lumma | 27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

Analysis

max time kernel
45s
max time network
147s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_bootstrapper.exe
Size

1.2MB
MD5

f14153bbd95fc26d9ccea77c49cf09b9
SHA1

cb59f900711ea751c4322b4dab50fa2c0ee70b33
SHA256

27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
SHA512

7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
SSDEEP

12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

7za.exe7za.exekrnlss.exe

pid process

1612 7za.exe
1620 7za.exe
2892 krnlss.exe
Loads dropped DLL 3 IoCs

Processes:

krnl_bootstrapper.exe

pid process

1312 krnl_bootstrapper.exe
1312 krnl_bootstrapper.exe
1312 krnl_bootstrapper.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1612	7za.exe
1620	7za.exe
2892	krnlss.exe

pid	process
1312	krnl_bootstrapper.exe
1312	krnl_bootstrapper.exe
1312	krnl_bootstrapper.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72ACCD71-D006-11ED-814E-C29BF59226D8} = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

krnl_bootstrapper.exechrome.exe

pid process

1312 krnl_bootstrapper.exe
1312 krnl_bootstrapper.exe
1312 krnl_bootstrapper.exe
980 chrome.exe
980 chrome.exe

pid	process
1312	krnl_bootstrapper.exe
1312	krnl_bootstrapper.exe
1312	krnl_bootstrapper.exe
980	chrome.exe
980	chrome.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

Processes:

krnl_bootstrapper.exe7za.exe7za.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1312	krnl_bootstrapper.exe
Token: SeRestorePrivilege	1612	7za.exe
Token: 35	1612	7za.exe
Token: SeSecurityPrivilege	1612	7za.exe
Token: SeSecurityPrivilege	1612	7za.exe
Token: SeRestorePrivilege	1620	7za.exe
Token: 35	1620	7za.exe
Token: SeSecurityPrivilege	1620	7za.exe
Token: SeSecurityPrivilege	1620	7za.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe
Token: SeShutdownPrivilege	980	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe
980	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2112 iexplore.exe
2112 iexplore.exe
2484 IEXPLORE.EXE
2484 IEXPLORE.EXE

pid	process
2112	iexplore.exe
2112	iexplore.exe
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_bootstrapper.exechrome.exe

description	pid	process	target process
PID 1312 wrote to memory of 1612	1312	krnl_bootstrapper.exe	7za.exe
PID 1312 wrote to memory of 1612	1312	krnl_bootstrapper.exe	7za.exe
PID 1312 wrote to memory of 1612	1312	krnl_bootstrapper.exe	7za.exe
PID 1312 wrote to memory of 1612	1312	krnl_bootstrapper.exe	7za.exe
PID 980 wrote to memory of 820	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 820	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 820	980	chrome.exe	chrome.exe
PID 1312 wrote to memory of 1620	1312	krnl_bootstrapper.exe	7za.exe
PID 1312 wrote to memory of 1620	1312	krnl_bootstrapper.exe	7za.exe
PID 1312 wrote to memory of 1620	1312	krnl_bootstrapper.exe	7za.exe
PID 1312 wrote to memory of 1620	1312	krnl_bootstrapper.exe	7za.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1552	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1704	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1704	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1704	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe
PID 980 wrote to memory of 1248	980	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1312

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1612

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1620

C:\Users\Admin\Documents\krnl\krnlss.exe
"C:\Users\Admin\Documents\krnl\krnlss.exe"
2⤵
- Executes dropped EXE
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6939758,0x7fef6939768,0x7fef6939778
2⤵
PID:820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:8
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:2
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:8
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2356 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:1
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2388 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:1
2⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:2
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3724 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3772 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:8
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:8
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=1236,i,9892656878711426614,3328373548799087704,131072 /prefetch:8
2⤵
PID:2820

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6939758,0x7fef6939768,0x7fef6939778
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
84e846122793ef2a8465318ec24a3e68

SHA1
1128c79f8c0e6bd2d25a8af3488df8904fd2117b

SHA256
75980ca99a6e3d7a762704ecfda30794f511cd2767233b052e3cb06a57ef7e0c

SHA512
0a08a6afc9df1f30cc55dcb99d54ad719d82ea813430fb84fc6639f91628bcf6f2ca74351c6281c81ba07f175e2a995501d78839ca2e93bcfa9777b2ae8a473f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
442138143a519e00527dd93ae78db9de

SHA1
2fd5af7714059937c280c6e7c67deda4e0301a4c

SHA256
7f467a6c19e898c9f0319cdc7139c912f125a40f6b2558260266b5e0e40de09e

SHA512
3112d878dc27ec66b9d55673f53d12577002bc237aad7125c4eef8643fc6689752c4ce9b1d833e565557a3a4d753cb0f7f2838bcdfe43ed5df07ed259bdfe7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
442138143a519e00527dd93ae78db9de

SHA1
2fd5af7714059937c280c6e7c67deda4e0301a4c

SHA256
7f467a6c19e898c9f0319cdc7139c912f125a40f6b2558260266b5e0e40de09e

SHA512
3112d878dc27ec66b9d55673f53d12577002bc237aad7125c4eef8643fc6689752c4ce9b1d833e565557a3a4d753cb0f7f2838bcdfe43ed5df07ed259bdfe7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b64414c1869b6214a38e7a2ae101e1f0

SHA1
e1cd433f8bd1eb62d59d82ba4c6017986c917f69

SHA256
4f1def794502fb84c2d7d442c30bcc43026145be292c41c1f3e75be904b1e69e

SHA512
c0735a4a1437b5040026c40d1017a199692a047ef52410dcfa0a9d096fcb69b7c23d64363452b506e61c3465c2eca7955d28c3d16c239e43061ce040e6e6ad4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2dc02190caf329a1dd1e138e6d39cd59

SHA1
c9a085e4d053cb532fca6fb08a2b6cc64a2b8fd8

SHA256
f82a6032649ec53933e09eb9c5f57adf6fa7855aba5e23b172819bc7676723e5

SHA512
f5eae8fe37394fab8eeb25313307cd97197db298db56589e0966b64e8de44b4b5bd718984044f95bf7f8c45f0346699f834f8c82725726a338e02b4b50bcf356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bc4084a759cd7978dfaaef82041306f2

SHA1
4f72d7518accde3081ea133bbb1486f3b01ed654

SHA256
7eee976eb0088e893f0d61502924930e9cfdee9b37db465570e28318f64ad903

SHA512
6e735d681e73b0906a4d5c10068b221559716e6898ab3a103d5247af347a91bff42c7bffb8695459bb08a9d2b5c4d40ea551ccc1902d80913a7a4586f78ae8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
92fbabfab89546598fd8e09ea0637a7a

SHA1
431ee008b50047e68589254cb06ab37ee2652539

SHA256
5caadf69f37d4ef983d3ad2bb138f1088e0e680d2bd75beb29c13e74c9a05554

SHA512
beb1df812292c0d7982bf6f231f672b63d28630b506e8db2d41b6d3b3d67d832246cc714ddbaa86258b006549f8a2c4b2476a1fb4ec3b56f54f3ba8d1aae0a35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d49725608b0fabb541e820f642a7d0e3

SHA1
c99e91d4b09089fefe84d7ed1aa15350d241101b

SHA256
543345f4b6299df4f1fb63fb2bad2948fd80080bd42cb1bf03810c1cc95a2014

SHA512
ece0f34125f41ed03e87485ffe95e42cd6ce3b8d3cdb23723277e77e7ee28edf6936e87e596a92a3ea9287dae88e0ac3d3499afe906df8b134d6c5fea435418b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e67ce1a5d13b0585cb11f1e12247f03f

SHA1
3e1f25f8d5fe05f83b43989906a230b3f53ad78d

SHA256
b0a87de1fc9bb36d9793c6b08f1cdd5c83785b17ea1e5272262efeaf8d0cf90c

SHA512
cbc06aed0f41c43075e9ccd4c26983c9641f6ef0a01ec8eed89bc45b143ae19160250bec2a4cc31e8c05464aa3a5d3fd892fb3dc17f760b9a7cfcae25bdbde71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
16987cf88a3839c2ff2438c0b9cf0d34

SHA1
0f3848305fe4ff28826bc135d1dc212057c02e28

SHA256
2e51350f9bcd66fd1bfb5a3e7a471d029361cb9eac24edffae6f543b7abf2fe1

SHA512
48c3846ba878a6512a9c65d91e5095ea65c7ea9a025738acf9233998e476ca57537bf8c69eabb777fac1e9d4db5dae345bfda4c61750f985eb674e88eb04dbbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
53d0de7e71c4b16cf8ae3aa65d8d8055

SHA1
ae155fd731c4a703f9dc6df5db692ef3cba3536e

SHA256
89bd3e7f7ff32e02896a8347a53dba892608b499b74a488e89a2340f56f30246

SHA512
d80f60e60ca86db9d3424380a323bb3c2043e508fce396387fb4a72a1d02d750b219f29be73f2bce5309b470b365bcb7a32f7c71f9d624ac458f807760e42ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
e31708ebf27b89b8a94c8dfe1623598a

SHA1
1380f0383f082b2f93ad75894eef7f906595b15b

SHA256
183cac5f739516aa889417d5bcff93820294f0ea4eeb1c053db8f1abad9a9398

SHA512
ff544b4aff1e168392327810a0f9b4f769011e4ac90dd36f760c6056a085917117036e49925751e4145f39a852076355ad27eaad2303d6b9fa9d48300e12d9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
e31708ebf27b89b8a94c8dfe1623598a

SHA1
1380f0383f082b2f93ad75894eef7f906595b15b

SHA256
183cac5f739516aa889417d5bcff93820294f0ea4eeb1c053db8f1abad9a9398

SHA512
ff544b4aff1e168392327810a0f9b4f769011e4ac90dd36f760c6056a085917117036e49925751e4145f39a852076355ad27eaad2303d6b9fa9d48300e12d9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
e31708ebf27b89b8a94c8dfe1623598a

SHA1
1380f0383f082b2f93ad75894eef7f906595b15b

SHA256
183cac5f739516aa889417d5bcff93820294f0ea4eeb1c053db8f1abad9a9398

SHA512
ff544b4aff1e168392327810a0f9b4f769011e4ac90dd36f760c6056a085917117036e49925751e4145f39a852076355ad27eaad2303d6b9fa9d48300e12d9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
a899e6c2480ab27fce9cc118a5208b9d

SHA1
b143913b00976b564a1530d3c2e24247b20529db

SHA256
cc4f80305327c7d56eebc2a5f35ef1c9c2dc787f44d86f2ad1b77bc224e5e4c6

SHA512
507ff0a2df41bc140d6581919057c2ce85eb2ef1f6981af6cfc1c1565353d3cb81dd71a7336f0e6aec6c62f310f738e2f803a57dad88652c4b808ce06c729024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
30ff23bb09d7dc321b5d2054ee75f66d

SHA1
88baf42dd506c1ab8c2a9b44ff22084a8c700dc0

SHA256
45c49d6c5dd27fbe6476dd80cee62d29f06495e997c40700bf8ca00b03b49d43

SHA512
576a91d615ea67a329f47743a4995cb22adf7e13fb4bdf469c14084ac8ed053c4833494f09aa25144955021f14c59272cbffa5556bca97568653f6ec83bad20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD55C.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD57E.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD6EA.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JJR9VIYR.txt
Filesize
607B

MD5
ea2e659e27aac5a58285dcb3bda19588

SHA1
ea18c25193b5c19b414a3f156a8b7fb5498928a1

SHA256
938fa9e404d3f4bc1bea71c979bbf0264221746f5aee4cca8849038b1d2b36cf

SHA512
5f92ff3721b783a7686ac8d4c2f048cfa30a4f954541d865c3c49c7a4403209921dd56536ee2ecc1daa8cb250bbd737a45a85e6f553aca5792054c5209bd2ddb

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\ScintillaNET.dll
Filesize
1.3MB

MD5
9166536c31f4e725e6befe85e2889a4b

SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae

SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163

SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

Download Submit
C:\Users\Admin\Documents\krnl\bin\Monaco.zip
Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Documents\krnl\bin\src.7z
Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe.config
Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
\??\pipe\crashpad_980_ARBTQBQQXBETQQIA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
memory/1312-114-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/1312-115-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/1312-113-0x0000000000320000-0x0000000000360000-memory.dmp

Filesize
256KB

Download
memory/1312-55-0x0000000000320000-0x0000000000360000-memory.dmp

Filesize
256KB

Download
memory/1312-59-0x0000000000B60000-0x0000000000B6A000-memory.dmp

Filesize
40KB

Download
memory/1312-54-0x0000000001280000-0x00000000013AA000-memory.dmp

Filesize
1.2MB

Download
memory/1312-57-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/1312-56-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/1312-58-0x0000000000320000-0x0000000000360000-memory.dmp

Filesize
256KB

Download
memory/2892-1013-0x0000000000B40000-0x0000000000B7E000-memory.dmp

Filesize
248KB

Download
memory/2892-1295-0x0000000004880000-0x000000000488E000-memory.dmp

Filesize
56KB

Download
memory/2892-1288-0x0000000004870000-0x000000000487E000-memory.dmp

Filesize
56KB

Download
memory/2892-1298-0x0000000004880000-0x000000000488E000-memory.dmp

Filesize
56KB

Download
memory/2892-1291-0x0000000004870000-0x000000000487E000-memory.dmp

Filesize
56KB

Download
memory/2892-1254-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download
memory/2892-1119-0x0000000006630000-0x000000000677D000-memory.dmp

Filesize
1.3MB

Download
memory/2892-1123-0x0000000006630000-0x000000000677D000-memory.dmp

Filesize
1.3MB

Download
memory/2892-1099-0x0000000005A70000-0x0000000005B2A000-memory.dmp

Filesize
744KB

Download
memory/2892-1027-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download
memory/2892-1307-0x0000000004C20000-0x0000000004C62000-memory.dmp

Filesize
264KB

Download
memory/2892-1016-0x0000000000B40000-0x0000000000B7E000-memory.dmp

Filesize
248KB

Download
memory/2892-1311-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download
memory/2892-659-0x0000000000FE0000-0x0000000001164000-memory.dmp

Filesize
1.5MB

Download
memory/2892-1313-0x0000000007510000-0x0000000007664000-memory.dmp

Filesize
1.3MB

Download
memory/2892-1324-0x0000000004D70000-0x0000000004DB0000-memory.dmp

Filesize
256KB

Download