lumma | 27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2023 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_bootstrapper.exe
Size

1.2MB
MD5

f14153bbd95fc26d9ccea77c49cf09b9
SHA1

cb59f900711ea751c4322b4dab50fa2c0ee70b33
SHA256

27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
SHA512

7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
SSDEEP

12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_bootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	krnl_bootstrapper.exe

Executes dropped EXE 3 IoCs

Processes:

7za.exe7za.exekrnlss.exe

pid process

5016 7za.exe
2472 7za.exe
4624 krnlss.exe

pid	process
5016	7za.exe
2472	7za.exe
4624	krnlss.exe

Loads dropped DLL 24 IoCs

Processes:

krnlss.exe

pid	process
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe
4624	krnlss.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133233916565278726"	chrome.exe

Modifies registry class 1 IoCs

Processes:

krnl_bootstrapper.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings krnl_bootstrapper.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	krnl_bootstrapper.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

krnlss.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

Processes:

krnl_bootstrapper.exekrnlss.exechrome.exetaskmgr.exe

pid	process
3464	krnl_bootstrapper.exe
3464	krnl_bootstrapper.exe
3464	krnl_bootstrapper.exe
4624	krnlss.exe
2128	chrome.exe
2128	chrome.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

2128 chrome.exe
2128 chrome.exe
2128 chrome.exe
2128 chrome.exe
2128 chrome.exe
2128 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

krnl_bootstrapper.exe7za.exe7za.exekrnlss.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3464	krnl_bootstrapper.exe
Token: SeRestorePrivilege	5016	7za.exe
Token: 35	5016	7za.exe
Token: SeSecurityPrivilege	5016	7za.exe
Token: SeSecurityPrivilege	5016	7za.exe
Token: SeRestorePrivilege	2472	7za.exe
Token: 35	2472	7za.exe
Token: SeSecurityPrivilege	2472	7za.exe
Token: SeSecurityPrivilege	2472	7za.exe
Token: SeDebugPrivilege	4624	krnlss.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_bootstrapper.exechrome.exe

description	pid	process	target process
PID 3464 wrote to memory of 5016	3464	krnl_bootstrapper.exe	7za.exe
PID 3464 wrote to memory of 5016	3464	krnl_bootstrapper.exe	7za.exe
PID 3464 wrote to memory of 5016	3464	krnl_bootstrapper.exe	7za.exe
PID 3464 wrote to memory of 2472	3464	krnl_bootstrapper.exe	7za.exe
PID 3464 wrote to memory of 2472	3464	krnl_bootstrapper.exe	7za.exe
PID 3464 wrote to memory of 2472	3464	krnl_bootstrapper.exe	7za.exe
PID 3464 wrote to memory of 4624	3464	krnl_bootstrapper.exe	krnlss.exe
PID 3464 wrote to memory of 4624	3464	krnl_bootstrapper.exe	krnlss.exe
PID 3464 wrote to memory of 4624	3464	krnl_bootstrapper.exe	krnlss.exe
PID 2128 wrote to memory of 4752	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4752	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 5016	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 3920	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 3920	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2652	2128	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3464

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5016

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2472

C:\Users\Admin\Documents\krnl\krnlss.exe
"C:\Users\Admin\Documents\krnl\krnlss.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4624

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe05d19758,0x7ffe05d19768,0x7ffe05d19778
2⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:2
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:1
2⤵
PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:1
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:1
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:8
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5440 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:1
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3228 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:1
2⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3932 --field-trial-handle=1840,i,3934993372145674656,18290943457078142772,131072 /prefetch:1
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2132

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4708

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
0b8a37fd9fb6d50b3449173a512f6fa8

SHA1
d678bf437018ac47c3b2b68ece01d0265ea690ae

SHA256
59c207ac9fa429609f1521e9814f9b71751021b828033c2d809be84b44885529

SHA512
b7703d30d3049ef9b910768a56bbe316de70301f3ad7139a1598ee92aceec7abf4d6965935958ddb230c130839d077f4d352172c4708ce9b5ceb05c4a7fa531d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
caea85ffb794c30f286c9ed93d614ec1

SHA1
ec7d626bcd823a2c74da065e9692f242292e85df

SHA256
7917914e3916f3147e3f7ad9f1b19ef82332141bc49d2a287cd1429c234e9066

SHA512
e81ab8cb3c7a41181584772c0e0ed5fd1ff491276e4a4d0fa428239f6df27664a2da5b900024513ccb110abc5f709af23baafdf439666afbf1166d7956246571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
b2bda1376f72fd8a0df68d99b8f5bbd2

SHA1
3eb896a4f34388395577d285035e7a75d16b7834

SHA256
803c5058407fc1339a0dc0edc0098153a2ada81aa95e085213c4b1d1d3d0f402

SHA512
055504a3f3e287d171278eb41d335ffb00dfc1f82028948cda7f4091d8cd137494a26a62f312116f02dd95b90dc20c7b58e8b9b1d0f1b957f01ce4eb5f7d8c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
882ec46c4b6b24ac903ba5e395809a47

SHA1
c8713029672e88b87b8d9d494b1894dcfdbb69e5

SHA256
f2ab1cce446d6c44d62fa4ac5666dedc12a30364ab131276d65fb3e77716f15a

SHA512
0da90f68f5940b0e6097625cee22432cb2c0526bc06e6939a5d921909042fdc99ae168510b935a3f1cdf2c0620f6440f0395a57e92e1646066a001b4b978e39f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1efaceaccf9ff42a9c208dd35987de6d

SHA1
7a1bd013d29013171b32a5830df8148622b8103d

SHA256
d2a979cf31ceb0ab0198869392dcf595e5ad7c77db424eea8ceffdfcc0d878e9

SHA512
746a884115ffce14cacb74f630d00de7a1ff298ab3035e2131b017882704e03af6d70ecc53f019c1c088ddc7b78b0340fddafd6572dee1fe62e3f207bbee386f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
806445837dda491c6b8f08ef14fd86f4

SHA1
1f12e078abbbd76b75f15dfea05727746f62b313

SHA256
d28bedcaeeeda869229c269088ab1d52a83ded2349b9c00afeb24fee67427108

SHA512
e82c7bd2df8b783482bf7f74707cd8ff56270b43845c97aebe82635ba1e5a6f9870f37c603e6ffce5e63e555e8f4990490070f9ed8c8aa203225ff2a30078b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
050cd5413125c3c63c5b2a51e891d918

SHA1
0a99433e40add4873a34d9b81f76b42d1f01e10f

SHA256
e0223c574f2e092010c78a1f20a6ff9a3352e9cfde1c9218a051d30db2be47ce

SHA512
0535b4246e24e048aab084d689a899f25f5bde0b836b2d3e696f797a6e45563d2dc13988e5131bdc45b4fc65435ea9f783c4954e78f719c960a5fe32ac147068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
61a57bd1552a348cb9076345667ed92b

SHA1
e8175496c42b2736cdc1de110adb74057bf3e017

SHA256
5f16cda9fe97235e530c1b932950f7a5cc20af7d52f4bef9a8c32f557d378389

SHA512
a15cfa2c8d961c6ad3e8a599af7c8725fbdd73f159548d88eb898ac6c4345e25b4bb8c32e81dd466a2aacc0be7cbc75f4964db292d955f682e64a00709a40955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
054b4f07077f7cc9f9534dae1b9ee5a7

SHA1
1a75bc13afacd447ae0c1d301ee82424fa7b9d14

SHA256
f87c54adbf230635274059a08fc834f9e7b90d3311907398a78caefbf1729a6f

SHA512
beffcdd5fabde959c12c5e640bdf3c8e7ba67a52a307546cd261d01d7c2e8eaa36d11cc4903480ab2c52b1264fbd8c3bd218fc6aa6a52f57808f33786ecbe4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
2dccb3c74710890b53c561adb33dc84a

SHA1
19300ecefca393c8525974d05016baf88dfd8e72

SHA256
9998a2db973abf738120a1b7344de8a7c86f3b7c1764b1668979355fbbbba0b1

SHA512
524d582e3d7586ca1aea733fd2823200cf592665259c97ef7cc613fe7d52c428daff302847149b54dc07a3a52a7ad897a54c86635eecc8cfc7542a68c42b8cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll
Filesize
943KB

MD5
2ff7acfa80647ee46cc3c0e446327108

SHA1
c994820d03af722c244b046d1ee0967f1b5bc478

SHA256
08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d

SHA512
50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\bin\Monaco.zip
Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Documents\krnl\bin\src.7z
Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe.config
Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
\??\pipe\crashpad_2128_HQFLETRPPHENURIZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3464-233-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

Filesize
64KB

Download
memory/3464-378-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

Filesize
64KB

Download
memory/3464-138-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

Filesize
64KB

Download
memory/3464-137-0x00000000090A0000-0x00000000090AE000-memory.dmp

Filesize
56KB

Download
memory/3464-136-0x00000000090D0000-0x0000000009108000-memory.dmp

Filesize
224KB

Download
memory/3464-135-0x0000000005D00000-0x0000000005D08000-memory.dmp

Filesize
32KB

Download
memory/3464-134-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

Filesize
64KB

Download
memory/3464-133-0x0000000000150000-0x000000000027A000-memory.dmp

Filesize
1.2MB

Download
memory/4624-705-0x0000000008D90000-0x0000000008E4A000-memory.dmp

Filesize
744KB

Download
memory/4624-737-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/4624-706-0x0000000008600000-0x0000000008622000-memory.dmp

Filesize
136KB

Download
memory/4624-707-0x0000000007F90000-0x0000000007F9C000-memory.dmp

Filesize
48KB

Download
memory/4624-703-0x0000000008F20000-0x00000000090A6000-memory.dmp

Filesize
1.5MB

Download
memory/4624-702-0x0000000008CF0000-0x0000000008D8C000-memory.dmp

Filesize
624KB

Download
memory/4624-701-0x00000000088A0000-0x0000000008A16000-memory.dmp

Filesize
1.5MB

Download
memory/4624-700-0x0000000008690000-0x000000000871C000-memory.dmp

Filesize
560KB

Download
memory/4624-699-0x00000000085C0000-0x00000000085F2000-memory.dmp

Filesize
200KB

Download
memory/4624-698-0x0000000007EB0000-0x0000000007EDA000-memory.dmp

Filesize
168KB

Download
memory/4624-697-0x0000000007F00000-0x0000000007F44000-memory.dmp

Filesize
272KB

Download
memory/4624-696-0x0000000007BF0000-0x0000000007C14000-memory.dmp

Filesize
144KB

Download
memory/4624-695-0x0000000007E50000-0x0000000007EB0000-memory.dmp

Filesize
384KB

Download
memory/4624-694-0x0000000008490000-0x00000000085B2000-memory.dmp

Filesize
1.1MB

Download
memory/4624-718-0x0000000009350000-0x000000000939A000-memory.dmp

Filesize
296KB

Download
memory/4624-722-0x0000000008860000-0x000000000886E000-memory.dmp

Filesize
56KB

Download
memory/4624-693-0x0000000007BA0000-0x0000000007BBA000-memory.dmp

Filesize
104KB

Download
memory/4624-692-0x0000000007E00000-0x0000000007E44000-memory.dmp

Filesize
272KB

Download
memory/4624-691-0x0000000007C30000-0x0000000007CFE000-memory.dmp

Filesize
824KB

Download
memory/4624-690-0x0000000007580000-0x000000000759A000-memory.dmp

Filesize
104KB

Download
memory/4624-728-0x0000000008870000-0x000000000887E000-memory.dmp

Filesize
56KB

Download
memory/4624-689-0x0000000007B30000-0x0000000007B52000-memory.dmp

Filesize
136KB

Download
memory/4624-688-0x0000000007AF0000-0x0000000007B22000-memory.dmp

Filesize
200KB

Download
memory/4624-687-0x0000000007520000-0x0000000007540000-memory.dmp

Filesize
128KB

Download
memory/4624-686-0x0000000007550000-0x0000000007572000-memory.dmp

Filesize
136KB

Download
memory/4624-685-0x0000000007500000-0x0000000007520000-memory.dmp

Filesize
128KB

Download
memory/4624-684-0x00000000074D0000-0x00000000074DA000-memory.dmp

Filesize
40KB

Download
memory/4624-731-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/4624-683-0x0000000007FC0000-0x000000000848C000-memory.dmp

Filesize
4.8MB

Download
memory/4624-735-0x0000000009680000-0x00000000096C2000-memory.dmp

Filesize
264KB

Download
memory/4624-682-0x0000000007410000-0x000000000742C000-memory.dmp

Filesize
112KB

Download
memory/4624-681-0x00000000073F0000-0x000000000740E000-memory.dmp

Filesize
120KB

Download
memory/4624-736-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/4624-704-0x0000000008720000-0x0000000008786000-memory.dmp

Filesize
408KB

Download
memory/4624-680-0x0000000006A40000-0x0000000006A62000-memory.dmp

Filesize
136KB

Download
memory/4624-679-0x00000000075C0000-0x0000000007AEC000-memory.dmp

Filesize
5.2MB

Download
memory/4624-741-0x000000000C110000-0x000000000C264000-memory.dmp

Filesize
1.3MB

Download
memory/4624-678-0x00000000069A0000-0x00000000069F6000-memory.dmp

Filesize
344KB

Download
memory/4624-677-0x0000000006960000-0x000000000699C000-memory.dmp

Filesize
240KB

Download
memory/4624-746-0x000000000C060000-0x000000000C0D6000-memory.dmp

Filesize
472KB

Download
memory/4624-747-0x000000000BEB0000-0x000000000BFB0000-memory.dmp

Filesize
1024KB

Download
memory/4624-748-0x000000000C290000-0x000000000C2AE000-memory.dmp

Filesize
120KB

Download
memory/4624-749-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/4624-750-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/4624-676-0x00000000068F0000-0x0000000006956000-memory.dmp

Filesize
408KB

Download
memory/4624-675-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/4624-674-0x0000000006710000-0x0000000006760000-memory.dmp

Filesize
320KB

Download
memory/4624-673-0x00000000066A0000-0x00000000066B2000-memory.dmp

Filesize
72KB

Download
memory/4624-672-0x0000000006770000-0x000000000687A000-memory.dmp

Filesize
1.0MB

Download
memory/4624-671-0x0000000006A70000-0x0000000007088000-memory.dmp

Filesize
6.1MB

Download
memory/4624-670-0x00000000063B0000-0x00000000063C2000-memory.dmp

Filesize
72KB

Download
memory/4624-669-0x0000000006410000-0x000000000644C000-memory.dmp

Filesize
240KB

Download
memory/4624-651-0x00000000001F0000-0x0000000000374000-memory.dmp

Filesize
1.5MB

Download
memory/4624-652-0x0000000005260000-0x0000000005804000-memory.dmp

Filesize
5.6MB

Download
memory/4624-653-0x0000000004CB0000-0x0000000004D42000-memory.dmp

Filesize
584KB

Download
memory/4624-666-0x00000000063D0000-0x000000000640E000-memory.dmp

Filesize
248KB

Download
memory/4708-933-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-934-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-935-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-936-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-937-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-938-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-932-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-927-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-928-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download
memory/4708-926-0x000001CD74E30000-0x000001CD74E31000-memory.dmp

Filesize
4KB

Download