lumma | ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2023 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe

Executes dropped EXE 8 IoCs

Processes:

7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
4844	7za.exe
4724	7za.exe
1512	KrnlUI.exe
4176	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 53 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
4008	krnl_beta.exe
4008	krnl_beta.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
1512	KrnlUI.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234002590367956"	chrome.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

CefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exechrome.exeCefSharp.BrowserSubprocess.exe

pid	process
4176	CefSharp.BrowserSubprocess.exe
4176	CefSharp.BrowserSubprocess.exe
1512	KrnlUI.exe
2540	CefSharp.BrowserSubprocess.exe
2540	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
1712	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
876	CefSharp.BrowserSubprocess.exe
4852	chrome.exe
4852	chrome.exe
5592	CefSharp.BrowserSubprocess.exe
5592	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

4852 chrome.exe
4852 chrome.exe
4852 chrome.exe
4852 chrome.exe
4852 chrome.exe
4852 chrome.exe
4852 chrome.exe
4852 chrome.exe
4852 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4008	krnl_beta.exe
Token: SeRestorePrivilege	4844	7za.exe
Token: 35	4844	7za.exe
Token: SeSecurityPrivilege	4844	7za.exe
Token: SeSecurityPrivilege	4844	7za.exe
Token: SeRestorePrivilege	4724	7za.exe
Token: 35	4724	7za.exe
Token: SeSecurityPrivilege	4724	7za.exe
Token: SeSecurityPrivilege	4724	7za.exe
Token: SeDebugPrivilege	4176	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeDebugPrivilege	2540	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	1712	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	876	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	1512	KrnlUI.exe
Token: SeCreatePagefilePrivilege	1512	KrnlUI.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

KrnlUI.exechrome.exe

pid	process
1512	KrnlUI.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_beta.exeKrnlUI.exechrome.exe

description	pid	process	target process
PID 4008 wrote to memory of 4844	4008	krnl_beta.exe	7za.exe
PID 4008 wrote to memory of 4844	4008	krnl_beta.exe	7za.exe
PID 4008 wrote to memory of 4844	4008	krnl_beta.exe	7za.exe
PID 4008 wrote to memory of 4724	4008	krnl_beta.exe	7za.exe
PID 4008 wrote to memory of 4724	4008	krnl_beta.exe	7za.exe
PID 4008 wrote to memory of 4724	4008	krnl_beta.exe	7za.exe
PID 4008 wrote to memory of 1512	4008	krnl_beta.exe	KrnlUI.exe
PID 4008 wrote to memory of 1512	4008	krnl_beta.exe	KrnlUI.exe
PID 4008 wrote to memory of 1512	4008	krnl_beta.exe	KrnlUI.exe
PID 1512 wrote to memory of 4176	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 4176	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 4176	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 2540	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 2540	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 2540	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 876	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 876	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 876	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 1712	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 1712	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 1512 wrote to memory of 1712	1512	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 4852 wrote to memory of 2776	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 2776	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 3856	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 4008	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 4008	4852	chrome.exe	chrome.exe
PID 4852 wrote to memory of 2700	4852	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4008

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4844

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4724

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1512

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=2288,i,4041847506228856763,1274030920701640386,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=1512
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4176

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=2288,i,4041847506228856763,1274030920701640386,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1512
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2540

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3224 --field-trial-handle=2288,i,4041847506228856763,1274030920701640386,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1512 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1712

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=2288,i,4041847506228856763,1274030920701640386,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1512 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:876

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=1680 --field-trial-handle=2288,i,4041847506228856763,1274030920701640386,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1512
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa036b9758,0x7ffa036b9768,0x7ffa036b9778
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:2
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3344 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:2572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5032 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4724 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3408 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5632 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5776 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3292 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:8
2⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5520 --field-trial-handle=1788,i,12401842798270626383,17815419673676754772,131072 /prefetch:1
2⤵
PID:5952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3796

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
96KB

MD5
9add8a2d0968db9bfeecea90afe78908

SHA1
0fbad9c080edbbfafa13582c16dcdce975ad8bff

SHA256
1de5ec9db21d2c963b10fcea854a1cc1d0cabbdecb268dddabd4f2294687e644

SHA512
851859d5643d30089a470a289b515098c5c1c7b6a0a4f832c04bcd291af250ad1d63232742fde80f606d0f3d7b6ab6d36326f643407caec62ff67d5c9a56dfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
65KB

MD5
6ae69cdbe50aef18ad9352efb9d89b57

SHA1
f3cbd82b9429e9ffaf2e0ef33bc0a2fd9a4716c9

SHA256
a08be876f5dedb4e719e3902e567da1b670dc5bed9bab1b2833c669e3ca4df78

SHA512
4b0f3ee2f5c70bc3bf929a396f034a40a35bd33ed69871f62a3fa668f7e0c4184a975c390873e44095db22e6bb890ca7fdf68a780688afb218a2da777bcfa6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
49KB

MD5
9e8361c00c4bc8c9c051dee5bfa339d2

SHA1
d36a51791035bf241d03661e2bbb0d13c837ef36

SHA256
e4d3dbd48148b13bf0c8c90a2319c3fafa42d4abaa9c89fcabb3585d986234f4

SHA512
3bd193a1ce0ac4f243ebf877d95e9bcb8aa287c46aa3737c85b80c0995de1ddd385d4b138718055a216f5949f0bcfe33e33e649c0982db6e8c56fcaa6b242d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
8c27bdb84aa22d0b26c788bbdbb8c144

SHA1
661185caf78c2731ede4f501d1d5dc85e8390dff

SHA256
96c42229e749ba34b6774a6dfcf1008e9aada6dfa1f40b4d38b38d7516577c16

SHA512
d57b5777611b01c22d86326955d8bf198ea4467338476230ae32aa7b8a6b68692031c8b6dd942efc9183928979abe81efa59e5b67912bf52f92f8ab48e7e2c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
bd4dfac5c150c0b7863e641412525668

SHA1
9af19b99b04c8782a92e34f6728e8d9cf74927e6

SHA256
db5a79c7ab9fb5bf41f2c45c16323317e10edd2c123cd30b0416544b40571304

SHA512
a42fa46265897f897f476de238dae9249eb6cf174f4fdf59061067d1607fde3dbb7b9dd977bd5e3d442f08d2ad7f1a1a906f183af861667243752692f4aa86d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
f8da3829687cdf2254282ded8b8a42c1

SHA1
a5dd3ede8d15b420c9f3a79f68227737529e582b

SHA256
86239a71d3c282a4b2e950cfe4c4ec6fa6d7cc0c40650b12852571e52fee4a3d

SHA512
6a5156647772d06556e6f6ee92ac1369dfb6300372e2c25d5437cb901779618718113f793b155402c44a9a7849014d017cc899a9cd019db2bce571f4476c868a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9caae5d14f9818bfb8b176aef39d9305

SHA1
a23f5209ce166ac42f8d083ffc766ce1b4468cf0

SHA256
2dc9770c20d1b451cab937bc23e491218017056fd577c396240e16b79c9c2ae3

SHA512
9582a6ae380b06014277c01ad87d72092433ff0af808ad6eadb39f653544f693ae131da0b64426e3d33e5ad69846851838a73180b3fd3857d8440bd84a57da63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2de79de02967ab3828dd565a6b3ca8c5

SHA1
7270407e04705366a86ccd70b014022778ace027

SHA256
98d4f35bc21c27e8986929418cedbe9ab6821c3fa4cbb0ad824b38d79a698ce1

SHA512
9038d67319cc60519a638d8455f1d12c47470d2098a569ca3ce964588535602fa89a0792762d90b675fbdc4e9875525b5ef7fcaf4a5b31f82d6d0900609d56b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a9006ee117eae7e5aae1371ef5e7cfab

SHA1
badb708585bfbe3bb58ba421fe986c560572b44d

SHA256
9fbfafef97de2e05ebbdbc1c3c86b51dc6d2d9cf883eead51e41331f7e0de957

SHA512
c4d360c9c7290cd24b024e196a59f1dfac4b9fe5517b7e83d32d1d4de95b33c7fde663b3d35b012cbda328f9a758f08628370e10e3af211452140c2a0a770127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
17b0ae62abe83e08ccfd4c9d35cdc122

SHA1
911287e3addd8fd378e68eb97b9863bfa8e9a979

SHA256
7fa213acb4979977433da6774f08d10c979a7c6d9dc1f32bf2362629d2be5355

SHA512
1bfd6411fe78b57f55feb737cd26e87ef912ee93a0bea897d7acccb63eae8c250a21d2a5f729fb794461ced5c82ff69eb763cb061b36685996b9bdb47854e2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
95a17ced3dc22a11ce9c083c45710041

SHA1
88a8d4e17cec66764a89441cdd678013d8505b69

SHA256
8acfea0f2dcd06f3ca3baf801687f8e2d325005774f0b93923e6f46d82a47a28

SHA512
af396e278e0860a4c7c8dfae4cb703b0ab3c96b1aab6dd7cb6707ef97c26fdeea4596c4a1bf68d5e051dcc8b5a455e7edc26a2ffe16f3d87dd52dd94defc3aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ffb72d0c268bc3c76fc4947ee82fecb2

SHA1
d5ce7074dc4809e671e8f21bdb55a2d107a81d03

SHA256
223f4917aa68df0beb36dec1d965daeaf9c72d37124adc42bcdd3fc628dcedfb

SHA512
4d1a447291ce02c67c8d2edc19fa97ce3bfbe70b7162bd3fbaf29baaeacb6157b2d0b62dbea0d909fe85048075fbe0bca394522c42954905ab9b71d040b50284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
6ea38091a3c060bab68db98b42f900db

SHA1
8c664f71092ef99281e159f4ed95367de1a34325

SHA256
40e23fac65a4c22d3996acac8632241d608e70a5a2da1937844f2bce26cef518

SHA512
40a007f4db113ef4af9fa9dc5f8a22ccd80399519e5f2a703d805c54905d38963fe51f6cb1021a5fd6bb1890dcdf20dad04dee207f5445211628070d60eb7c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
082ac89867e47ab5435fd51f2ed445a1

SHA1
53d2b1ebb4732faac7d80f0baafb9c816a1c8b61

SHA256
7ed75a6a911889e2acac3d5945e9b97b7e610d578fb6222069d891720da799dc

SHA512
2f79570aef240ab888ba88fc9f059f7b263134a1592c72ed8d03f3284167302dea24ac9d1cc8414a8c2f958747edf3272c6062696d042d8843843aaddb55e4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1f51efe7657d850af3a756dd1ffb1d9c

SHA1
f15f56de62de87a2d27a08544c240ad689fe20e4

SHA256
6033f287745194df4f31697302d66ace427830dc0f7dc8498b824ffef6dea32a

SHA512
d45921ea84a293a1b8cacce51f7412015aa8d6b8b9f82af5788009aa187da08c2b5384777dacccab15e06f77c35209bac9ff38b2036cc7669e5dfa27a3493956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2e0042f69b0dfe5eb02d12d0bfdfdaf2

SHA1
430632fa6d367cf78dd86ef5683108e660d6396c

SHA256
9a7b7c41a7578bd7b07671e41a461265a12001739d31bc1ea662a0376506707c

SHA512
5e56b968133a8494493c94c5d3227048d3bc17a3715d0ae7ae567b43b67880f558eb8464a52a3f3e230b06c9a1c1b9dd38eba44af3e3824b9308c8aa9c4bc976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
ac529b846980f016be666b9247809def

SHA1
376e696aa8d6c536387c42b0b4c069e22a6ec43f

SHA256
5f57cc4ebc9531b2a42bdd81f80d76601cea89a3d3d4e838dc7220c60a312e8e

SHA512
64e2293ae0603d0b98e546ba0144cf25a57f5f81a526ee1b5a92cd921403ee62a9f9534dcd184cef577ed21ba4a911bf8a4417d3ab6dee45c678342686ac8cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
a001607688afa56d50f2e73685b2b771

SHA1
be643fc44b03f5c0f6517ed369892db9dd0e48b5

SHA256
60609e3dadc66fa590432cd5ea5fafc4e97225e5d458b5bc1ad54910ae4e75be

SHA512
a51b44a174a8ddf633bfa578de399e2c769633ab8fbf93334df45129cb74c78f3a94bffafdb798c2e496a231f1dbd9c1503bebcb9baaf91db845fc9f498d5d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
7d28a700509ae9d4c725259891a2a78d

SHA1
8a7de8f6952e95a8d53067c0e7f7cc5fff444cd4

SHA256
ee33be362eb7a0e749942e12c7431bb7990e3fc216d8dd955284bbbc87e32323

SHA512
a8d8a2cabccfc4cb785a85f97d3560c1c062911304bb57715feddcc8b486f3d50409d9fda2617d5427bb4bd1d63a52024aa0a503f7f807b5afad5496903c29ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
703a5852a5e50abdc366aae925235061

SHA1
c62a8a5bfe879f4e59f415e29ebe98de0d464b33

SHA256
49187950d007e1bc45b71904da04efa0e9a16a9eba94fe1b6e29ec1d03144661

SHA512
6ebbb88647e43e69b7f980668c2f54b1c6236e713993ff80b8bf4d3fd69da69a6b2337c833b84fa99735477427f65d7b2e28cc4bc22d591b729825d438c35bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
675b055af24f5a1793368f42c05a23a5

SHA1
b23e8269040b69fa1ec71ab7d0844be5aa9e47a4

SHA256
2ad600e9b4a15d022bb7dcf67aab3e2ceb109b443c7adae56b3bafeb12a69ce2

SHA512
c61fb51d8e305ed1f137e4f5a06260bcb53fbf31d4ce908dd9fc80b95c88565005ade8bb36d38a0e09046cdce6fbfec7c21539d49649836eac09b27a4ff4ac3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583302.TMP
Filesize
97KB

MD5
1413eb64d61c0b60e3942f65973a1524

SHA1
f243167ef0e4e2089fbebbfff02373d4c0a0bf55

SHA256
fe25b360dd06a32bcb15686595a68319d2679e0c7535aff4a1332d164edc6b3a

SHA512
c595ebe046f127141d68a22aebc8f012e4ba1dd0feafd1eb46e41f752a0eb7af26cd147baca185c2f69d43e468197105bcce198a31700f9acccda3b521d13468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1512_45770787\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\1512_45770787\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config
Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png
Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png
Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua
Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config
Filesize
11B

MD5
a3d8125d741db04d38a0c2c56eb9521f

SHA1
69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3

SHA256
e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96

SHA512
014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png
Filesize
534KB

MD5
1ea0fccbceecbcfbe9c57bf230241889

SHA1
4b538297c419731bed21e7f0f8c1f921c6c3f389

SHA256
79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd

SHA512
6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png
Filesize
19KB

MD5
be676e5468366d6f34839bab1a2be5dd

SHA1
14424fc881b910a406f364d1dffb22ee0dc28e04

SHA256
196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e

SHA512
3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua
Filesize
98B

MD5
1f74e0539c4f0816badd444b487dbda9

SHA1
07fc32012374195023f00353c12d800a5ed8d07b

SHA256
f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d

SHA512
d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config
Filesize
6B

MD5
af55765f33160409360ffefd60211d32

SHA1
f16b23456ff82b6875e996c252c92eac375c5c54

SHA256
adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d

SHA512
1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png
Filesize
10KB

MD5
6c5d6e01657cf543c2211452ff43f52f

SHA1
7f4735960b3128f279aa42c4351ee50b32580788

SHA256
014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f

SHA512
f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png
Filesize
12KB

MD5
516a58f5a912ea4cbef1098f8fd5ebc3

SHA1
217162ba93d4c94d7b9389694734e365a91905df

SHA256
c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461

SHA512
ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\script.lua
Filesize
281B

MD5
c0baed80a080fcfbcbde7dc86d38b14e

SHA1
1d81bb414f6853c313b6eea6169a7b68001dca68

SHA256
0109c27defe896cf9cccf23e0dc8765d705e8660360c3eca2a2f30599b46d77b

SHA512
3397e3b5bf3591e8ae5ac4b41be05973c484279151d1239d1976ba1267441809e2addc04f74fb61f7ec6f82fa1c3b6f92acab90eb620095e11f55c9f3f2edb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\tags.config
Filesize
33B

MD5
b042ffedee19500bf6d971c456ec3655

SHA1
077c12ca4595d02a810a592f8cc85bc961676f4d

SHA256
83167cc46576dd7ff84b1f107e9024238395d2a6016f88b9cb911292d52ec2a9

SHA512
0010593f27183cc66acaeba66c0cc4bf82c8faa821c1f5ee75bc78552792068eaec6b120f17112a3df267784dbf8975d6fce2f394e5b616c7f719148e68e0d86

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\card.config
Filesize
11B

MD5
5e42cc2c2e0f1e430aa404314afa53e4

SHA1
794be48d0f018d9ef67a9dddb4dd4b6ba66d020e

SHA256
4f94d5d922df31f5611e97f785b3f7bae178268b0f0727e733590ddd6de13bc2

SHA512
e38a0e93a5f7b9d0f3f09d8408fd29450a88672382e828a5926239ce926782fab49692178ba4614e0683bf4ae50d4ebb6491e6bb6e85372972ef4b1b5435639d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\preview.png
Filesize
49KB

MD5
7b0d11f82c6d558ddccda8a4563f6238

SHA1
615e90c3d799e58850efb189bc220a621dc56e96

SHA256
24f687838f65b20e4f826cc6ab709124a8a91c43789a0b71cb6fc8a58ce8273e

SHA512
5a8dce1fc5c9e2d47634b888bc51ca0ed73eef0f305993979f380e2597a3f5fa45facf0639a2a7d3410c40b29f2ce2b40fbb222660babf009382475cde1e676f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\profile.png
Filesize
237KB

MD5
6cef901a51f67313821f9f7ccca5d38f

SHA1
6a612a1918e94c08b54af9e7e63356d41eff2d82

SHA256
1461d4e5cc1d955721e68d745c900c56c3c28490d86e00cab39f0bcaedc702d8

SHA512
818314e8bbb20fc0fc7ca7884a930063c8c906e8af39abe6c507b96ddeaf5515a9de0c0408bc2483eea067dcd1102bc63095cfd27a6a1af2f628a1bd26929522

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\script.lua
Filesize
451KB

MD5
1cf55875084e2163bbdfbf66452b29e6

SHA1
f28c38a655dd68075ade6b915f683968e77bee97

SHA256
177d8cf42fee5c6012f6571b20e7e17e55df8564af59b9be5dddcdbd879b5c5d

SHA512
3e72263077a032688770f08e181d8786c1248bec31a5f69fdbbff2c127b49466909ecd68a5dd7e1061542bf1900a6f7a6ab498310a460c8fbfaeae81aa5f5db3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\card.config
Filesize
4B

MD5
656626d3691e02c2c2e83276a94add4f

SHA1
258635defa94ec462fbe0c1af91c7b59bef1d1e4

SHA256
0fcf591eb63af5717e253be0931f2e09747df34a27b3ba8d092faf0e55318920

SHA512
2878ceeff7c9d8225006bea6f280587d84d0be316aae41c9c859b632ae71043af52dd2ff1cf50a0804a0a5120da4a500a468170b710e6bb53cc18a391fdf514f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\preview.png
Filesize
465KB

MD5
4178311492a7c89b085dd0f9e16059d1

SHA1
a8c09191f29ba3538bec9ae2ba14aa4eeb59b5ef

SHA256
7a6e75f8f2a3ed7ba1b3ddb2b34b56ff751053896f37c02d527ba496504563be

SHA512
770cc5a277455c4a6f6da2dcc0ab4951580cde25ba1524194967dc1dff8d5d0cc81c9131313f131fd83f7569b2e56bbd55673fad8ff5f1a847e1ddd7f750a4e3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\profile.png
Filesize
8KB

MD5
5f7201b94d86517399ee2a8de627cbeb

SHA1
0028f36c47b6dd36e7e5a1b24ee41f965be3671c

SHA256
6acc361fca4ef73d7a0bdd39482f3d2938eab6d2d942db995666e0978c0f59a4

SHA512
8037df886217f45330630205090724fd2a1c5e66b6084c9ac746cb52e5d653f3d1816e1feb236df760bf72090b8a880ac6391daae5253ac99e9489551ffd1526

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\script.lua
Filesize
115B

MD5
ef0dfaca318853907f49290a828e73f9

SHA1
e4c200f30ed72a6b384c712ba1304fa2dbe72a73

SHA256
80c4123264cd0e6ae4d5308b8c451ef89cd35ab3bbe214f034a34d243abeb8c5

SHA512
b5fec7a5b7c446f6ed8802740b8afbe948ed24c5d677a8748819988e4501e94deead3e7c933e33e19dbce0e10260dc43ac7710435c3864576b38fd27bc35503b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\card.config
Filesize
10B

MD5
cdf58d0e1b6b0dd3f523e7817a0ea0b5

SHA1
a87a1bfa5593ccb6ce553543526b06c7b39c3330

SHA256
a9292bc3beaf23e06a4cb67c4bd213737754f9b5c1538876da059b0ca71e03fe

SHA512
ae1b344d078af79886c7d2d0bc4c103d5873621b3d549362ee416fb6c43f5bfe5d9c43b5073b034bb1ee5b4413689a93dde12f9a8408e4051a39f0f089500784

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\preview.png
Filesize
171KB

MD5
220cf576403c96a12e4831c4e1aff13a

SHA1
b6ff4cb1a6aec90ea01f3807a66ff1b0864d10bf

SHA256
1bc331bf9cfe7a2ec83fea1d9d67cfd2754239edc4dda5a17f99b420b75d6fd9

SHA512
103aab3a35694076ab14874c1f826a51bf8db59349f66765528d70484a4f5a4c6d751e2af3b5c4b832df68233ea33c5b08662d009fc9f2897c4414d61e0f4e41

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\profile.png
Filesize
19KB

MD5
20f7c123960c173546b91a9147be8a98

SHA1
d83534a97c5ff8e917bcd92f2e31d558e863796a

SHA256
d132445e583c7e8662fa48a83c35074d91557c34ea713d1812040c33ce8b89dc

SHA512
1f3b3897f21599f99f89846fb92783fad0c2018a4d20da12c9ae1789bc8b284987433c183582dfc5914f3d3b176ecf9f70de036f032b24e78054869ada87826b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
d4b44f9a8c3891884cbd93748bac4146

SHA1
7f77f6377b8a84de9d96a1568e1cf125bcd046fa

SHA256
af6a24188c6f99436da0fe18aab1989ababff9ae09c4b669cc23c7e9f3f478c8

SHA512
b71c080e19875fc2282240e949b608e779af1269465e915382e430de663e6995b1ab5676b34c6831fe3db97bbf03b0b861c8ffa17617cc4ec9582e7154aa71a9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak
Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak
Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak
Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/876-617-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/876-625-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/1512-608-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/1512-558-0x0000000005A50000-0x0000000005A60000-memory.dmp

Filesize
64KB

Download
memory/1512-622-0x000000000DAA0000-0x000000000DBA0000-memory.dmp

Filesize
1024KB

Download
memory/1512-544-0x0000000000890000-0x00000000009AE000-memory.dmp

Filesize
1.1MB

Download
memory/1512-621-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/1512-548-0x0000000005350000-0x0000000005370000-memory.dmp

Filesize
128KB

Download
memory/1512-618-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/1512-619-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/1512-552-0x0000000005A60000-0x0000000005B64000-memory.dmp

Filesize
1.0MB

Download
memory/1512-553-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/1512-614-0x000000000DAA0000-0x000000000DBA0000-memory.dmp

Filesize
1024KB

Download
memory/1512-554-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/1712-616-0x0000000004C20000-0x0000000004C30000-memory.dmp

Filesize
64KB

Download
memory/1712-624-0x0000000004C20000-0x0000000004C30000-memory.dmp

Filesize
64KB

Download
memory/2540-615-0x00000000058F0000-0x0000000005900000-memory.dmp

Filesize
64KB

Download
memory/2540-623-0x00000000058F0000-0x0000000005900000-memory.dmp

Filesize
64KB

Download
memory/4008-211-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4008-152-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4008-134-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4008-135-0x0000000007A50000-0x0000000007A58000-memory.dmp

Filesize
32KB

Download
memory/4008-232-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4008-136-0x0000000008D10000-0x0000000008D48000-memory.dmp

Filesize
224KB

Download
memory/4008-160-0x0000000008EA0000-0x0000000008EAA000-memory.dmp

Filesize
40KB

Download
memory/4008-133-0x00000000000E0000-0x00000000002BA000-memory.dmp

Filesize
1.9MB

Download
memory/4008-139-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4008-138-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4008-137-0x0000000008CE0000-0x0000000008CEE000-memory.dmp

Filesize
56KB

Download
memory/4176-576-0x0000000000560000-0x0000000000568000-memory.dmp

Filesize
32KB

Download
memory/4176-607-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/4176-620-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5592-1287-0x0000000005201000-0x0000000005206000-memory.dmp

Filesize
20KB

Download