lumma | 27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

Analysis

max time kernel
210s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_bootstrapper.exe
Size

1.2MB
MD5

f14153bbd95fc26d9ccea77c49cf09b9
SHA1

cb59f900711ea751c4322b4dab50fa2c0ee70b33
SHA256

27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
SHA512

7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
SSDEEP

12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_bootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	krnl_bootstrapper.exe

Executes dropped EXE 4 IoCs

Processes:

7za.exe7za.exekrnlss.exekrnlss.exe

pid process

2740 7za.exe
3052 7za.exe
544 krnlss.exe
5304 krnlss.exe

pid	process
2740	7za.exe
3052	7za.exe
544	krnlss.exe
5304	krnlss.exe

Loads dropped DLL 48 IoCs

Processes:

krnlss.exekrnlss.exe

pid	process
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
544	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe
5304	krnlss.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exetaskmgr.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 3 IoCs

Processes:

krnl_bootstrapper.exefirefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	krnl_bootstrapper.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

krnlss.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

Processes:

krnl_bootstrapper.exekrnlss.exetaskmgr.exekrnlss.exe

pid	process
2276	krnl_bootstrapper.exe
2276	krnl_bootstrapper.exe
2276	krnl_bootstrapper.exe
544	krnlss.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
5304	krnlss.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

Processes:

krnl_bootstrapper.exe7za.exe7za.exekrnlss.exefirefox.exetaskmgr.exekrnlss.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	2276	krnl_bootstrapper.exe
Token: SeRestorePrivilege	2740	7za.exe
Token: 35	2740	7za.exe
Token: SeSecurityPrivilege	2740	7za.exe
Token: SeSecurityPrivilege	2740	7za.exe
Token: SeRestorePrivilege	3052	7za.exe
Token: 35	3052	7za.exe
Token: SeSecurityPrivilege	3052	7za.exe
Token: SeSecurityPrivilege	3052	7za.exe
Token: SeDebugPrivilege	544	krnlss.exe
Token: SeDebugPrivilege	984	firefox.exe
Token: SeDebugPrivilege	984	firefox.exe
Token: SeDebugPrivilege	3736	taskmgr.exe
Token: SeSystemProfilePrivilege	3736	taskmgr.exe
Token: SeCreateGlobalPrivilege	3736	taskmgr.exe
Token: 33	3736	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3736	taskmgr.exe
Token: SeDebugPrivilege	5304	krnlss.exe
Token: SeDebugPrivilege	5508	firefox.exe
Token: SeDebugPrivilege	5508	firefox.exe

Suspicious use of FindShellTrayWindow 47 IoCs

Processes:

firefox.exetaskmgr.exekrnlss.exefirefox.exe

pid	process
984	firefox.exe
984	firefox.exe
984	firefox.exe
984	firefox.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
544	krnlss.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
5508	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
984	firefox.exe
984	firefox.exe
984	firefox.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe
3736	taskmgr.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

firefox.exefirefox.exe

pid	process
984	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe
5508	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_bootstrapper.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2276 wrote to memory of 2740	2276	krnl_bootstrapper.exe	7za.exe
PID 2276 wrote to memory of 2740	2276	krnl_bootstrapper.exe	7za.exe
PID 2276 wrote to memory of 2740	2276	krnl_bootstrapper.exe	7za.exe
PID 2276 wrote to memory of 3052	2276	krnl_bootstrapper.exe	7za.exe
PID 2276 wrote to memory of 3052	2276	krnl_bootstrapper.exe	7za.exe
PID 2276 wrote to memory of 3052	2276	krnl_bootstrapper.exe	7za.exe
PID 2276 wrote to memory of 544	2276	krnl_bootstrapper.exe	krnlss.exe
PID 2276 wrote to memory of 544	2276	krnl_bootstrapper.exe	krnlss.exe
PID 2276 wrote to memory of 544	2276	krnl_bootstrapper.exe	krnlss.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 4816 wrote to memory of 984	4816	firefox.exe	firefox.exe
PID 984 wrote to memory of 4660	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 4660	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe
PID 984 wrote to memory of 2352	984	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2740

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3052

C:\Users\Admin\Documents\krnl\krnlss.exe
"C:\Users\Admin\Documents\krnl\krnlss.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.0.1323752097\1334821755" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e56d6d57-2049-4eed-a4eb-3cbe66eba64c} 984 "\\.\pipe\gecko-crash-server-pipe.984" 1916 14144ee0858 gpu
3⤵
PID:4660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.1.406478633\1542534226" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbee04d3-eddc-44cf-82ec-ade3a3163dc8} 984 "\\.\pipe\gecko-crash-server-pipe.984" 2316 14137e71358 socket
3⤵
- Checks processor information in registry
PID:2352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.2.1149798646\1490741610" -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c99ef26-ca39-4847-a672-75f319d0265d} 984 "\\.\pipe\gecko-crash-server-pipe.984" 3128 14148af9358 tab
3⤵
PID:5072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.3.273147948\686931952" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e5203cc-6eb3-413d-bdfa-fe2055198416} 984 "\\.\pipe\gecko-crash-server-pipe.984" 2452 14137e69358 tab
3⤵
PID:2320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.4.1782143467\1919581782" -childID 3 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57cea9d0-1466-483f-b120-f26eef83c878} 984 "\\.\pipe\gecko-crash-server-pipe.984" 4016 14137e62b58 tab
3⤵
PID:3540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.5.574265890\354141608" -childID 4 -isForBrowser -prefsHandle 4700 -prefMapHandle 4032 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62c80361-a59a-452c-b4b5-6e1fd1293f68} 984 "\\.\pipe\gecko-crash-server-pipe.984" 4788 1414914c258 tab
3⤵
PID:2220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.6.492122968\1014411503" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3439a790-2443-4682-bd90-b5901694df5c} 984 "\\.\pipe\gecko-crash-server-pipe.984" 5016 1414aa9dd58 tab
3⤵
PID:1956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.7.460638112\953210367" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9c3059-0310-4d6b-bb68-a4fc4e0244dc} 984 "\\.\pipe\gecko-crash-server-pipe.984" 5156 1414aac1258 tab
3⤵
PID:4780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.8.967643396\1224165841" -childID 7 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 27020 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9293d9f1-d1da-4a17-be59-d76bb163273b} 984 "\\.\pipe\gecko-crash-server-pipe.984" 5672 1414c4b5858 tab
3⤵
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.9.401916884\728761447" -childID 8 -isForBrowser -prefsHandle 6120 -prefMapHandle 6124 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1cefec4-48cb-4419-b4cd-897e3fdb75ab} 984 "\\.\pipe\gecko-crash-server-pipe.984" 3556 14147d49258 tab
3⤵
PID:5520

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3736

C:\Users\Admin\Documents\krnl\krnlss.exe
"C:\Users\Admin\Documents\krnl\krnlss.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.0.2030102051\1455881953" -parentBuildID 20221007134813 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 20890 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a956efa4-cd7b-4f06-90c9-bdc25967b3b0} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 1756 24e0a9f4b58 gpu
3⤵
PID:5904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.1.1735324152\651121277" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20890 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4930b9f4-2313-43cc-aa00-15379529bb7a} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2148 24e0a53d258 socket
3⤵
PID:6004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.2.956961586\1982132490" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3180 -prefsLen 21437 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb1bd85e-2268-49b1-8215-ae86ec6b732d} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 3396 24e0aa65f58 tab
3⤵
PID:1860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.3.1407742022\1539934198" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 26049 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb70ea72-8a2b-4e1a-9419-e6bc6f412041} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 3688 24e0f3f4b58 tab
3⤵
PID:2040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.4.2061162172\65591964" -childID 3 -isForBrowser -prefsHandle 4532 -prefMapHandle 4528 -prefsLen 26888 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dff1eb17-2258-4042-90cc-509bcbdc15a9} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4544 24e10739858 tab
3⤵
PID:1492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.6.1285324109\644543893" -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27048 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cdae84d-8323-4339-8f97-fd172f75c447} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5404 24e11f10458 tab
3⤵
PID:2912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.7.1083171308\645320277" -childID 6 -isForBrowser -prefsHandle 5600 -prefMapHandle 5604 -prefsLen 27155 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d1c7d6e-52fe-465e-82c8-cd860eaa76b1} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5220 24e11f12e58 tab
3⤵
PID:672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.5.924381249\1826384859" -childID 4 -isForBrowser -prefsHandle 5268 -prefMapHandle 5276 -prefsLen 27048 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fd61d57-2ee2-4b43-830f-05430634450a} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5260 24e11f0fe58 tab
3⤵
PID:4896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.8.1084337529\264034248" -parentBuildID 20221007134813 -prefsHandle 4964 -prefMapHandle 5604 -prefsLen 29536 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de391732-57e5-47a2-95b4-59c7329ffc47} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5928 24e126ba858 rdd
3⤵
PID:2276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.9.465697891\393581566" -childID 7 -isForBrowser -prefsHandle 6036 -prefMapHandle 3192 -prefsLen 29536 -prefMapSize 232711 -jsInitHandle 1144 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49699098-da65-46ad-ada6-078891f5625f} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6048 24e126bdb58 tab
3⤵
PID:1452

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_4DBBCB40FA282C06F1543D887F4F4DCC
Filesize
719B

MD5
e08c641a1311bd6abe9f95a55bcc3d56

SHA1
142ba23be0dc4ed83bdc62dafd6c304ba9e3eab9

SHA256
c74c8d8dbfc4d85559b9d8884878f5cc17699a66864f0035c3b39fb00bb5f3e7

SHA512
e80c27c3f85eb083f82753085766d0ff327b25f9df364b2e04ee78d748d477087c0113940cad734e67c1124b238a0f7e60fdc2677acf50fa5895ad1653da215e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E
Filesize
1KB

MD5
08aeca56b357a95d52ac03ac20b82542

SHA1
c6f51a8170d5a155cc54e8c7bef8a4e1e58d46e2

SHA256
e4fc5132bbb749668f5887e099dad65bcb263d273660a935baaeabe968a73a8c

SHA512
9a870af31c3a6e67e19867026c70496126c1fc7a317701f73f6b0781475403eea468d02eccedad09a1b5ecc4f0acea8d35e26d21c0f2474e44497785984d2a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D682FDDA10064185EC8111DC39DBA8EC
Filesize
22KB

MD5
7056a8acd6c84229375e222fc2528e65

SHA1
924279d3870c95fb36e293f581b7337236bc32ef

SHA256
1fca870b53de73ff08c2fac604d90be68d741fcba64902fc080a42be55562b4e

SHA512
bbd8e9fcb9ff109364feba07612a4ad84d07e3d61fbc814ea1c8f492c9c708871293c242410c62f4b1a2948f9c2dde68d300f3874da698cc4ee35d92af8de2c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\54C62B182F5BF07FA8427C07B0A3AAF8_4DBBCB40FA282C06F1543D887F4F4DCC
Filesize
446B

MD5
b25e3ea307963204c541834e9bd09564

SHA1
5627c48fe830f65e7d75e541225a56e7793c513e

SHA256
efd6a9fef265bab03e0b21ef99ced40d74ee932f7505bf1d3fbb6610ff503b57

SHA512
8fd8c449492b940523d462fdbf8dd902705742cd3ed7346761ddeb20d48a7da24a0cc5c3d59eb39a35e8018782e531c594704bf9829688e61a5d6728570de047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E
Filesize
406B

MD5
b5119c4370ef9f54910eed168a967146

SHA1
95d25edef906ed350d612fcafeb0da7aab5a8396

SHA256
ffca922cdd22af3e76237520e691afcd1238d63744bb2a66bee8a9d33a04f5b9

SHA512
9697c0bcf399893cb161bef35a5399730d2f44c07a4e80831dcc31d85fc07b7cd319e1e3578b83fff8498e42b83c616ee222ee0257947e47cb949e864f59e4b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D682FDDA10064185EC8111DC39DBA8EC
Filesize
308B

MD5
33b941b1686103a3a74430dfbfd754a3

SHA1
671e398a7dff508bfc8b9b9259063a0302ce56ef

SHA256
0314b1e60a23725c057284bec51177c7cdb5a3ea0aa8d3775e9e801d3b9f07c8

SHA512
3948b61194ff17df1a4a47b54b37572d7f47b078a81ea41455b4b0f76e1d68d6e436198d82a84f5eb4b9eb8f0c3424ad3eea832597fd2f73909b3052f0340cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\krnlss.exe.log
Filesize
6KB

MD5
3da0f8ce5ccff1f10343c4c1c3767c9b

SHA1
ebf9706ae66d3284b4fd9874993084e5c3d8aa6d

SHA256
9e50206e262f74261327fa50de0ed23439db3d01e88761bf671d82519b09667e

SHA512
bbace4ab97611993c469a7d585e73d353877f976ca1c374e00127b978b16295415a2694f8e001edc7821faa3b90295ddd098f6c4749945aebd324f0a213ce5cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
Filesize
138KB

MD5
949aeadf9d6ff6b49e5d2bd3a0e4b667

SHA1
c6ebeafd9c9763cb87383058774f89dabac662c8

SHA256
acceac3e8e76ed86495796178fcba23892514121483dc0aa13bb2bee7e75e222

SHA512
1c830b14be7a790f5ddc96cc0ec57385c6c31d9a00cb289b7217ed664f76da0dcf536f806d3304e25bfaf0a39f54ea0ad688426545a0f40d7026e84ad73facbe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\20630
Filesize
8KB

MD5
0f8e3f8fe3dcc1bc7da40238a6610a40

SHA1
6b09d293534f6a5be48d1c1c26eda982d046666f

SHA256
64b20bc0df6da1e656cf272fceac0396509082d49abee4187c8087c01c6a8f76

SHA512
ce79266efe4a474cb7f65bb7fd072cd900726aee6667dd8f56f4c3337e050f13b16cd85bc95173eaf8326b8f7cd5f5615133538b0843526013b66ed69f9d1ec0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\4EED77ABF2B13446DC47048EDC01C87DFC8AFFC2
Filesize
29KB

MD5
0b8a591313bba641ff40192ec6666143

SHA1
926738bb0c1f7175e0a6cf8b6dbac9abc15fff1a

SHA256
47017ec89231c592013c9abb86ce9b9fcd4d4f76bf69bd9de04dfc551f903617

SHA512
8866ae33e4c9c0d06784014a961568ab9f2b8732e53c8e04796e63ba469180c35a0b3c28eb634a35460237e2cd7d263b6dbc91175e6c15a58a48a53620bc1cd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052
Filesize
14KB

MD5
76d5bea9285bd4ec57447e9f4a7805f3

SHA1
54b749b947a1e929e9a81599138b47998d53547e

SHA256
d890f0a365cf633d24e44b3a4561bc100146b9a73227ed0c5c72e14b981f6039

SHA512
d69100d9dbac674a3ff4783445e520ee8da490c5f296cf50eaa6b93143c6ae12319880970f329814cdce16175ccbb64f3c6a72dfd06b2ec6981ffcaade9ff8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll
Filesize
943KB

MD5
2ff7acfa80647ee46cc3c0e446327108

SHA1
c994820d03af722c244b046d1ee0967f1b5bc478

SHA256
08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d

SHA512
50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\crashes\store.json.mozlz4.tmp
Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
a00800e094278ac1e62e7f8077fbe461

SHA1
cb2d5915d61e5d7e22f3cd19eff57a88eeb56e1e

SHA256
c4dbc046c53152440319a7cd8b58a4fd468ecbd4ee449f99098e4d312d5e5d8e

SHA512
f18107956bc7a8a39fd3e21c45f11ec8a562c783bb7630aec826ddc4f43fa30e76ae516199553a77ef08ea6061ac4edc1a2df7965cf24b7363c6631d46c24834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
903df873cfe6de516191f2da7f9f0753

SHA1
29688ed3415b9050da5f13f9ab61ff08565ab08c

SHA256
d9ee585a269b6098d1d59f8c1a5b651c112fcbab5d8a44a9fc6c8c089b3474ff

SHA512
a879222f2dbbbdff1b6e43cb5f67622d29127ed183cb0e9e733905169c063ce9866608f70a5bbcc0ca7267fd17659319f3d328624e6402f64b2cd3147e2afaed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
94e0516507f64e61c18500cee3c9cb90

SHA1
91bf93b5271b01e1222304b6d9f444a83c1893c1

SHA256
9025d9da955bd6e9572892ed59b8f252d9b5945706d60a2d160b7899b9288047

SHA512
0ebcc683671247585144cdc19585ad0075d34b5701d6de0042c582cbff33d8e9e7fd36e3839f7d77177ec49115bd5ffb370aa16c11b764f86362cc20a50cc3ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
f7c82ab2bd950f8d43b6f8698aa6ca47

SHA1
ad1e77757f0aa15aa718464dc42329c64588ddf0

SHA256
5fb91383db9f37e6cf8a2a5603738ddc31cf20b91da6493c81429a5bdbdaed63

SHA512
65b42d031afc245110a54c630a75033d84912e2beb6ba82eaa3c3c03c3c4319a570646f5dadaebbb8d9be81d4f5c73ddbc9738f08357d638b5d7e15bd3c35354

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
8KB

MD5
8148ad35d00cc6b10c7d46c804289173

SHA1
ef0ad54e7c1443e6de4a68a8038a2baf6cad5190

SHA256
7fb7affed701faa8f88c100f4b82dd2dbe4765d705f6928cfc266e708f28ac35

SHA512
6cbbcbfd38031b9975a16fe1d300f8f3d836aa8d313e77550acec8e237f06640abb318ea7b1cb9dfd5be549cc84e582f9777436607a53649efac8db13a3b92f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
8KB

MD5
e639f4288b2c2056f863fd9bfcbfd731

SHA1
059a8c16852dd4eb1406b48cb8c25d406c81f1b7

SHA256
4a5e06cb051404ab804ebf18baaf92f827c16822519b5aa63b75a45612912a15

SHA512
9934d6d3a52aa7dd8ac78ce7a0f4d9ae958e8f40355221ed71c6d2a23211109cfe9728381c82b615c133d7173aa323d8d78923bcff971594c413bbb274b930d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
9KB

MD5
c2065d6705ff32ec3781bc66936681d6

SHA1
77eb3171d1846d930371dffa41f927db951c8dbd

SHA256
163d44e699fe98e9ff066df95fb8b4b8517946e25d99c8d0357d3b14f0f42765

SHA512
8095cf9e537a7bb64e42fc99555a661e237be937537acc66e899aa8236212c626937eaddba3b4177d6da926a6136562525732e342b2a2193c8850363183de262

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
9KB

MD5
3801aaa219427daa8437f549bb7d30e2

SHA1
b18dd232cd90549a9786cacf406c3baf138993d7

SHA256
9fc2e7a55c3ef2007ec197e65e4a6a970388a6f9eba47a6892a104828f37ae49

SHA512
3ed65fe28364e62e5ff842112d1343654bcade75a6c961094a4c0c607417bb9bb8f286c41b50409ceb0312344a36b7671b802f236f20b3b0a6242e445ba7d283

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
9KB

MD5
8613df5347c060dca71ee801f79c6c2f

SHA1
d687b29b7b45ffd365c31dbfd6a6b6b234cbd3b1

SHA256
9dfa35ab4cede39726cb43f8175c7df75315b3c5d50b088fc2abf30275258065

SHA512
4f942f94c18e7a521992bd8eef8dcdf081255407b4f3d39f15b9ac5694575b01f7fbb7913aa8f5071cf51e7e912f1071a898f67ff259b61cf7f2219652b9bb51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
Filesize
6KB

MD5
1984b45f201f1fd79d2154406648433b

SHA1
42f082dc6d4d43333688690bf4dfa7c7f8b618ab

SHA256
000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

SHA512
e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
485242516dda6923e5fd25282ca34b9c

SHA1
e1824e7866b2524e7d05768885c65f2cd62dd597

SHA256
be43f01009b5ce20a7020995fb6c8cc846bec0d0f4235e4756f83ee451155e6e

SHA512
8d910d7763b5343490a921e81a67d9bc19c7a1c807143965e0050f1aa2f84430df28625b4d222a7b9a7a3f3945ebf271c40eafb30045efe98ea1bb264efe4109

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
0cdc12399005fef5e8c3ee2e441a4d06

SHA1
44d23217ae3e9a05ed8af4664704371c546c7743

SHA256
12386dde95195f5b39ace8e8f13bb2b9bca0813579b9c19ef2e6416c5dae2232

SHA512
35d596aaaa2c1a1c08dc20e33f7818dd3614341d4f810b124aa5ac7b79799ea5f7bf16f90b43fa56c643db5711a1e8f2a577344f3b259d7d4bd544d5447e5e57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
05cd1ab93d80da45b9a9ae2f87bf4d6c

SHA1
6831ac5ce284826af89a6786fa0c41a461ae2bb7

SHA256
f1268535d2ac3f813225cc54be10ad6a2c7570791196ea691a0b95d0242ba430

SHA512
41a120653d3c0120e51359b3c46dc109827a5780c54d602b1ed82644d368410024b256f60f877a8fdba8cbdb595832e0b3e90b80195d200324baf4f3a8ff88b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
37cec3da57d764e075406023010f0a11

SHA1
83ea71028423921c924abee1da27ef9313e22846

SHA256
4a77e97033d2bc0c0855ee489853dadaeee7774e7c244e278dc2a89ebf89714b

SHA512
d61228f29152e48c1bfa09ffa95b305639b8951ade8ddcb74c2ab8448faebfe1ba02573ee01fce67d9a7dde557d649e82031aeb8587797d1b3a180279f46dca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore.jsonlz4
Filesize
5KB

MD5
76cd64b826097b4351eee722dadd04a5

SHA1
d715edb642b59128cd4bc43651c24ba074a90b11

SHA256
de2a281002ef014d92488e7799a8261c70db19ce4da6341d51122f44b3a7a340

SHA512
004172d63e99e06cc3f6f9a5c43bfd4cba383e9a6080db5329d38679c694b2714041f67951c02e22ff898adec46009bb0ecf009b4065199cf54766da6ed7ded9

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\bin\Monaco.zip
Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Documents\krnl\bin\src.7z
Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe.config
Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
memory/544-750-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/544-652-0x00000000051A0000-0x0000000005744000-memory.dmp

Filesize
5.6MB

Download
memory/544-693-0x00000000079D0000-0x00000000079EA000-memory.dmp

Filesize
104KB

Download
memory/544-692-0x0000000007A00000-0x0000000007A44000-memory.dmp

Filesize
272KB

Download
memory/544-745-0x000000000A8F0000-0x000000000A966000-memory.dmp

Filesize
472KB

Download
memory/544-746-0x000000000A9A0000-0x000000000A9BE000-memory.dmp

Filesize
120KB

Download
memory/544-747-0x000000000A7F0000-0x000000000A8F0000-memory.dmp

Filesize
1024KB

Download
memory/544-748-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/544-749-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/544-698-0x0000000007B80000-0x0000000007BAA000-memory.dmp

Filesize
168KB

Download
memory/544-691-0x0000000007A80000-0x0000000007B4E000-memory.dmp

Filesize
824KB

Download
memory/544-690-0x00000000073D0000-0x00000000073EA000-memory.dmp

Filesize
104KB

Download
memory/544-689-0x0000000007930000-0x0000000007952000-memory.dmp

Filesize
136KB

Download
memory/544-699-0x00000000082D0000-0x0000000008302000-memory.dmp

Filesize
200KB

Download
memory/544-700-0x00000000083A0000-0x000000000842C000-memory.dmp

Filesize
560KB

Download
memory/544-701-0x00000000085B0000-0x0000000008726000-memory.dmp

Filesize
1.5MB

Download
memory/544-734-0x00000000094D0000-0x0000000009512000-memory.dmp

Filesize
264KB

Download
memory/544-707-0x0000000008320000-0x000000000832C000-memory.dmp

Filesize
48KB

Download
memory/544-705-0x0000000008D90000-0x0000000008E4A000-memory.dmp

Filesize
744KB

Download
memory/544-728-0x0000000008BB0000-0x0000000008BBE000-memory.dmp

Filesize
56KB

Download
memory/544-704-0x0000000008430000-0x0000000008496000-memory.dmp

Filesize
408KB

Download
memory/544-697-0x0000000007DB0000-0x0000000007DF4000-memory.dmp

Filesize
272KB

Download
memory/544-651-0x0000000000190000-0x0000000000314000-memory.dmp

Filesize
1.5MB

Download
memory/544-688-0x0000000007970000-0x00000000079A2000-memory.dmp

Filesize
200KB

Download
memory/544-687-0x0000000007370000-0x0000000007390000-memory.dmp

Filesize
128KB

Download
memory/544-686-0x00000000073A0000-0x00000000073C2000-memory.dmp

Filesize
136KB

Download
memory/544-685-0x0000000007350000-0x0000000007370000-memory.dmp

Filesize
128KB

Download
memory/544-684-0x0000000007320000-0x000000000732A000-memory.dmp

Filesize
40KB

Download
memory/544-683-0x0000000007E00000-0x00000000082CC000-memory.dmp

Filesize
4.8MB

Download
memory/544-682-0x0000000007260000-0x000000000727C000-memory.dmp

Filesize
112KB

Download
memory/544-681-0x0000000006880000-0x000000000689E000-memory.dmp

Filesize
120KB

Download
memory/544-680-0x0000000007230000-0x0000000007252000-memory.dmp

Filesize
136KB

Download
memory/544-679-0x0000000007400000-0x000000000792C000-memory.dmp

Filesize
5.2MB

Download
memory/544-678-0x00000000067F0000-0x0000000006846000-memory.dmp

Filesize
344KB

Download
memory/544-677-0x00000000067B0000-0x00000000067EC000-memory.dmp

Filesize
240KB

Download
memory/544-676-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/544-675-0x0000000006740000-0x00000000067A6000-memory.dmp

Filesize
408KB

Download
memory/544-674-0x0000000006680000-0x00000000066D0000-memory.dmp

Filesize
320KB

Download
memory/544-673-0x0000000006610000-0x0000000006622000-memory.dmp

Filesize
72KB

Download
memory/544-672-0x0000000006400000-0x000000000650A000-memory.dmp

Filesize
1.0MB

Download
memory/544-671-0x00000000068B0000-0x0000000006EC8000-memory.dmp

Filesize
6.1MB

Download
memory/544-695-0x0000000007BB0000-0x0000000007C10000-memory.dmp

Filesize
384KB

Download
memory/544-670-0x00000000061F0000-0x0000000006202000-memory.dmp

Filesize
72KB

Download
memory/544-669-0x0000000006250000-0x000000000628C000-memory.dmp

Filesize
240KB

Download
memory/544-740-0x000000000BCF0000-0x000000000BE44000-memory.dmp

Filesize
1.3MB

Download
memory/544-706-0x0000000008340000-0x0000000008362000-memory.dmp

Filesize
136KB

Download
memory/544-666-0x0000000006210000-0x000000000624E000-memory.dmp

Filesize
248KB

Download
memory/544-722-0x0000000008BA0000-0x0000000008BAE000-memory.dmp

Filesize
56KB

Download
memory/544-718-0x0000000009160000-0x00000000091AA000-memory.dmp

Filesize
296KB

Download
memory/544-702-0x00000000084D0000-0x000000000856C000-memory.dmp

Filesize
624KB

Download
memory/544-736-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/544-735-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/544-696-0x0000000007B50000-0x0000000007B74000-memory.dmp

Filesize
144KB

Download
memory/544-703-0x0000000008C00000-0x0000000008D86000-memory.dmp

Filesize
1.5MB

Download
memory/544-653-0x0000000004BF0000-0x0000000004C82000-memory.dmp

Filesize
584KB

Download
memory/544-694-0x0000000007C80000-0x0000000007DA2000-memory.dmp

Filesize
1.1MB

Download
memory/2276-133-0x0000000000EB0000-0x0000000000FDA000-memory.dmp

Filesize
1.2MB

Download
memory/2276-134-0x000000000A140000-0x000000000A148000-memory.dmp

Filesize
32KB

Download
memory/2276-135-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/2276-136-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/2276-137-0x000000000A440000-0x000000000A478000-memory.dmp

Filesize
224KB

Download
memory/2276-138-0x000000000A410000-0x000000000A41E000-memory.dmp

Filesize
56KB

Download
memory/2276-401-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/2276-402-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/3736-847-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-836-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-838-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-837-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-842-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-843-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-844-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-848-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-846-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download
memory/3736-845-0x00000205B8A30000-0x00000205B8A31000-memory.dmp

Filesize
4KB

Download