68f99fe749bea2b2cc835c34ac1818ec136f38c2e5eca18008e643f42a9912bc

Analysis

max time kernel
185s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2023, 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_bootstrapper (1).exe
Size

1.3MB
MD5

028879728f52bc807dada3afa79d9f25
SHA1

ce285fcd92bb5a2aa74041950887fe8602575487
SHA256

68f99fe749bea2b2cc835c34ac1818ec136f38c2e5eca18008e643f42a9912bc
SHA512

11a9ec3d1f77e7c58c8b548cbf92075b9ffd3086c1e3ee8a7317be9c3da161ce4f6fe4acad85909b816c732c8688a4e264672f5fa67b2027ebbadb7a59d5cfec
SSDEEP

24576:qQU7ecSgL6y+gk+rnxdarF9nq5VrnHugIJ96FTx4XclQ:qQUzS65+x+rnxYrC5VrnOgIqUXcS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	krnl_bootstrapper (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	krnl_console_bootstrapper.exe

Executes dropped EXE 4 IoCs

pid	Process
2332	krnl_console_bootstrapper.exe
1632	7za.exe
1256	7za.exe
1196	krnlss.exe

Loads dropped DLL 24 IoCs

pid	Process
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe
1196	krnlss.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	krnl_console_bootstrapper.exe

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
5060	krnl_bootstrapper (1).exe
2332	krnl_console_bootstrapper.exe
2332	krnl_console_bootstrapper.exe
2332	krnl_console_bootstrapper.exe
1196	krnlss.exe
4320	chrome.exe
4320	chrome.exe
5060	chrome.exe
5060	chrome.exe
2708	chrome.exe
2708	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5060	krnl_bootstrapper (1).exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	5060	krnl_bootstrapper (1).exe
Token: SeDebugPrivilege	2332	krnl_console_bootstrapper.exe
Token: SeRestorePrivilege	1632	7za.exe
Token: 35	1632	7za.exe
Token: SeSecurityPrivilege	1632	7za.exe
Token: SeSecurityPrivilege	1632	7za.exe
Token: SeRestorePrivilege	1256	7za.exe
Token: 35	1256	7za.exe
Token: SeSecurityPrivilege	1256	7za.exe
Token: SeSecurityPrivilege	1256	7za.exe
Token: SeDebugPrivilege	1196	krnlss.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 2332	5060	krnl_bootstrapper (1).exe	82
PID 5060 wrote to memory of 2332	5060	krnl_bootstrapper (1).exe	82
PID 5060 wrote to memory of 2332	5060	krnl_bootstrapper (1).exe	82
PID 2332 wrote to memory of 1632	2332	krnl_console_bootstrapper.exe	87
PID 2332 wrote to memory of 1632	2332	krnl_console_bootstrapper.exe	87
PID 2332 wrote to memory of 1632	2332	krnl_console_bootstrapper.exe	87
PID 2332 wrote to memory of 1256	2332	krnl_console_bootstrapper.exe	91
PID 2332 wrote to memory of 1256	2332	krnl_console_bootstrapper.exe	91
PID 2332 wrote to memory of 1256	2332	krnl_console_bootstrapper.exe	91
PID 2332 wrote to memory of 1196	2332	krnl_console_bootstrapper.exe	96
PID 2332 wrote to memory of 1196	2332	krnl_console_bootstrapper.exe	96
PID 2332 wrote to memory of 1196	2332	krnl_console_bootstrapper.exe	96
PID 5060 wrote to memory of 1964	5060	chrome.exe	101
PID 5060 wrote to memory of 1964	5060	chrome.exe	101
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4092	5060	chrome.exe	102
PID 5060 wrote to memory of 4320	5060	chrome.exe	103
PID 5060 wrote to memory of 4320	5060	chrome.exe	103
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104
PID 5060 wrote to memory of 4264	5060	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper (1).exe
"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper (1).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\Documents\krnl\7za.exe
    "C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1632
- - C:\Users\Admin\Documents\krnl\7za.exe
    "C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1256
- - C:\Users\Admin\Documents\krnl\krnlss.exe
    "C:\Users\Admin\Documents\krnl\krnlss.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1196

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab8154f50,0x7ffab8154f60,0x7ffab8154f70
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,3383847533026267224,1691576926705621066,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll

Filesize
943KB

MD5
2ff7acfa80647ee46cc3c0e446327108

SHA1
c994820d03af722c244b046d1ee0967f1b5bc478

SHA256
08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d

SHA512
50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe

Filesize
1.2MB

MD5
f14153bbd95fc26d9ccea77c49cf09b9

SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33

SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe

Filesize
1.2MB

MD5
f14153bbd95fc26d9ccea77c49cf09b9

SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33

SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

Download Submit
C:\Users\Admin\Desktop\CompareRequest.mp3

Filesize
201KB

MD5
88a5ddcb6b604778a2a14247ce5ac693

SHA1
10f5c54c853d62980e10e74ae78b3af536d23ae8

SHA256
a3ccfce5eb944ed9284b13f8659117c97fb3b4015ac0934ec20dcf66d49980c3

SHA512
f1b10b6789a1aed674402483df2cc21d6e6b01820a576826c0a575eff0164244b51b0b94e0d486c11acee76af079a1bedd3687327afb85779e880321a136396e

Download Submit
C:\Users\Admin\Desktop\ConvertProtect.aifc

Filesize
392KB

MD5
d67693cee6a4e26aef5652f6799511d2

SHA1
c3341f7a2140c4ee12bd1f1b930f973c4944580a

SHA256
63713be98dc2caa20f057fa6847de8c6fe15f766163fc364c6764a1febf1424b

SHA512
56dbe25089c8aeb70d200ef0a926d100b46df535a883241b3b82db8b57833aafc9dfc6c0677d069a9e3bd4a632b22307d5be69c3b650f2cae60a9d0ee9e2bed2

Download Submit
C:\Users\Admin\Desktop\ConvertToSplit.m3u

Filesize
243KB

MD5
5eee4a148c083b3bf6ae108863c7a816

SHA1
56ba798279a95f94db315de93be50a1ec5e77570

SHA256
ecac45658aa392b38dadc3f7b683baccb7d0f6dc804a3536fd5a5ef034e33749

SHA512
fe3ce8d7af01776594f998887fcb634d4d231e692d3337098b675ac355e7fcc610171e50a79f44aaa83e19ab066c7a112403495001dc68ed2791551e5a899af7

Download Submit
C:\Users\Admin\Desktop\ConvertUnlock.vsx

Filesize
381KB

MD5
6e43c4ada8e1919906b44474523b4c63

SHA1
5165bf091ac36f4c6787088752df2fe371d4536d

SHA256
f6d2e5ee72387c34fd0e4343f11bbc7a66f78d11a1f5a4e14b17a03846edd1ae

SHA512
ea2f0cdbdaf595e69b1e2eb3d339eaa682b595156642aad71f50831ac60eaa4898de5c0cc34603ca72a2b24a71507f9202c72e1ce1700fd952194ed54ed33700

Download Submit
C:\Users\Admin\Desktop\DismountResolve.tif

Filesize
307KB

MD5
d977d031779f7798f5a2290adb624e4c

SHA1
1474c0fce7995e48d13317a4481a3badfc3ab5bb

SHA256
6ef3675eed5a3832476589a17b2377613d1496d000f67d4535ac1536b7d05634

SHA512
5f0a9673467aa3e67ace82a45b0b9b41b320cd64998db4dbd5658fb79efbf8c121c8344dd68772610672975c4ad1867276beb8ecec853d00b801f26ce7e1e95b

Download Submit
C:\Users\Admin\Desktop\FormatConfirm.bin

Filesize
137KB

MD5
d447cf775077d5afcb5265e023020538

SHA1
c016aadd5be52d5e37c8617d5e3bda97bb003cd6

SHA256
86fbc3ac816057f112e5e70da6f685cf77be7aa6adbc92de4fb14dafb091c072

SHA512
2c22651fcf6a14d7d4283a3a77870f2d5a8a09a3dd13c5d7562aca92cdd3fcac4375d19e98720b3d1edc674a2ad19932d72ba998cb2629931ebeb99227bdc4e9

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll

Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll

Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll

Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\bin\Monaco.zip

Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Documents\krnl\bin\src.7z

Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll

Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll

Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll

Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll

Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe

Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe

Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe.config

Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
memory/1196-189-0x0000000008EA0000-0x0000000008ED2000-memory.dmp

Filesize
200KB

Download
memory/1196-163-0x0000000007050000-0x000000000715A000-memory.dmp

Filesize
1.0MB

Download
memory/1196-183-0x0000000008580000-0x000000000859A000-memory.dmp

Filesize
104KB

Download
memory/1196-184-0x0000000008D70000-0x0000000008E92000-memory.dmp

Filesize
1.1MB

Download
memory/1196-185-0x0000000008780000-0x00000000087E0000-memory.dmp

Filesize
384KB

Download
memory/1196-186-0x0000000008620000-0x0000000008644000-memory.dmp

Filesize
144KB

Download
memory/1196-187-0x00000000087E0000-0x0000000008824000-memory.dmp

Filesize
272KB

Download
memory/1196-188-0x0000000008720000-0x000000000874A000-memory.dmp

Filesize
168KB

Download
memory/1196-171-0x0000000007CD0000-0x0000000007CEE000-memory.dmp

Filesize
120KB

Download
memory/1196-190-0x0000000008F70000-0x0000000008FFC000-memory.dmp

Filesize
560KB

Download
memory/1196-191-0x0000000009180000-0x00000000092F6000-memory.dmp

Filesize
1.5MB

Download
memory/1196-192-0x00000000090A0000-0x000000000913C000-memory.dmp

Filesize
624KB

Download
memory/1196-193-0x0000000009760000-0x00000000098E6000-memory.dmp

Filesize
1.5MB

Download
memory/1196-194-0x0000000009000000-0x0000000009066000-memory.dmp

Filesize
408KB

Download
memory/1196-195-0x0000000009690000-0x000000000974A000-memory.dmp

Filesize
744KB

Download
memory/1196-196-0x0000000008F10000-0x0000000008F32000-memory.dmp

Filesize
136KB

Download
memory/1196-197-0x0000000008870000-0x000000000887C000-memory.dmp

Filesize
48KB

Download
memory/1196-170-0x0000000007320000-0x0000000007342000-memory.dmp

Filesize
136KB

Download
memory/1196-169-0x0000000007EA0000-0x00000000083CC000-memory.dmp

Filesize
5.2MB

Download
memory/1196-168-0x0000000007280000-0x00000000072D6000-memory.dmp

Filesize
344KB

Download
memory/1196-181-0x0000000008650000-0x000000000871E000-memory.dmp

Filesize
824KB

Download
memory/1196-167-0x0000000007240000-0x000000000727C000-memory.dmp

Filesize
240KB

Download
memory/1196-166-0x00000000071D0000-0x0000000007236000-memory.dmp

Filesize
408KB

Download
memory/1196-165-0x0000000006FF0000-0x0000000007040000-memory.dmp

Filesize
320KB

Download
memory/1196-180-0x00000000084D0000-0x00000000084EA000-memory.dmp

Filesize
104KB

Download
memory/1196-179-0x0000000008550000-0x0000000008572000-memory.dmp

Filesize
136KB

Download
memory/1196-178-0x0000000008510000-0x0000000008542000-memory.dmp

Filesize
200KB

Download
memory/1196-208-0x0000000009C10000-0x0000000009C5A000-memory.dmp

Filesize
296KB

Download
memory/1196-212-0x0000000009BA0000-0x0000000009BAE000-memory.dmp

Filesize
56KB

Download
memory/1196-218-0x0000000009BB0000-0x0000000009BBE000-memory.dmp

Filesize
56KB

Download
memory/1196-164-0x0000000006F80000-0x0000000006F92000-memory.dmp

Filesize
72KB

Download
memory/1196-182-0x00000000085D0000-0x0000000008614000-memory.dmp

Filesize
272KB

Download
memory/1196-224-0x0000000009F60000-0x0000000009FA2000-memory.dmp

Filesize
264KB

Download
memory/1196-162-0x0000000007350000-0x0000000007968000-memory.dmp

Filesize
6.1MB

Download
memory/1196-161-0x0000000006D10000-0x0000000006D22000-memory.dmp

Filesize
72KB

Download
memory/1196-160-0x0000000006CD0000-0x0000000006D0C000-memory.dmp

Filesize
240KB

Download
memory/1196-172-0x0000000007CF0000-0x0000000007D0C000-memory.dmp

Filesize
112KB

Download
memory/1196-177-0x0000000008470000-0x0000000008490000-memory.dmp

Filesize
128KB

Download
memory/1196-176-0x00000000084A0000-0x00000000084C2000-memory.dmp

Filesize
136KB

Download
memory/1196-157-0x0000000006C90000-0x0000000006CCE000-memory.dmp

Filesize
248KB

Download
memory/1196-153-0x00000000056C0000-0x0000000005752000-memory.dmp

Filesize
584KB

Download
memory/1196-152-0x0000000005C70000-0x0000000006214000-memory.dmp

Filesize
5.6MB

Download
memory/1196-151-0x0000000000C30000-0x0000000000DB4000-memory.dmp

Filesize
1.5MB

Download
memory/1196-175-0x0000000008450000-0x0000000008470000-memory.dmp

Filesize
128KB

Download
memory/1196-225-0x00000000056C0000-0x0000000005C64000-memory.dmp

Filesize
5.6MB

Download
memory/1196-226-0x00000000056C0000-0x0000000005C64000-memory.dmp

Filesize
5.6MB

Download
memory/1196-230-0x000000000C0D0000-0x000000000C224000-memory.dmp

Filesize
1.3MB

Download
memory/1196-174-0x0000000007E70000-0x0000000007E7A000-memory.dmp

Filesize
40KB

Download
memory/1196-173-0x00000000088A0000-0x0000000008D6C000-memory.dmp

Filesize
4.8MB

Download
memory/1196-235-0x00000000056C0000-0x0000000005C64000-memory.dmp

Filesize
5.6MB

Download
memory/1196-232-0x000000000C010000-0x000000000C086000-memory.dmp

Filesize
472KB

Download
memory/1196-233-0x000000000C250000-0x000000000C26E000-memory.dmp

Filesize
120KB

Download
memory/1196-234-0x00000000056C0000-0x0000000005C64000-memory.dmp

Filesize
5.6MB

Download
memory/2332-139-0x000000000ADB0000-0x000000000ADBE000-memory.dmp

Filesize
56KB

Download
memory/2332-138-0x000000000ADD0000-0x000000000AE08000-memory.dmp

Filesize
224KB

Download
memory/2332-137-0x00000000094E0000-0x00000000094E8000-memory.dmp

Filesize
32KB

Download
memory/2332-136-0x0000000000110000-0x000000000023A000-memory.dmp

Filesize
1.2MB

Download
memory/5060-132-0x0000000000100000-0x0000000000252000-memory.dmp

Filesize
1.3MB

Download