zloader | hxxps://krnl[.]dev/

Analysis

max time kernel
596s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2022 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://krnl.dev/

Score

10^/10

zloader botnet trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader
Downloads MZ/PE file
Executes dropped EXE 9 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeKrnlUI.exekrnl_bootstrapper.exe7za.exe7za.exe7za.exekrnlss.exe

pid process

4316 krnl_beta.exe
3740 7za.exe
4812 7za.exe
2624 KrnlUI.exe
4564 krnl_bootstrapper.exe
1812 7za.exe
2508 7za.exe
2448 7za.exe
3404 krnlss.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_beta.exekrnl_bootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	krnl_bootstrapper.exe

Loads dropped DLL 28 IoCs

Processes:

krnl_beta.exekrnl_bootstrapper.exekrnlss.exe

pid	process
4316	krnl_beta.exe
4316	krnl_beta.exe
4564	krnl_bootstrapper.exe
4564	krnl_bootstrapper.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe
3404	krnlss.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1128 2624 WerFault.exe KrnlUI.exe

pid	pid_target	process	target process
1128	2624	WerFault.exe	KrnlUI.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 467899b2bcaed801	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2097"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400fe6441fc3d801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d912000000000020000000000106600000001000020000000f56f217ada735b8c03b514d07536a42380b976c88fc3eab75e1715ed151a5df1000000000e8000000002000020000000f62592ca3292778ffc54aded0da3a6d71bac25b9d79eee4318cf29d401fd8dba200000006d4fe8ffe578ee0c825b75967c0198762bb015a74b43f50da46a2cc08056892b40000000b7e00121c3b6963599a7f61b4abd6ea71008c8dd67c802ec755e070a9a52609cced240b65ecf7f8a01a8feb572d3059516e231fb2d9ecdc1a65f7bc80840f6de	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "46"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\pastebin.com\ = "13910"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\krnl.dev	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\News Feed First Run Experience = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d9120000000000200000000001066000000010000200000003c5df551a57e0cc2b327409fe8fe8b3c3e63d6bc71293cecf49b130a0955c0a7000000000e800000000200002000000000904ef6e0c01020411d8e140735a08117a52b598c721d7efa1259e754fe969820000000cd529c5d00c39caa20577473cd3f4b26214a2934faf647617af3daafc62735b740000000f247e3ba81ad45adf1181184e7489a985379c0ee1923e4c0f3d4c080496c3c8bc5d2953c72acbe4b51320d40212d6b19333819f424d002b0720882b1a7fb744b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "16285"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\krnl.dev	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369363937"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "170"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3290938695"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d91200000000002000000000010660000000100002000000040a9c014127a404eec07bc9a624ecbcc42352ca2d4e14b09875eb964459a2e9f000000000e8000000002000020000000e7a55c298951ca8beec40a8497dce3594e31f2cf5dd35cb4866dad5c7941a1f620000000173eea9f3c03a3adea151454d2b858cf99f45e19ff17e4c3b9de0deeddafc65840000000f3488e54368de73fd1a5073aa5e04b321e7b05703e79c681c2f9f298ba8a5c445553610b48b42306362ebccbef462b08f889704d52e10e7a21e76c64f811356a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "32"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\krnl.dev\ = "54"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "46"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "16221"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\krnl.dev\Total = "86"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30982942"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e6c2cb1fc3d801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "43"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yahoo.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\tag.idsync.analytics.yahoo.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "16"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d9120000000000200000000001066000000010000200000006ffd4e97bf91dd690860f86ea2020683a9543a8a27b1c715c8a2af110d7444b8000000000e8000000002000020000000ba2f8fe473fa9e8db6953f41455de7997aacbb270bb555837c4086d676c35dc320000000dfed79c921b7e71f25ae188092ab3fce6f82f2c0838e97a719901455430f65464000000054ed2e452fa1a17410cc5e8440f01f85b09dadd26dd22f9f780cbe2934bcfff765ebea8557553b49f4e45dc284a8d706ccc87a71724a6cf6c170d20cfa4d4e9c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EFAAEB64-2F11-11ED-AECB-F639923F7CA1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\krnl.dev\Total = "138"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20eff5ca1ec3d801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "147"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30982942"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a1dfde1fc3d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000883ed98174fc174d8e18111dae0d9120000000000200000000001066000000010000200000004b6dfb25ecfaf14dc452432fb68f6da293a33c4aecb0401ab00faf1f7bc5bb02000000000e8000000002000020000000616b3a874e049fdb9e7c5602f3717fb5bb6bc931702e38a55549570191a5c0b520000000d9999744ac80292251340ddde609f829971a5aa77c7f359f4eb5eaa236f88ad340000000ab83e9d3c29f46f8d1359081e44db7f84af5497557cdbd22a67111c0f235e8a9dc79b40e869d0346a1f919e8bc4d4d11673bf74d7cca764678065d93f4a68530	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "202"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2070"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{E7A022D1-400C-4DCA-A1BA-03133BE4CD7A}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "184"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "181"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "29"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\krnl.dev\Total = "29"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE

Modifies registry class 4 IoCs

Processes:

krnl_bootstrapper.exeIEXPLORE.EXEmsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	krnl_bootstrapper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2891029575-1462575-1165213807-1000\{C449A76A-A097-4567-81DF-3839A96CB075}	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2891029575-1462575-1165213807-1000\{542FE08B-9610-43BC-AB79-5833895184EC}	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

krnl_bootstrapper.exekrnlss.exeiexplore.exemsedge.exemsedge.exe

pid	process
4564	krnl_bootstrapper.exe
4564	krnl_bootstrapper.exe
4564	krnl_bootstrapper.exe
3404	krnlss.exe
4656	iexplore.exe
4656	iexplore.exe
732	msedge.exe
732	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

4656 iexplore.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

Processes:

krnl_beta.exe7za.exe7za.exekrnl_bootstrapper.exe7za.exe7za.exekrnlss.exeIEXPLORE.EXEAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4316	krnl_beta.exe
Token: SeRestorePrivilege	3740	7za.exe
Token: 35	3740	7za.exe
Token: SeSecurityPrivilege	3740	7za.exe
Token: SeSecurityPrivilege	3740	7za.exe
Token: SeRestorePrivilege	4812	7za.exe
Token: 35	4812	7za.exe
Token: SeSecurityPrivilege	4812	7za.exe
Token: SeSecurityPrivilege	4812	7za.exe
Token: SeDebugPrivilege	4564	krnl_bootstrapper.exe
Token: SeRestorePrivilege	1812	7za.exe
Token: 35	1812	7za.exe
Token: SeSecurityPrivilege	1812	7za.exe
Token: SeSecurityPrivilege	1812	7za.exe
Token: SeRestorePrivilege	2508	7za.exe
Token: 35	2508	7za.exe
Token: SeSecurityPrivilege	2508	7za.exe
Token: SeSecurityPrivilege	2508	7za.exe
Token: SeDebugPrivilege	3404	krnlss.exe
Token: SeShutdownPrivilege	5080	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	5080	IEXPLORE.EXE
Token: SeShutdownPrivilege	5080	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	5080	IEXPLORE.EXE
Token: 33	2928	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2928	AUDIODG.EXE
Token: SeShutdownPrivilege	5080	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	5080	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

iexplore.exemsedge.exe

pid process

4656 iexplore.exe
4656 iexplore.exe
4656 iexplore.exe
1308 msedge.exe

Suspicious use of SetWindowsHookEx 30 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
4656	iexplore.exe
4656	iexplore.exe
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
4436	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE
5080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exekrnl_beta.exekrnl_bootstrapper.exemsedge.exe

description	pid	process	target process
PID 4656 wrote to memory of 4436	4656	iexplore.exe	IEXPLORE.EXE
PID 4656 wrote to memory of 4436	4656	iexplore.exe	IEXPLORE.EXE
PID 4656 wrote to memory of 4436	4656	iexplore.exe	IEXPLORE.EXE
PID 4656 wrote to memory of 4316	4656	iexplore.exe	krnl_beta.exe
PID 4656 wrote to memory of 4316	4656	iexplore.exe	krnl_beta.exe
PID 4656 wrote to memory of 4316	4656	iexplore.exe	krnl_beta.exe
PID 4316 wrote to memory of 3740	4316	krnl_beta.exe	7za.exe
PID 4316 wrote to memory of 3740	4316	krnl_beta.exe	7za.exe
PID 4316 wrote to memory of 3740	4316	krnl_beta.exe	7za.exe
PID 4316 wrote to memory of 4812	4316	krnl_beta.exe	7za.exe
PID 4316 wrote to memory of 4812	4316	krnl_beta.exe	7za.exe
PID 4316 wrote to memory of 4812	4316	krnl_beta.exe	7za.exe
PID 4316 wrote to memory of 2624	4316	krnl_beta.exe	KrnlUI.exe
PID 4316 wrote to memory of 2624	4316	krnl_beta.exe	KrnlUI.exe
PID 4316 wrote to memory of 2624	4316	krnl_beta.exe	KrnlUI.exe
PID 4656 wrote to memory of 4564	4656	iexplore.exe	krnl_bootstrapper.exe
PID 4656 wrote to memory of 4564	4656	iexplore.exe	krnl_bootstrapper.exe
PID 4656 wrote to memory of 4564	4656	iexplore.exe	krnl_bootstrapper.exe
PID 4564 wrote to memory of 1812	4564	krnl_bootstrapper.exe	7za.exe
PID 4564 wrote to memory of 1812	4564	krnl_bootstrapper.exe	7za.exe
PID 4564 wrote to memory of 1812	4564	krnl_bootstrapper.exe	7za.exe
PID 4564 wrote to memory of 2508	4564	krnl_bootstrapper.exe	7za.exe
PID 4564 wrote to memory of 2508	4564	krnl_bootstrapper.exe	7za.exe
PID 4564 wrote to memory of 2508	4564	krnl_bootstrapper.exe	7za.exe
PID 4564 wrote to memory of 3404	4564	krnl_bootstrapper.exe	krnlss.exe
PID 4564 wrote to memory of 3404	4564	krnl_bootstrapper.exe	krnlss.exe
PID 4564 wrote to memory of 3404	4564	krnl_bootstrapper.exe	krnlss.exe
PID 4656 wrote to memory of 5080	4656	iexplore.exe	IEXPLORE.EXE
PID 4656 wrote to memory of 5080	4656	iexplore.exe	IEXPLORE.EXE
PID 4656 wrote to memory of 5080	4656	iexplore.exe	IEXPLORE.EXE
PID 1308 wrote to memory of 3180	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 3180	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe
PID 1308 wrote to memory of 4128	1308	msedge.exe	msedge.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://krnl.dev/
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4656

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4656 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4436

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8YLPV06K\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8YLPV06K\krnl_beta.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4316

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3740

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4812

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Executes dropped EXE
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 1084
4⤵
- Program crash
PID:1128

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TQFWGWHN\krnl_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TQFWGWHN\krnl_bootstrapper.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4564

C:\Users\Admin\Desktop\krnl\7za.exe
"C:\Users\Admin\Desktop\krnl\7za.exe" x "C:\Users\Admin\Desktop\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Desktop\krnl\bin" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1812

C:\Users\Admin\Desktop\krnl\7za.exe
"C:\Users\Admin\Desktop\krnl\7za.exe" x "C:\Users\Admin\Desktop\krnl\bin\src.7z" -o"C:\Users\Admin\Desktop\krnl\bin" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2508

C:\Users\Admin\Desktop\krnl\krnlss.exe
"C:\Users\Admin\Desktop\krnl\krnlss.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3404

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4656 CREDAT:17422 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2624 -ip 2624
1⤵
PID:2036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x554 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1364

C:\Users\Admin\Desktop\krnl\7za.exe
"C:\Users\Admin\Desktop\krnl\7za.exe"
1⤵
- Executes dropped EXE
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta9631917h1e89h44d2h9840haa2b4f9da41e
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xc0,0x128,0x7ffa67dd46f8,0x7ffa67dd4708,0x7ffa67dd4718
2⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12782749536324163373,647934203968068725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12782749536324163373,647934203968068725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12782749536324163373,647934203968068725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8
2⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault01fc4b51h0961h43afh9375he8c3b54da06e
1⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa67dd46f8,0x7ffa67dd4708,0x7ffa67dd4718
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12293278152516963829,5210305442890928276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12293278152516963829,5210305442890928276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,12293278152516963829,5210305442890928276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
2⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_4DBBCB40FA282C06F1543D887F4F4DCC
Filesize
719B

MD5
f76e649e62b03dccdb07cb6a88ce999a

SHA1
a1f71b134569754c9fd7b04b4e2d4ea0dbd0fffb

SHA256
6c75a63976cac351689026ff585406b240c766007a89c649ccaf88a6fdeecbae

SHA512
511f9755521acc2218ec1ac2a058afa04856d16b12b5025e9f3df0e2235e68531923b2ef6857a5991624a6a0a3e39689e77b1f0e7f0a2e0b4ce11f81039ec9bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E
Filesize
1KB

MD5
42832f08d6807fed8070aa1a6961021a

SHA1
6e4db83203a4e6ded735989f757fca9f25f0731c

SHA256
48903d69128cdbac90b510cb5f9ad621a295f23df4f8e4c43032e91f5b4bca1e

SHA512
0150f8c574ecba81861c139c9a2379b7f7089ea470ee0323eed78f4ab85286313915e676d9cbf2e22438e95c5f8bc84b7f92b6a42b7b61168d3f4715dc5e080c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D682FDDA10064185EC8111DC39DBA8EC
Filesize
9KB

MD5
6382851caf9050582d40e88c2814a52d

SHA1
47cd9dc4e775cb6861cea0e40727551b6c90650b

SHA256
b5a6bb6aa4612a01295beb2851f8a940f639401074b183f19cc58bc4d36b7018

SHA512
cb3b8a915f0327d7953d09d1e9d70201305609e4e4c1f59416d7efb8ff57fef23e346081a22ad3747a9238254e491c67c0ff9095d1b5850fd65747d49dd35d33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\54C62B182F5BF07FA8427C07B0A3AAF8_4DBBCB40FA282C06F1543D887F4F4DCC
Filesize
446B

MD5
15ea40d9db648d8349966094f71f9629

SHA1
62307a6fd2240d2500c6f0f32f16eac55a598fd1

SHA256
3e37f103eee51408dc12054255ebbb68739eb3c0ab16dbc16aeb48272f0aaefa

SHA512
bdd6fa25a2fbaca61adff57d451e96df561a213b13e529f155ad05c0ffafc113e4175cfc532d22d080fae8ff2dd1ef6f2eb9616f1c49037406afc4f439bff890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E
Filesize
406B

MD5
506610d334d88f1c436ce8185671fb38

SHA1
bba00839a55bc08ee9f0f29cf8c268b7a8114461

SHA256
1ee4ac9875d0b01b6c60c2af587bb4c007d8337f0d1b44b46c06c121f46e2adc

SHA512
31b81ed76033b412ca37af0994e6fb6a962ece2e9cc152e9c5ce0afb935ddcb6f4280546223b60f391e14202b676a54235d7346b2dca70dbff8692746a81b9ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D682FDDA10064185EC8111DC39DBA8EC
Filesize
308B

MD5
9c53281c44199215c167876ba3779c42

SHA1
63a008a03b1823cbe02c4be53451ee66be87af0e

SHA256
747d6842ab70a0c47dd8f3fb12871198c28a8911bfb1e494bd3836791519151a

SHA512
c46eef0c1afa1d79ca45a70f6a88c4b62434514fb4a05adb2b26df94faaa5a517a1df08af9d065e88dc4ac11c21ace879ecf4792f8584946120bd2266b8cbfcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
Filesize
753B

MD5
aeb6274378f900132bc2c1bc2bb64c20

SHA1
b1d785ff9dbf82730440d3455b7d91b0c663496c

SHA256
f23cf63e0613e694ba73b7dced549ee4994f75bfdb33822993527f5e5ea2f0fb

SHA512
9c52e562d9b33a860923a4542ebbd638b32daced06cd054c32a5b3ab7e9ba03490cd85e52dc340e370b4d4a6eba3a31c6a43bff7b16bc803b2aee2461b8c3eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8YLPV06K\krnl_beta.exe
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8YLPV06K\krnl_beta.exe.i7vy832.partial
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TQFWGWHN\krnl_bootstrapper.exe
Filesize
1.2MB

MD5
2951fb49a959fc6c17d26dd7021f9c33

SHA1
12589ab1be591fa85f1155c7a1f4566f4a21e894

SHA256
eb43564c3b820bbf62976e04f8bdf8c8d893c18d6cda3133fbea1d8b1f978f5a

SHA512
0835f0b7b85d7a449244d074622a4d0a5f0bdac5db7689654be31e6b403a789d733ed154947eb20f350b002745e40a31ab2676f8b2eb74f0ca3688ebafb0ee8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TQFWGWHN\krnl_bootstrapper.exe.yfr5x99.partial
Filesize
1.2MB

MD5
2951fb49a959fc6c17d26dd7021f9c33

SHA1
12589ab1be591fa85f1155c7a1f4566f4a21e894

SHA256
eb43564c3b820bbf62976e04f8bdf8c8d893c18d6cda3133fbea1d8b1f978f5a

SHA512
0835f0b7b85d7a449244d074622a4d0a5f0bdac5db7689654be31e6b403a789d733ed154947eb20f350b002745e40a31ab2676f8b2eb74f0ca3688ebafb0ee8e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
50aeeb9eddf325aa320b1a4d7fb8d8aa

SHA1
3920b90a420543cebb8b41c1bfae36aac2049040

SHA256
52fe0ab835173095183c93ce79ac268c9b314ce786c94c117ce7d4d4fe7df752

SHA512
e4c6ab57b6089373df67eb4b680b81ec0cc02e69690194dc6723b9e0dda697d5ff7a40b7789a763008833fcca63d7b0061062c81de63d58d2ebf1bea980a40d3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
50aeeb9eddf325aa320b1a4d7fb8d8aa

SHA1
3920b90a420543cebb8b41c1bfae36aac2049040

SHA256
52fe0ab835173095183c93ce79ac268c9b314ce786c94c117ce7d4d4fe7df752

SHA512
e4c6ab57b6089373df67eb4b680b81ec0cc02e69690194dc6723b9e0dda697d5ff7a40b7789a763008833fcca63d7b0061062c81de63d58d2ebf1bea980a40d3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
310B

MD5
28a4d95efb8345d745b1595570b2ad36

SHA1
0969995472e742654709481a47e9a97b1580fe5e

SHA256
9a21d8cbba70cb22678b551bff55f7988cb2b8074cac3a574ce7b91623337ff7

SHA512
de988d642890c80ff579913be53e0e6e83bb96968c47c5d732e29d1717b3ab9654dd30e1a3dd046675d487e9a290dc44a401dd9a42d6e3c4d806da5fbb7b9250

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.pdb
Filesize
205KB

MD5
d7a3411ec8f07bf94193c54e92b65fec

SHA1
e1d77b5f26d69b7a7e1d16bb2ba29e98b616e836

SHA256
67cbc9327466cad79bddc26cad705d54df8fc69644bcfd5a95c6dfdf1e88eabd

SHA512
ed7b6a646033cddd5decc84212b6d9290499cc83edeec9302cc8d691da49d39d6e30ba243d7e52be2e89e520b9572f15d522533008ffa17d3e978e1575126123

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
c9227844eadc01a5de3856b9ce9437c0

SHA1
e20a363d947eb702bd7d231e457e0113e2bb00cc

SHA256
f69ea8d7148c0ea755acc98dce8a4adb73fc56080dc3cb19fd92c5b8cc24e0fb

SHA512
e26e57593d9a4e923deb02f3c28693730f07ee3ded5e85f6142d1c3db82f2307bb71576cf8b6fe554034f988ea130f79097d2d18d16e87c16ad38188bd83a37c

Download Submit
C:\Users\Admin\Desktop\krnl\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\Desktop\krnl\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\Desktop\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Desktop\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Desktop\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Desktop\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Desktop\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Desktop\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Desktop\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Desktop\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Desktop\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Desktop\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Desktop\krnl\bin\Monaco.zip
Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src.7z
Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Desktop\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Desktop\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Desktop\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Desktop\krnl\krnlss.exe.config
Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
memory/732-267-0x0000000000000000-mapping.dmp

Download
memory/1812-162-0x0000000000000000-mapping.dmp

Download
memory/2296-269-0x0000000000000000-mapping.dmp

Download
memory/2436-270-0x0000000000000000-mapping.dmp

Download
memory/2508-166-0x0000000000000000-mapping.dmp

Download
memory/2624-154-0x00000000009D0000-0x0000000000AEE000-memory.dmp

Filesize
1.1MB

Download
memory/2624-151-0x0000000000000000-mapping.dmp

Download
memory/3180-264-0x0000000000000000-mapping.dmp

Download
memory/3404-202-0x00000000082A0000-0x000000000876C000-memory.dmp

Filesize
4.8MB

Download
memory/3404-237-0x00000000095F0000-0x000000000963A000-memory.dmp

Filesize
296KB

Download
memory/3404-206-0x00000000077E0000-0x0000000007800000-memory.dmp

Filesize
128KB

Download
memory/3404-207-0x0000000007DD0000-0x0000000007E02000-memory.dmp

Filesize
200KB

Download
memory/3404-209-0x0000000007840000-0x000000000785A000-memory.dmp

Filesize
104KB

Download
memory/3404-208-0x0000000007870000-0x0000000007892000-memory.dmp

Filesize
136KB

Download
memory/3404-210-0x0000000007EE0000-0x0000000007FAE000-memory.dmp

Filesize
824KB

Download
memory/3404-211-0x0000000007E60000-0x0000000007EA4000-memory.dmp

Filesize
272KB

Download
memory/3404-212-0x00000000080B0000-0x00000000080CA000-memory.dmp

Filesize
104KB

Download
memory/3404-213-0x0000000008770000-0x0000000008892000-memory.dmp

Filesize
1.1MB

Download
memory/3404-214-0x0000000008130000-0x0000000008190000-memory.dmp

Filesize
384KB

Download
memory/3404-215-0x00000000080D0000-0x00000000080F4000-memory.dmp

Filesize
144KB

Download
memory/3404-216-0x00000000081E0000-0x0000000008224000-memory.dmp

Filesize
272KB

Download
memory/3404-217-0x0000000008100000-0x000000000812A000-memory.dmp

Filesize
168KB

Download
memory/3404-218-0x0000000008230000-0x0000000008262000-memory.dmp

Filesize
200KB

Download
memory/3404-219-0x0000000008930000-0x00000000089BC000-memory.dmp

Filesize
560KB

Download
memory/3404-220-0x0000000008B40000-0x0000000008CB6000-memory.dmp

Filesize
1.5MB

Download
memory/3404-221-0x0000000008F90000-0x000000000902C000-memory.dmp

Filesize
624KB

Download
memory/3404-222-0x00000000091C0000-0x0000000009346000-memory.dmp

Filesize
1.5MB

Download
memory/3404-223-0x00000000089C0000-0x0000000008A26000-memory.dmp

Filesize
408KB

Download
memory/3404-224-0x00000000090F0000-0x00000000091AA000-memory.dmp

Filesize
744KB

Download
memory/3404-225-0x00000000088D0000-0x00000000088F2000-memory.dmp

Filesize
136KB

Download
memory/3404-226-0x0000000008290000-0x000000000829C000-memory.dmp

Filesize
48KB

Download
memory/3404-204-0x00000000077C0000-0x00000000077E0000-memory.dmp

Filesize
128KB

Download
memory/3404-203-0x0000000007790000-0x000000000779A000-memory.dmp

Filesize
40KB

Download
memory/3404-201-0x00000000076D0000-0x00000000076EC000-memory.dmp

Filesize
112KB

Download
memory/3404-200-0x0000000006D30000-0x0000000006D4E000-memory.dmp

Filesize
120KB

Download
memory/3404-199-0x0000000006D00000-0x0000000006D22000-memory.dmp

Filesize
136KB

Download
memory/3404-198-0x00000000078A0000-0x0000000007DCC000-memory.dmp

Filesize
5.2MB

Download
memory/3404-197-0x0000000006C70000-0x0000000006CC6000-memory.dmp

Filesize
344KB

Download
memory/3404-196-0x0000000006C30000-0x0000000006C6C000-memory.dmp

Filesize
240KB

Download
memory/3404-195-0x0000000006BC0000-0x0000000006C26000-memory.dmp

Filesize
408KB

Download
memory/3404-194-0x00000000069D0000-0x0000000006A20000-memory.dmp

Filesize
320KB

Download
memory/3404-205-0x0000000007810000-0x0000000007832000-memory.dmp

Filesize
136KB

Download
memory/3404-241-0x0000000008B30000-0x0000000008B3E000-memory.dmp

Filesize
56KB

Download
memory/3404-247-0x00000000091B0000-0x00000000091BE000-memory.dmp

Filesize
56KB

Download
memory/3404-193-0x0000000006960000-0x0000000006972000-memory.dmp

Filesize
72KB

Download
memory/3404-192-0x0000000006A40000-0x0000000006B4A000-memory.dmp

Filesize
1.0MB

Download
memory/3404-191-0x0000000006D50000-0x0000000007368000-memory.dmp

Filesize
6.1MB

Download
memory/3404-190-0x0000000006670000-0x0000000006682000-memory.dmp

Filesize
72KB

Download
memory/3404-189-0x00000000066F0000-0x000000000672C000-memory.dmp

Filesize
240KB

Download
memory/3404-253-0x0000000009700000-0x0000000009742000-memory.dmp

Filesize
264KB

Download
memory/3404-186-0x00000000066B0000-0x00000000066EE000-memory.dmp

Filesize
248KB

Download
memory/3404-176-0x00000000056E0000-0x0000000005772000-memory.dmp

Filesize
584KB

Download
memory/3404-175-0x0000000005BF0000-0x0000000006194000-memory.dmp

Filesize
5.6MB

Download
memory/3404-174-0x0000000000C90000-0x0000000000E14000-memory.dmp

Filesize
1.5MB

Download
memory/3404-170-0x0000000000000000-mapping.dmp

Download
memory/3404-263-0x0000000005640000-0x0000000005BE4000-memory.dmp

Filesize
5.6MB

Download
memory/3404-262-0x0000000005640000-0x0000000005BE4000-memory.dmp

Filesize
5.6MB

Download
memory/3404-261-0x000000000B750000-0x000000000B76E000-memory.dmp

Filesize
120KB

Download
memory/3404-254-0x0000000005640000-0x0000000005BE4000-memory.dmp

Filesize
5.6MB

Download
memory/3404-255-0x0000000005640000-0x0000000005BE4000-memory.dmp

Filesize
5.6MB

Download
memory/3404-259-0x000000000D090000-0x000000000D1E4000-memory.dmp

Filesize
1.3MB

Download
memory/3404-260-0x000000000B680000-0x000000000B6F6000-memory.dmp

Filesize
472KB

Download
memory/3740-143-0x0000000000000000-mapping.dmp

Download
memory/4128-266-0x0000000000000000-mapping.dmp

Download
memory/4316-136-0x0000000000A90000-0x0000000000C6A000-memory.dmp

Filesize
1.9MB

Download
memory/4316-138-0x00000000092A0000-0x00000000092D8000-memory.dmp

Filesize
224KB

Download
memory/4316-139-0x0000000009280000-0x000000000928E000-memory.dmp

Filesize
56KB

Download
memory/4316-137-0x0000000008400000-0x0000000008408000-memory.dmp

Filesize
32KB

Download
memory/4316-142-0x0000000009430000-0x000000000943A000-memory.dmp

Filesize
40KB

Download
memory/4316-134-0x0000000000000000-mapping.dmp

Download
memory/4564-157-0x0000000000000000-mapping.dmp

Download
memory/4564-159-0x0000000000DA0000-0x0000000000ECA000-memory.dmp

Filesize
1.2MB

Download
memory/4592-272-0x0000000000000000-mapping.dmp

Download
memory/4812-147-0x0000000000000000-mapping.dmp

Download
memory/4832-273-0x0000000000000000-mapping.dmp

Download
memory/4860-275-0x0000000000000000-mapping.dmp

Download