redline | c9ae7d325d8f08613bb8dff54d14591f4fbdd4f289509092b4fbb16c6b855d71

Resubmissions

07-02-2025 18:21

250207-wzas1a1rbs 10

07-02-2025 18:14

250207-wvew6asrbr 10

14-02-2024 18:20

240214-wyrecshf8w 10

Analysis

max time kernel
161s
max time network
127s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250207-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07-02-2025 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Redline.zip
Size

15.0MB
MD5

0f686985e788860aa57fd6c0394b31ac
SHA1

16a28142b90396bdec88b542856afc6a1d61de63
SHA256

c9ae7d325d8f08613bb8dff54d14591f4fbdd4f289509092b4fbb16c6b855d71
SHA512

42547b6a691c89ed58b8aa0bbd4e11b1c4411bd5291c10a8f575d5c2b8418fb2ed59f14a9838db3864468d751b396abbae0bf0389e407dc7c6e0013c47dfa036
SSDEEP

393216:Qo/GNMywpahzUACC3ubztEDnaYSH0DrmLMlvWqYiABvXpyVIqtR5R:Qo/GUCUAJ3uVmaiDr1Wln1ZyV/R5R

Score

10^/10

redline discovery infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2264-3940-0x000000001F170000-0x000000001F18A000-memory.dmp	family_redline

Redline family
redline

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	Panel.exe
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	Panel.exe
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	Panel.exe
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	Panel.exe

Executes dropped EXE 8 IoCs

pid	Process
4840	Panel.exe
2264	Panel.exe
3124	Kurome.Loader.exe
3316	Kurome.Host.exe
4140	Panel.exe
2072	Panel.exe
3052	Panel.exe
1880	Panel.exe

Loads dropped DLL 6 IoCs

pid	Process
3316	Kurome.Host.exe
3316	Kurome.Host.exe
3316	Kurome.Host.exe
3316	Kurome.Host.exe
3316	Kurome.Host.exe
3316	Kurome.Host.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
4140	Panel.exe
4140	Panel.exe
4140	Panel.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll	Kurome.Loader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kurome.Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kurome.Host.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3148	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdate.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
2264	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
2264	Panel.exe
4840	Panel.exe
4840	Panel.exe
4840	Panel.exe
4140	Panel.exe
4140	Panel.exe
4140	Panel.exe
4140	Panel.exe
4140	Panel.exe
4140	Panel.exe
4140	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
4140	Panel.exe
2072	Panel.exe
2072	Panel.exe
4140	Panel.exe
4140	Panel.exe
2072	Panel.exe
2072	Panel.exe
4140	Panel.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5072	7zFM.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeDebugPrivilege	3148	MicrosoftEdgeUpdate.exe
Token: SeRestorePrivilege	5072	7zFM.exe
Token: 35	5072	7zFM.exe
Token: SeSecurityPrivilege	5072	7zFM.exe
Token: SeDebugPrivilege	4840	Panel.exe
Token: SeDebugPrivilege	2264	Panel.exe
Token: 33	2264	Panel.exe
Token: SeIncBasePriorityPrivilege	2264	Panel.exe
Token: 33	2264	Panel.exe
Token: SeIncBasePriorityPrivilege	2264	Panel.exe
Token: 33	2264	Panel.exe
Token: SeIncBasePriorityPrivilege	2264	Panel.exe
Token: 33	2264	Panel.exe
Token: SeIncBasePriorityPrivilege	2264	Panel.exe
Token: SeDebugPrivilege	3124	Kurome.Loader.exe
Token: SeDebugPrivilege	3316	Kurome.Host.exe
Token: SeDebugPrivilege	4140	Panel.exe
Token: SeDebugPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: 33	2072	Panel.exe
Token: SeIncBasePriorityPrivilege	2072	Panel.exe
Token: SeDebugPrivilege	3052	Panel.exe
Token: SeDebugPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe
Token: 33	1880	Panel.exe
Token: SeIncBasePriorityPrivilege	1880	Panel.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5072	7zFM.exe
5072	7zFM.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4840	Panel.exe
2264	Panel.exe
4140	Panel.exe
2072	Panel.exe
3052	Panel.exe
1880	Panel.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2264	4840	Panel.exe	96
PID 4840 wrote to memory of 2264	4840	Panel.exe	96
PID 4140 wrote to memory of 2072	4140	Panel.exe	103
PID 4140 wrote to memory of 2072	4140	Panel.exe	103
PID 2072 wrote to memory of 3052	2072	Panel.exe	105
PID 2072 wrote to memory of 3052	2072	Panel.exe	105
PID 3052 wrote to memory of 1880	3052	Panel.exe	106
PID 3052 wrote to memory of 1880	3052	Panel.exe	106

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Redline.zip
1⤵
PID:4708

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:524

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Redline.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5072

C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe
"C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe
  "C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe" "--monitor"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2264

C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Loader\Kurome.Loader.exe
"C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Loader\Kurome.Loader.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3124

C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Host\Kurome.Host.exe
"C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Host\Kurome.Host.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3316

C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe
"C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe
  "C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe" "--monitor"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe
    "C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe" "auth" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAZ7bee8XGlEGDc9jT3FZn8wAAAAACAAAAAAAQZgAAAAEAACAAAADZjOVChmEkaKzjVmcpwFp6I9bR+g4jzmMDd1XlVGR9RQAAAAAOgAAAAAIAACAAAACHuA4DEJKi69bOFLdBBuLm/08AxTXlMm9M2yRRJsmBmxAAAABOh/pCbct/sfUK9Q9ZxsBxQAAAADJd/xKUQ0nQbG4Q1LdrxDzMShUdVqCxLJgzjyMhWJ9JWRBZNYMOHCDsw+ESpbpuTsTPWeasrd+59stJa7jNeQI=" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAZ7bee8XGlEGDc9jT3FZn8wAAAAACAAAAAAAQZgAAAAEAACAAAACza6RqgJox3aL9j+mPpTxziSK26/M7czYkcDL6X1lm2AAAAAAOgAAAAAIAACAAAACUL//4ICn2gTRVJBCp3ufC3mEZF5yfQj3/ApJ1M1GI5RAAAADXzYPDSfXffnRfPLIxHts+QAAAAMiT5luCKXJtNvFSLthefFuYoDvexuTHq0K2n3fpsaWHyguwrG0RL8tQ3rkY2b9m0jfP82/RKwHJfvdQpO3WZZo="
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe
      "C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe" "auth" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAZ7bee8XGlEGDc9jT3FZn8wAAAAACAAAAAAAQZgAAAAEAACAAAADZjOVChmEkaKzjVmcpwFp6I9bR+g4jzmMDd1XlVGR9RQAAAAAOgAAAAAIAACAAAACHuA4DEJKi69bOFLdBBuLm/08AxTXlMm9M2yRRJsmBmxAAAABOh/pCbct/sfUK9Q9ZxsBxQAAAADJd/xKUQ0nQbG4Q1LdrxDzMShUdVqCxLJgzjyMhWJ9JWRBZNYMOHCDsw+ESpbpuTsTPWeasrd+59stJa7jNeQI=" "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAZ7bee8XGlEGDc9jT3FZn8wAAAAACAAAAAAAQZgAAAAEAACAAAACza6RqgJox3aL9j+mPpTxziSK26/M7czYkcDL6X1lm2AAAAAAOgAAAAAIAACAAAACUL//4ICn2gTRVJBCp3ufC3mEZF5yfQj3/ApJ1M1GI5RAAAADXzYPDSfXffnRfPLIxHts+QAAAAMiT5luCKXJtNvFSLthefFuYoDvexuTHq0K2n3fpsaWHyguwrG0RL8tQ3rkY2b9m0jfP82/RKwHJfvdQpO3WZZo=" "--monitor"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1880

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\FAQ.txt
1⤵
PID:1784

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\ReadMe.txt
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Panel.exe.log

Filesize
1KB

MD5
c7dcb30ed4eb7550bb199afde6fb7fdf

SHA1
c4751cd4aec40ad08fd77e3d9bab6ccc6875be39

SHA256
145d687bd476f553e0adb8e849691e66ede89156016416dcf25b63a1f7bae039

SHA512
d3ab35cdd96b53691f05e2294a8b329eca5478c4d579102bdd9eecef6da34cf06cc58b1353b43a111f1fb6eb3a6b812312d6b69cb77a47e829c589684bbc9bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE0D3A0718\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Host\Drcrypter Forums.url

Filesize
177B

MD5
e81dc42ebc1188a370b40f571385e84e

SHA1
d416a5e3656d9e416836d549f6bb05f2a2520736

SHA256
bddb7ba8d41206c00df0a92735d4dd89b38e3e4358f4d5a5fc6ea94eb2a2da7e

SHA512
c66723b469aa66deca17a761540fb675b824627beb6c67be0c54ae96017e4364ec1c944cc7bb0c64a40ad9a2077e108eeef82242c8798705abb45882fd3f8b82

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Host\Kurome.Host.exe

Filesize
119KB

MD5
4fde0f80c408af27a8d3ddeffea12251

SHA1
e834291127af150ce287443c5ea607a7ae337484

SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb

SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Host\Kurome.Host.exe.config

Filesize
189B

MD5
5a7f52d69e6fca128023469ae760c6d5

SHA1
9d7f75734a533615042f510934402c035ac492f7

SHA256
498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0

SHA512
4dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Host\Kurome.WCF.dll

Filesize
123KB

MD5
e3d39e30e0cdb76a939905da91fe72c8

SHA1
433fc7dc929380625c8a6077d3a697e22db8ed14

SHA256
4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

SHA512
9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Loader\Kurome.Loader.exe

Filesize
2.2MB

MD5
a3ec05d5872f45528bbd05aeecf0a4ba

SHA1
68486279c63457b0579d86cd44dd65279f22d36f

SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Kurome.Loader\Kurome.Loader.exe.config

Filesize
186B

MD5
9070d769fd43fb9def7e9954fba4c033

SHA1
de4699cdf9ad03aef060470c856f44d3faa7ea7f

SHA256
cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b

SHA512
170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\FAQ.txt

Filesize
19KB

MD5
53fc20e1e68a5619f7ff2df8e99d42c4

SHA1
7a8ddc81d16aaab533411810acfad1546c30dc2f

SHA256
fc7ceb47aa8796614f098406452ea67cb58929ded1d4c6bd944d4d34921bba0b

SHA512
c1ad4f2dfd50528d613e9fe3f55da0bbb5c8442b459d9c3c989b75014c827306f72f2eb6ecbcd92ff11546e12087c09685b12a7dc258c5ea85c15ba5cc002d8c

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe

Filesize
9.3MB

MD5
f4e19b67ef27af1434151a512860574e

SHA1
56304fc2729974124341e697f3b21c84a8dd242a

SHA256
c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a

SHA512
a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\Panel.exe.config

Filesize
26KB

MD5
494890d393a5a8c54771186a87b0265e

SHA1
162fa5909c1c3f84d34bda5d3370a957fe58c9c8

SHA256
f2a5a06359713226aeacfe239eeb8ae8606f4588d8e58a19947c3a190efbdfc7

SHA512
40fbd033f288fee074fc36e899796efb30d3c582784b834fc583706f19a0b8d5a134c6d1405afe563d2676072e4eefc4e169b2087867cab77a3fa1aa1a7c9395

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\serviceSettings.json

Filesize
73B

MD5
73b79de9d46049e7822bbdff3d40774b

SHA1
c833914b3b8a1e642b6dd158f4db1f6a0bd1bf2f

SHA256
1fed3ac4c3057dc39c94e8ed896154a1280d071f1c0a256028992cce8d783436

SHA512
abecac06f4dc011afd307115a3ca5df015b925520d0efed3e3ccef2c600a53b9a82f4bbe3f70e27d6a43e9ad97668d6a4ffae619099a9dc1af4281b2ffff6800

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\Panel\RedLine_20_2\Panel\telegramChatsSettings.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\Desktop\Redline-Botnet-_ed--drcrypter.ru-\Redline Botnet Cracked [drcrypter.ru]\ReadMe.txt

Filesize
15B

MD5
e78931b35c504b515c77a7bb2712931d

SHA1
c2950f1a9d128291b7d64059093e381a5861c1c5

SHA256
521115e504205d1d2e4d20d5408a09be97d295208bd1cfea79fcade0750171e2

SHA512
91c246828d0f9c03bb150107236b628b54f8aa046c89e0fcf08c3f18e5a6b9c74bc5d79703cf1c63a4a288b6d7086b054e5e2a92b1f0943620a27e1546c537c9

Download Submit
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

Filesize
3.4MB

MD5
059d51f43f1a774bc5aa76d19c614670

SHA1
171329bf0f48190cf4d59ce106b139e63507457d

SHA256
2eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d

SHA512
a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7

Download Submit
memory/1880-12085-0x0000000024FA0000-0x0000000024FEF000-memory.dmp

Filesize
316KB

Download
memory/2072-8082-0x00000000267C0000-0x0000000026B2C000-memory.dmp

Filesize
3.4MB

Download
memory/2072-7980-0x0000000020210000-0x0000000020828000-memory.dmp

Filesize
6.1MB

Download
memory/2072-7983-0x00000000201D0000-0x00000000201E2000-memory.dmp

Filesize
72KB

Download
memory/2072-7965-0x000000001FCC0000-0x000000001FF46000-memory.dmp

Filesize
2.5MB

Download
memory/2072-7964-0x000000001FC50000-0x000000001FCB6000-memory.dmp

Filesize
408KB

Download
memory/2072-7982-0x0000000020930000-0x000000002096C000-memory.dmp

Filesize
240KB

Download
memory/2072-7981-0x0000000020830000-0x0000000020930000-memory.dmp

Filesize
1024KB

Download
memory/2072-8077-0x0000000022830000-0x00000000228CC000-memory.dmp

Filesize
624KB

Download
memory/2072-8078-0x0000000022900000-0x000000002294F000-memory.dmp

Filesize
316KB

Download
memory/2072-8079-0x0000000025A70000-0x0000000025B7A000-memory.dmp

Filesize
1.0MB

Download
memory/2072-8080-0x0000000022980000-0x00000000229B0000-memory.dmp

Filesize
192KB

Download
memory/2072-8081-0x0000000024EF0000-0x0000000024F12000-memory.dmp

Filesize
136KB

Download
memory/2072-8103-0x0000000024F40000-0x0000000024F58000-memory.dmp

Filesize
96KB

Download
memory/2264-3970-0x000000001F420000-0x000000001F45A000-memory.dmp

Filesize
232KB

Download
memory/2264-3940-0x000000001F170000-0x000000001F18A000-memory.dmp

Filesize
104KB

Download
memory/2264-4033-0x00000000235B0000-0x00000000235FA000-memory.dmp

Filesize
296KB

Download
memory/2264-4019-0x0000000020440000-0x00000000204B4000-memory.dmp

Filesize
464KB

Download
memory/2264-4034-0x00000000212E0000-0x0000000021330000-memory.dmp

Filesize
320KB

Download
memory/2264-3985-0x000000001F510000-0x000000001F5C0000-memory.dmp

Filesize
704KB

Download
memory/2264-3956-0x000000001F1C0000-0x000000001F1D2000-memory.dmp

Filesize
72KB

Download
memory/3124-4062-0x0000000000D60000-0x0000000000F96000-memory.dmp

Filesize
2.2MB

Download
memory/3124-4077-0x0000000007F30000-0x0000000008540000-memory.dmp

Filesize
6.1MB

Download
memory/3316-4094-0x0000000005040000-0x0000000005066000-memory.dmp

Filesize
152KB

Download
memory/3316-4096-0x0000000005130000-0x0000000005142000-memory.dmp

Filesize
72KB

Download
memory/3316-4083-0x0000000000780000-0x00000000007A4000-memory.dmp

Filesize
144KB

Download
memory/3316-4090-0x0000000005670000-0x00000000057EC000-memory.dmp

Filesize
1.5MB

Download
memory/3316-4105-0x0000000006640000-0x0000000006740000-memory.dmp

Filesize
1024KB

Download
memory/3316-4106-0x0000000006550000-0x0000000006580000-memory.dmp

Filesize
192KB

Download
memory/3316-4095-0x0000000005E10000-0x0000000006428000-memory.dmp

Filesize
6.1MB

Download
memory/3316-4089-0x0000000005300000-0x0000000005662000-memory.dmp

Filesize
3.4MB

Download
memory/3316-4097-0x00000000051D0000-0x000000000520C000-memory.dmp

Filesize
240KB

Download
memory/3316-4098-0x0000000005280000-0x00000000052E6000-memory.dmp

Filesize
408KB

Download
memory/3316-4099-0x0000000005A80000-0x0000000005D06000-memory.dmp

Filesize
2.5MB

Download
memory/3316-4100-0x00000000058F0000-0x000000000593C000-memory.dmp

Filesize
304KB

Download
memory/3316-4101-0x0000000005D10000-0x0000000005DDE000-memory.dmp

Filesize
824KB

Download
memory/3316-4102-0x0000000006430000-0x000000000653A000-memory.dmp

Filesize
1.0MB

Download
memory/3316-4103-0x00000000059A0000-0x00000000059C8000-memory.dmp

Filesize
160KB

Download
memory/3316-4104-0x0000000005A20000-0x0000000005A70000-memory.dmp

Filesize
320KB

Download
memory/4140-4177-0x000000001F0F0000-0x000000001F182000-memory.dmp

Filesize
584KB

Download
memory/4140-4208-0x000000001F3B0000-0x000000001F52C000-memory.dmp

Filesize
1.5MB

Download
memory/4140-4175-0x000000001E5D0000-0x000000001E932000-memory.dmp

Filesize
3.4MB

Download
memory/4140-4176-0x000000001E940000-0x000000001EEE6000-memory.dmp

Filesize
5.6MB

Download
memory/4840-99-0x000000001DB40000-0x000000001DC82000-memory.dmp

Filesize
1.3MB

Download
memory/4840-111-0x000000001DF10000-0x000000001E052000-memory.dmp

Filesize
1.3MB

Download
memory/4840-130-0x000000001E420000-0x000000001E42A000-memory.dmp

Filesize
40KB

Download
memory/4840-138-0x000000001E430000-0x000000001E43A000-memory.dmp

Filesize
40KB

Download
memory/4840-128-0x000000001E420000-0x000000001E42A000-memory.dmp

Filesize
40KB

Download
memory/4840-125-0x000000001E420000-0x000000001E42A000-memory.dmp

Filesize
40KB

Download
memory/4840-126-0x000000001E420000-0x000000001E42A000-memory.dmp

Filesize
40KB

Download
memory/4840-164-0x000000001EAD0000-0x000000001EAEC000-memory.dmp

Filesize
112KB

Download
memory/4840-100-0x000000001DB40000-0x000000001DC82000-memory.dmp

Filesize
1.3MB

Download
memory/4840-139-0x00007FFFFDA90000-0x00007FFFFDBDF000-memory.dmp

Filesize
1.3MB

Download
memory/4840-104-0x000000001DB40000-0x000000001DC82000-memory.dmp

Filesize
1.3MB

Download
memory/4840-88-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/4840-89-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/4840-91-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/4840-93-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/4840-95-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/4840-78-0x000000001AD70000-0x000000001AF10000-memory.dmp

Filesize
1.6MB

Download
memory/4840-79-0x000000001AD70000-0x000000001AF10000-memory.dmp

Filesize
1.6MB

Download
memory/4840-77-0x000000001AD70000-0x000000001AF10000-memory.dmp

Filesize
1.6MB

Download
memory/4840-75-0x00007FFFFF1E0000-0x00007FFFFFCA2000-memory.dmp

Filesize
10.8MB

Download