lumma | ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
151s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2023 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_beta.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe

Executes dropped EXE 8 IoCs

Processes:

7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
2424	7za.exe
3196	7za.exe
2712	KrnlUI.exe
4896	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 53 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
4124	krnl_beta.exe
4124	krnl_beta.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
2712	KrnlUI.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

KrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exemsedge.exemsedge.exeCefSharp.BrowserSubprocess.exe

pid	process
2712	KrnlUI.exe
4896	CefSharp.BrowserSubprocess.exe
4896	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
212	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
4444	CefSharp.BrowserSubprocess.exe
3428	msedge.exe
3428	msedge.exe
3800	msedge.exe
3800	msedge.exe
5908	CefSharp.BrowserSubprocess.exe
5908	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

msedge.exe

pid process

3800 msedge.exe
3800 msedge.exe
3800 msedge.exe
3800 msedge.exe

pid	process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

description	pid	process
Token: SeDebugPrivilege	4124	krnl_beta.exe
Token: SeRestorePrivilege	2424	7za.exe
Token: 35	2424	7za.exe
Token: SeSecurityPrivilege	2424	7za.exe
Token: SeSecurityPrivilege	2424	7za.exe
Token: SeRestorePrivilege	3196	7za.exe
Token: 35	3196	7za.exe
Token: SeSecurityPrivilege	3196	7za.exe
Token: SeSecurityPrivilege	3196	7za.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeDebugPrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeDebugPrivilege	4896	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeDebugPrivilege	212	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	444	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4444	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe
Token: SeShutdownPrivilege	2712	KrnlUI.exe
Token: SeCreatePagefilePrivilege	2712	KrnlUI.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

msedge.exe

pid process

3800 msedge.exe
3800 msedge.exe
3800 msedge.exe
3800 msedge.exe

pid	process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_beta.exeKrnlUI.exemsedge.exe

description	pid	process	target process
PID 4124 wrote to memory of 2424	4124	krnl_beta.exe	7za.exe
PID 4124 wrote to memory of 2424	4124	krnl_beta.exe	7za.exe
PID 4124 wrote to memory of 2424	4124	krnl_beta.exe	7za.exe
PID 4124 wrote to memory of 3196	4124	krnl_beta.exe	7za.exe
PID 4124 wrote to memory of 3196	4124	krnl_beta.exe	7za.exe
PID 4124 wrote to memory of 3196	4124	krnl_beta.exe	7za.exe
PID 4124 wrote to memory of 2712	4124	krnl_beta.exe	KrnlUI.exe
PID 4124 wrote to memory of 2712	4124	krnl_beta.exe	KrnlUI.exe
PID 4124 wrote to memory of 2712	4124	krnl_beta.exe	KrnlUI.exe
PID 2712 wrote to memory of 4896	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 4896	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 4896	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 444	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 444	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 444	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 4444	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 4444	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 4444	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 212	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 212	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 2712 wrote to memory of 212	2712	KrnlUI.exe	CefSharp.BrowserSubprocess.exe
PID 3800 wrote to memory of 376	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 376	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 1944	3800	msedge.exe	msedge.exe
PID 3800 wrote to memory of 3428	3800	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4124

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2424

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3196

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=2268,i,8321395584487709103,5055778336034943910,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=2712
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4896

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3184 --field-trial-handle=2268,i,8321395584487709103,5055778336034943910,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2712 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:212

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=2268,i,8321395584487709103,5055778336034943910,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=2712 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4444

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2988 --field-trial-handle=2268,i,8321395584487709103,5055778336034943910,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2712
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:444

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=4028 --field-trial-handle=2268,i,8321395584487709103,5055778336034943910,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=2712
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffff1aa46f8,0x7ffff1aa4708,0x7ffff1aa4718
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9877854597515837347,14099425244285105722,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:4008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
dcae552634ab3490939cf5687a95d461

SHA1
b67ee5f04690a5569dc71337972981c9cefe82a1

SHA256
80a3f2bba6fa1a001aea2b9ade1e9de1881a75888de1a0986ee7caf16ea84c16

SHA512
d903f0bf56b495688b7b7bfa68e53a9485285a3b1dd9df07efd59697c1283017b123399d812d897e3e76c0a0586e2386f46bbf1cfc96f40d57981544863a837f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
95554f56b2da2daab534c65d8c88e084

SHA1
899db669b1f684f2d40d846e9bfa6c5f4f58377d

SHA256
7d232ccfda4b542903fcc19cb1e954c855ca79e48ebedb53a28a8739fd647bb8

SHA512
0aa1ece6f9df206cacfa89ee12de5b3cde7cb8f7aba4a860aeac529c2cecab3fd5b89dba9b4e41420dc9c2b58075c6121fca706d69597e358da46e4ab5fef81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
7a9ca5ed61f75502b47372157207a938

SHA1
a7c46eb81f2756a99f0768c66562a70083c8267c

SHA256
fb45b7fb7b578783c8a462e95c99ca93696638f0a5095142b1eb8f8799264257

SHA512
7e4051dba80ce2fefa1f11d697cb68d8bda266e33632b87c29da5bd2189c121eb71f3bad53383dc079521b6d60b910c753a290f0cd64e0f7fcafff2ad6782bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
edf67ec8c3fc0d0c2ac0a32f994ef4a6

SHA1
0dc57e09210628749ec8316ae9681428aa050eef

SHA256
4c1177d93da2b6ca972d02976e5745c7116156568687edeb54c5668a70469ff1

SHA512
cf96f0afb3948b3166e581aab78218c2749ffcf4a27aeec03366e57ba0efa7b70d8a6136f856b7ec27b684b2e52a6b7176861b6e2e736d2322e6510e9e0247f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
319255748299fb41f4d5eb0e7347ec62

SHA1
231a729c976e7af062cc2ec0422944b575c7c4f7

SHA256
579974454116cb29ec283ada6dc744de4c7d1ff2f178ccbcceec07ded91d166b

SHA512
ee2ec94e377f6d09b0ec6f6aa40bfa73827fc85b5fdc8330e705b4dd74aeb0ebdbdcef251804036a6e7535d9f61f1d863caf1ba9d6e8c676d88044dd01e66485

Download Submit
C:\Users\Admin\AppData\Local\Temp\2712_57933138\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\2712_57933138\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config
Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png
Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png
Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua
Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config
Filesize
11B

MD5
a3d8125d741db04d38a0c2c56eb9521f

SHA1
69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3

SHA256
e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96

SHA512
014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png
Filesize
534KB

MD5
1ea0fccbceecbcfbe9c57bf230241889

SHA1
4b538297c419731bed21e7f0f8c1f921c6c3f389

SHA256
79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd

SHA512
6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png
Filesize
19KB

MD5
be676e5468366d6f34839bab1a2be5dd

SHA1
14424fc881b910a406f364d1dffb22ee0dc28e04

SHA256
196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e

SHA512
3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua
Filesize
98B

MD5
1f74e0539c4f0816badd444b487dbda9

SHA1
07fc32012374195023f00353c12d800a5ed8d07b

SHA256
f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d

SHA512
d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config
Filesize
6B

MD5
af55765f33160409360ffefd60211d32

SHA1
f16b23456ff82b6875e996c252c92eac375c5c54

SHA256
adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d

SHA512
1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png
Filesize
10KB

MD5
6c5d6e01657cf543c2211452ff43f52f

SHA1
7f4735960b3128f279aa42c4351ee50b32580788

SHA256
014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f

SHA512
f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png
Filesize
12KB

MD5
516a58f5a912ea4cbef1098f8fd5ebc3

SHA1
217162ba93d4c94d7b9389694734e365a91905df

SHA256
c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461

SHA512
ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\script.lua
Filesize
281B

MD5
c0baed80a080fcfbcbde7dc86d38b14e

SHA1
1d81bb414f6853c313b6eea6169a7b68001dca68

SHA256
0109c27defe896cf9cccf23e0dc8765d705e8660360c3eca2a2f30599b46d77b

SHA512
3397e3b5bf3591e8ae5ac4b41be05973c484279151d1239d1976ba1267441809e2addc04f74fb61f7ec6f82fa1c3b6f92acab90eb620095e11f55c9f3f2edb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\tags.config
Filesize
33B

MD5
b042ffedee19500bf6d971c456ec3655

SHA1
077c12ca4595d02a810a592f8cc85bc961676f4d

SHA256
83167cc46576dd7ff84b1f107e9024238395d2a6016f88b9cb911292d52ec2a9

SHA512
0010593f27183cc66acaeba66c0cc4bf82c8faa821c1f5ee75bc78552792068eaec6b120f17112a3df267784dbf8975d6fce2f394e5b616c7f719148e68e0d86

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\card.config
Filesize
11B

MD5
5e42cc2c2e0f1e430aa404314afa53e4

SHA1
794be48d0f018d9ef67a9dddb4dd4b6ba66d020e

SHA256
4f94d5d922df31f5611e97f785b3f7bae178268b0f0727e733590ddd6de13bc2

SHA512
e38a0e93a5f7b9d0f3f09d8408fd29450a88672382e828a5926239ce926782fab49692178ba4614e0683bf4ae50d4ebb6491e6bb6e85372972ef4b1b5435639d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\preview.png
Filesize
49KB

MD5
7b0d11f82c6d558ddccda8a4563f6238

SHA1
615e90c3d799e58850efb189bc220a621dc56e96

SHA256
24f687838f65b20e4f826cc6ab709124a8a91c43789a0b71cb6fc8a58ce8273e

SHA512
5a8dce1fc5c9e2d47634b888bc51ca0ed73eef0f305993979f380e2597a3f5fa45facf0639a2a7d3410c40b29f2ce2b40fbb222660babf009382475cde1e676f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\profile.png
Filesize
237KB

MD5
6cef901a51f67313821f9f7ccca5d38f

SHA1
6a612a1918e94c08b54af9e7e63356d41eff2d82

SHA256
1461d4e5cc1d955721e68d745c900c56c3c28490d86e00cab39f0bcaedc702d8

SHA512
818314e8bbb20fc0fc7ca7884a930063c8c906e8af39abe6c507b96ddeaf5515a9de0c0408bc2483eea067dcd1102bc63095cfd27a6a1af2f628a1bd26929522

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\script.lua
Filesize
451KB

MD5
1cf55875084e2163bbdfbf66452b29e6

SHA1
f28c38a655dd68075ade6b915f683968e77bee97

SHA256
177d8cf42fee5c6012f6571b20e7e17e55df8564af59b9be5dddcdbd879b5c5d

SHA512
3e72263077a032688770f08e181d8786c1248bec31a5f69fdbbff2c127b49466909ecd68a5dd7e1061542bf1900a6f7a6ab498310a460c8fbfaeae81aa5f5db3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\card.config
Filesize
4B

MD5
656626d3691e02c2c2e83276a94add4f

SHA1
258635defa94ec462fbe0c1af91c7b59bef1d1e4

SHA256
0fcf591eb63af5717e253be0931f2e09747df34a27b3ba8d092faf0e55318920

SHA512
2878ceeff7c9d8225006bea6f280587d84d0be316aae41c9c859b632ae71043af52dd2ff1cf50a0804a0a5120da4a500a468170b710e6bb53cc18a391fdf514f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\preview.png
Filesize
465KB

MD5
4178311492a7c89b085dd0f9e16059d1

SHA1
a8c09191f29ba3538bec9ae2ba14aa4eeb59b5ef

SHA256
7a6e75f8f2a3ed7ba1b3ddb2b34b56ff751053896f37c02d527ba496504563be

SHA512
770cc5a277455c4a6f6da2dcc0ab4951580cde25ba1524194967dc1dff8d5d0cc81c9131313f131fd83f7569b2e56bbd55673fad8ff5f1a847e1ddd7f750a4e3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\profile.png
Filesize
8KB

MD5
5f7201b94d86517399ee2a8de627cbeb

SHA1
0028f36c47b6dd36e7e5a1b24ee41f965be3671c

SHA256
6acc361fca4ef73d7a0bdd39482f3d2938eab6d2d942db995666e0978c0f59a4

SHA512
8037df886217f45330630205090724fd2a1c5e66b6084c9ac746cb52e5d653f3d1816e1feb236df760bf72090b8a880ac6391daae5253ac99e9489551ffd1526

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\script.lua
Filesize
115B

MD5
ef0dfaca318853907f49290a828e73f9

SHA1
e4c200f30ed72a6b384c712ba1304fa2dbe72a73

SHA256
80c4123264cd0e6ae4d5308b8c451ef89cd35ab3bbe214f034a34d243abeb8c5

SHA512
b5fec7a5b7c446f6ed8802740b8afbe948ed24c5d677a8748819988e4501e94deead3e7c933e33e19dbce0e10260dc43ac7710435c3864576b38fd27bc35503b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\card.config
Filesize
10B

MD5
cdf58d0e1b6b0dd3f523e7817a0ea0b5

SHA1
a87a1bfa5593ccb6ce553543526b06c7b39c3330

SHA256
a9292bc3beaf23e06a4cb67c4bd213737754f9b5c1538876da059b0ca71e03fe

SHA512
ae1b344d078af79886c7d2d0bc4c103d5873621b3d549362ee416fb6c43f5bfe5d9c43b5073b034bb1ee5b4413689a93dde12f9a8408e4051a39f0f089500784

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\preview.png
Filesize
171KB

MD5
220cf576403c96a12e4831c4e1aff13a

SHA1
b6ff4cb1a6aec90ea01f3807a66ff1b0864d10bf

SHA256
1bc331bf9cfe7a2ec83fea1d9d67cfd2754239edc4dda5a17f99b420b75d6fd9

SHA512
103aab3a35694076ab14874c1f826a51bf8db59349f66765528d70484a4f5a4c6d751e2af3b5c4b832df68233ea33c5b08662d009fc9f2897c4414d61e0f4e41

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\profile.png
Filesize
19KB

MD5
20f7c123960c173546b91a9147be8a98

SHA1
d83534a97c5ff8e917bcd92f2e31d558e863796a

SHA256
d132445e583c7e8662fa48a83c35074d91557c34ea713d1812040c33ce8b89dc

SHA512
1f3b3897f21599f99f89846fb92783fad0c2018a4d20da12c9ae1789bc8b284987433c183582dfc5914f3d3b176ecf9f70de036f032b24e78054869ada87826b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
2bf7b0f0d0485173c85ed257a7c2e8b4

SHA1
8f26700ad7fbb841ba2a49fe4ab93f791b1ce230

SHA256
6375b1b30e8efe5af82ce1fd0a1e62fad45e0c9cef226c00d32b945350d0c686

SHA512
b61b8462673e0900425a0ddcbf1e6b5b8dfbbf8d8ff18dbf3f9b1dddd66a4ccccdf688236921605d5f673de49a951ab12d8d8b98d86b4f284a37304ce8ec4b63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak
Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak
Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak
Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
memory/212-615-0x0000000004D70000-0x0000000004D80000-memory.dmp

Filesize
64KB

Download
memory/212-623-0x0000000004D70000-0x0000000004D80000-memory.dmp

Filesize
64KB

Download
memory/444-624-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/444-616-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/2712-621-0x000000000E040000-0x000000000E140000-memory.dmp

Filesize
1024KB

Download
memory/2712-548-0x00000000033C0000-0x00000000033E0000-memory.dmp

Filesize
128KB

Download
memory/2712-544-0x0000000000F80000-0x000000000109E000-memory.dmp

Filesize
1.1MB

Download
memory/2712-618-0x0000000005B30000-0x0000000005B40000-memory.dmp

Filesize
64KB

Download
memory/2712-619-0x0000000005B30000-0x0000000005B40000-memory.dmp

Filesize
64KB

Download
memory/2712-620-0x0000000005B30000-0x0000000005B40000-memory.dmp

Filesize
64KB

Download
memory/2712-614-0x000000000E040000-0x000000000E140000-memory.dmp

Filesize
1024KB

Download
memory/2712-552-0x0000000006150000-0x0000000006254000-memory.dmp

Filesize
1.0MB

Download
memory/2712-607-0x0000000005B30000-0x0000000005B40000-memory.dmp

Filesize
64KB

Download
memory/2712-558-0x0000000006140000-0x0000000006150000-memory.dmp

Filesize
64KB

Download
memory/2712-553-0x0000000005B30000-0x0000000005B40000-memory.dmp

Filesize
64KB

Download
memory/2712-554-0x0000000005B30000-0x0000000005B40000-memory.dmp

Filesize
64KB

Download
memory/4124-138-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/4124-133-0x0000000000360000-0x000000000053A000-memory.dmp

Filesize
1.9MB

Download
memory/4124-134-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/4124-135-0x0000000007CD0000-0x0000000007CD8000-memory.dmp

Filesize
32KB

Download
memory/4124-136-0x0000000008D00000-0x0000000008D38000-memory.dmp

Filesize
224KB

Download
memory/4124-300-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/4124-299-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/4124-168-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/4124-137-0x0000000008CE0000-0x0000000008CEE000-memory.dmp

Filesize
56KB

Download
memory/4124-159-0x0000000008E90000-0x0000000008E9A000-memory.dmp

Filesize
40KB

Download
memory/4124-139-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/4444-617-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4444-625-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4896-576-0x00000000004E0000-0x00000000004E8000-memory.dmp

Filesize
32KB

Download
memory/4896-613-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/4896-622-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/5908-867-0x0000000004B01000-0x0000000004B06000-memory.dmp

Filesize
20KB

Download