1fddc8c3f9efa1d993ba1888e87b70190c08f

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.Mdb.dll

Filesize
42KB

MD5
dc80f588f513d998a5df1ca415edb700

SHA1
e2f0032798129e461f0d2494ae14ea7a4f106467

SHA256
90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9

SHA512
1b3e57fbc10f109a43e229b5010d348e2786e12ddf48a757da771c97508f8f3891be3118ff3bb84c3fd6bfa1723c670541667cdbf2d14ea63243f6def8f038cc

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.Mdb.pdb

Filesize
18KB

MD5
0ba762b6b5fbda000e51d66722a3bb2c

SHA1
260f9c873831096e92128162cc4dfcc5c2ba9785

SHA256
d18eb89421d50f079291b78783408cee4bab6810e4c5a4b191849265bdd5ba7c

SHA512
03496dce05c0841888802005c75d5b94ac5ca3aa88d754230b6f4619861e58c0492c814805cde104dc7071e2860ebc90a7fba402c65a0397fb519c57fca982f7

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.Pdb.dll

Filesize
87KB

MD5
6cd3ed3db95d4671b866411db4950853

SHA1
528b69c35a5e36cc8d747965c9e5ea0dc40323b8

SHA256
d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3

SHA512
e8ae4caf214997cc440e684a963727934741fd616a073365fa1fc213c5ca336c12e117d7fa0d6643600a820297fc11a21e4ac3c11613fba612b90ebd5fc4c07e

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.Pdb.pdb

Filesize
25KB

MD5
8e07476db3813903e596b669d3744855

SHA1
964a244772ee23c31f9e79477fbccfd8ed9437e6

SHA256
aa6469974d04cba872f86e6598771663bb8721d43a4a0a2a44cf3e2cd2f1e646

SHA512
715e7f4979142a96b04f8cb2ffa4a1547cd509eb05cf73f0885de533d60fd43d0c5bba9c051871fd38d503cb61fe1a0ee24350f25d89476fbc3b794f0ff9998f

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.Rocks.dll

Filesize
27KB

MD5
c8f36848ce8f13084b355c934fc91746

SHA1
8f60c2fd1f6f5b5f365500b2749dca8c845f827a

SHA256
a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7

SHA512
7c47f96e0e7dfaebb4dccf99fa0dda64c608634e2521798fd0d4c74eb2641c848fadad29c2cd26eb9b45acdfef791752959117a59e1f0913f9092e4662075115

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.Rocks.pdb

Filesize
8KB

MD5
17e3ccb3a96be6d93ca3c286ca3b93dc

SHA1
d6e2f1edc52bbef4d6d2c63c837a024d6483bbb3

SHA256
ca54d2395697efc3163016bbc2bb1e91b13d454b9a5a3ee9a4304012f012e5eb

SHA512
08c4fc7b9a7609aca8d1f7c7cd1b8c859c198d3d4e7cad012a6f9b5490afff04a330c46f3429d61e3a5570c82855deda64a0308b899f8e2f93f66ed50f7fad3b

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.dll

Filesize
337KB

MD5
7546acebc5a5213dee2a5ed18d7ebc6c

SHA1
b964d242c0778485322ccb3a3b7c25569c0718b7

SHA256
7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e

SHA512
30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Mono.Cecil.pdb

Filesize
172KB

MD5
c0a69f1b0c50d4f133cd0b278ac2a531

SHA1
bcefbe60c18318f21ba53377a386733e9266c37d

SHA256
a4f79c99d8923bd6c30efafa39363c18babe95f6609bbad242bca44342ccc7bb

SHA512
c38b0b08e7d37f31ab4331fcc54033ec181dc399e39df602869846f53e3dc006425a81b7b08f352c5e54501e247657364dfc288085a7c1c552737d4db4f33406

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\README.md

Filesize
2B

MD5
8cf8463b34caa8ac871a52d5dd7ad1ef

SHA1
a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa

SHA256
eb4bd64f7014f7d42e9d358035802242741b974e8dfcd37c59f9c21ce29d781e

SHA512
dd4f520768dafe6990081e74c73c7adff8bdde7f831aa9ea6b8de15d3ed53c7b04eaf15cb332f4ff3b55966b75612bd5c2dd5ca62139eee58470a7f5d59bb62f

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\builder.exe

Filesize
11KB

MD5
de6f68cdf350fce9be13803d84be98c4

SHA1
e37ec52f68ab48344579ccbfc4d2d90d3073c808

SHA256
51bbc69942823b84c2a1f0efdb9d63fb04612b223e86af8a83b4b307dd15cd24

SHA512
0344b764dc0a615d5a0bbb24ba442bd857d69fd3b102f243dafc9a9ae8776f6ad98f9af2cf680effaa5807451e310232224264ce9fe1bbc4a5f826833705ee8a

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\builder.pdb

Filesize
33KB

MD5
418dc008ef956465e179ec29d3c3c245

SHA1
4960b2952c6cc8de2295f145c3a4526bf6d1a391

SHA256
8c7e21b37540211d56c5fdbb7e731655a96945aa83f2988e33d5adb8aa7c8df1

SHA512
ad386b6cf99682d117dce3a38c37f45843ac87d9ad17608453c0dfe8dd2b74c0c19c46a35da8140dc3ffc61d2333d78ab1438723cfd74aac585c39f0f59542f2

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\Libraries\protobuf-net.dll

Filesize
274KB

MD5
d16fffeb71891071c1c5d9096ba03971

SHA1
24c2c7a0d6c9918f037393c2a17e28a49d340df1

SHA256
141b235af8ebf25d5841edee29e2dcf6297b8292a869b3966c282da960cbd14d

SHA512
27fb5b77fcadbe7bd1af51f7f40d333cd12de65de12e67aaea4e5f6c0ac2a62ee65bdafb1dbc4e3c0a0b9a667b056c4c7d984b4eb1bf4b60d088848b2818d87a

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\OpenPort.bat

Filesize
94B

MD5
cf1cc90281e28cee22dce7ed013c2678

SHA1
2f213a71b76db3e51ad2d659f84dc1f3f90725fb

SHA256
84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef

SHA512
2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1

Download Submit
C:\Users\Admin\Downloads\Redline_stealer_2024_Crack\Redline stealer 2024 Crack\Redline stealer 2024 Crack\RedLine.MainPanel-cracked.exe

Filesize
633KB

MD5
baf102927947289e4d589028620ce291

SHA1
5ade9a99a86e5558e5353afa7844229ed23bdcd5

SHA256
a6d2d1ba6765e5245b0f62e37d9298e20c913c5a33912b98bd65a76fc5ab28ae

SHA512
973ecb034ba18a74c85165df743d9d87168b07539c8ef1d60550171bc0a5766a10b9e6be1425aea203be45b4175694a489ea1b7837faa3b1927ca019492ccd37

Download Submit
memory/2664-586-0x00000000055B0000-0x0000000005624000-memory.dmp

Filesize
464KB

Download
memory/2664-627-0x000000000AB70000-0x000000000AC7A000-memory.dmp

Filesize
1.0MB

Download
memory/2664-623-0x0000000005A60000-0x0000000005A6A000-memory.dmp

Filesize
40KB

Download
memory/2664-614-0x0000000005690000-0x00000000056DA000-memory.dmp

Filesize
296KB

Download
memory/2664-621-0x0000000005890000-0x0000000005922000-memory.dmp

Filesize
584KB

Download
memory/2664-610-0x0000000005740000-0x00000000057F0000-memory.dmp

Filesize
704KB

Download
memory/2664-620-0x0000000006300000-0x00000000068A4000-memory.dmp

Filesize
5.6MB

Download
memory/2664-619-0x0000000005580000-0x000000000559A000-memory.dmp

Filesize
104KB

Download
memory/2664-605-0x0000000005050000-0x000000000505E000-memory.dmp

Filesize
56KB

Download
memory/2664-616-0x0000000005550000-0x000000000555E000-memory.dmp

Filesize
56KB

Download
memory/2664-600-0x00000000054C0000-0x00000000054DC000-memory.dmp

Filesize
112KB

Download
memory/2664-622-0x0000000006ED0000-0x00000000074E8000-memory.dmp

Filesize
6.1MB

Download
memory/2664-618-0x0000000005AA0000-0x0000000005D50000-memory.dmp

Filesize
2.7MB

Download
memory/2664-578-0x00000000054E0000-0x000000000551E000-memory.dmp

Filesize
248KB

Download
memory/2664-582-0x00000000054A0000-0x00000000054B2000-memory.dmp

Filesize
72KB

Download
memory/2664-569-0x0000000005000000-0x000000000502A000-memory.dmp

Filesize
168KB

Download
memory/2664-590-0x0000000005630000-0x000000000568A000-memory.dmp

Filesize
360KB

Download
memory/2664-565-0x0000000000620000-0x00000000006C4000-memory.dmp

Filesize
656KB

Download
memory/2664-594-0x0000000005030000-0x0000000005040000-memory.dmp

Filesize
64KB

Download
memory/2664-624-0x00000000079F0000-0x0000000007A02000-memory.dmp

Filesize
72KB

Download
memory/2664-625-0x000000000A220000-0x000000000A25C000-memory.dmp

Filesize
240KB

Download
memory/2664-626-0x000000000A260000-0x000000000A2AC000-memory.dmp

Filesize
304KB

Download
memory/2664-573-0x0000000004FE0000-0x0000000004FEA000-memory.dmp

Filesize
40KB

Download
memory/2664-628-0x000000000AAA0000-0x000000000AAC8000-memory.dmp

Filesize
160KB

Download
memory/2664-629-0x000000000AB20000-0x000000000AB70000-memory.dmp

Filesize
320KB

Download
memory/2664-617-0x00000000056E0000-0x000000000570A000-memory.dmp

Filesize
168KB

Download