lumma | hxxps://k-storage[.]com/krnl_beta[.]exe

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://k-storage.com/krnl_beta.exe

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_beta.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe

Executes dropped EXE 9 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
1332	krnl_beta.exe
1432	7za.exe
1804	7za.exe
4448	KrnlUI.exe
1420	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 53 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
1332	krnl_beta.exe
1332	krnl_beta.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\62c40ea1-d49c-4fa2-b386-e30e143fe481.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401151344.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

powershell.exemsedge.exetaskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	taskmgr.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 586318.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 586318.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 57 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exemsedge.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exemsedge.exemsedge.exeCefSharp.BrowserSubprocess.exetaskmgr.exemsedge.exemsedge.exeidentity_helper.exeCefSharp.BrowserSubprocess.exe

pid	process
1756	powershell.exe
1756	powershell.exe
4616	msedge.exe
4616	msedge.exe
2780	msedge.exe
2780	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
2100	msedge.exe
2100	msedge.exe
4448	KrnlUI.exe
4448	KrnlUI.exe
1420	CefSharp.BrowserSubprocess.exe
1420	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
2912	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4172	CefSharp.BrowserSubprocess.exe
4740	msedge.exe
4740	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
5096	CefSharp.BrowserSubprocess.exe
5096	CefSharp.BrowserSubprocess.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5212	msedge.exe
5212	msedge.exe
5424	msedge.exe
5424	msedge.exe
1140	identity_helper.exe
1140	identity_helper.exe
3572	CefSharp.BrowserSubprocess.exe
3572	CefSharp.BrowserSubprocess.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
4728	msedge.exe
4728	msedge.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exekrnl_beta.exe7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1756	powershell.exe
Token: SeDebugPrivilege	1332	krnl_beta.exe
Token: SeRestorePrivilege	1432	7za.exe
Token: 35	1432	7za.exe
Token: SeSecurityPrivilege	1432	7za.exe
Token: SeSecurityPrivilege	1432	7za.exe
Token: SeRestorePrivilege	1804	7za.exe
Token: 35	1804	7za.exe
Token: SeSecurityPrivilege	1804	7za.exe
Token: SeSecurityPrivilege	1804	7za.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeDebugPrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeDebugPrivilege	1420	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeDebugPrivilege	2912	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4172	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeDebugPrivilege	5096	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeDebugPrivilege	5724	taskmgr.exe
Token: SeSystemProfilePrivilege	5724	taskmgr.exe
Token: SeCreateGlobalPrivilege	5724	taskmgr.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe
Token: SeShutdownPrivilege	4448	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4448	KrnlUI.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exetaskmgr.exe

pid	process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
4728	msedge.exe
4728	msedge.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe

Suspicious use of SendNotifyMessage 50 IoCs

Processes:

taskmgr.exe

pid	process
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2780 wrote to memory of 3664	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3664	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4560	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4616	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4616	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5048	2780	msedge.exe	msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://k-storage.com/krnl_beta.exe
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://k-storage.com/krnl_beta.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0xac,0x104,0x7ffc4f8346f8,0x7ffc4f834708,0x7ffc4f834718
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
2⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3060 /prefetch:8
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7c66b5460,0x7ff7c66b5470,0x7ff7c66b5480
3⤵
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 /prefetch:8
2⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,10146221720570326295,7802735461690741710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1332

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1432

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1804

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4448

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=2304,i,17955147379900591468,13553880663513059066,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=4448
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1420

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=3048 --field-trial-handle=2304,i,17955147379900591468,13553880663513059066,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4448
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4172

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3240 --field-trial-handle=2304,i,17955147379900591468,13553880663513059066,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4448 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2912

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=2304,i,17955147379900591468,13553880663513059066,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4448 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5096

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=1756 --field-trial-handle=2304,i,17955147379900591468,13553880663513059066,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4448
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f8346f8,0x7ffc4f834708,0x7ffc4f834718
2⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,11264880526026402580,17086321382601168152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
2⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,11264880526026402580,17086321382601168152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,11264880526026402580,17086321382601168152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3168 /prefetch:8
2⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11264880526026402580,17086321382601168152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
2⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11264880526026402580,17086321382601168152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5152

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f8346f8,0x7ffc4f834708,0x7ffc4f834718
2⤵
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
2⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4103809170611762950,1832878088260150700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8de76bf2-10c6-4fda-9dad-c33b69336259.tmp
Filesize
12KB

MD5
e1beab3f5de770708493813f4420075e

SHA1
466618c5e8aaac2c9438edf6e091aa05223df09f

SHA256
ddc9075410c5dd9fcaab88107ff6682d1f24d2862af4fa359ccc4bcaf83e1c30

SHA512
0c0333beec2e916f68bc8a2494c47ab992dfdc8b44fdd46345b49ec8c2cf03363eb2971d046cdb716c0ad9318d28e178f1de8a5cab56c2c4fc447514457d0e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5262fc2d031cdd8816d851eb9349cddb

SHA1
1fa16fcd98382fa01c824e669306fc2697f6cd67

SHA256
3bc621c2de03850f967970e7bbd4dd6a293126055725ab9a096de6ee560ae6bc

SHA512
a9e4d78233e650947bb6c651e3a6598a21bbe53c1d086d7c390f3482dded0e0673d20c7850554229e269383ab842261b683b441e097354a5bc55cd79589be0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dfeee58d8e9ccc6ffa537d5b4782ed65

SHA1
995bd4512e107fe1274eba41e49984403e075f31

SHA256
1a35071ba780d220a4e2d5c2c696563b316ba36993191563953059f70f6ae884

SHA512
3f598ed40475c4ebc65df2b9d1ce35bd29792cd0bddc2c02ab4a1776cf8a814523261bd130118ce5f5b16f111fe060ec185397fc7a6dd5539f442f8fb1444ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d087a629a5d761d9d92fbdff1c51e455

SHA1
e7e88b22e59123e3fbea62ef8a94ffedfa43441d

SHA256
a3ee6309a19f2c150a218af43b7ed202fce6b7605225e975fd441f79e6288e85

SHA512
6699587db9ea654ffd2094c27cf706740dcd522f5ee213a1fed9971637629c9e48e30504edd321d622c733be50651638b9250172aaa5de68104fd37a69fddbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
915f1cdd06037299cb6fceae21e4d3ae

SHA1
162a49f613c49b93d4c53c09abd5b726003b4733

SHA256
4ab18316d70c05edb9e3c0f2b4d00897b865db88e7f50da725e21af0693de019

SHA512
97b1bba7f9a17baca0c681f74db82f5903c53610a24fa80cd39c0188ad33bebf7869ad897c097e457d922fc814c36d161876c21530ec30fe6d7a684baa145a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
2470ffd12ad66675ffc22aa55fcb85ef

SHA1
ccba3bedaf71c149f07a549711e39a41517bd3ee

SHA256
90386af19ed11001c1b9bb4a14754ad7fab6baaea80b978626a7c5f001c4ae83

SHA512
46762a6ae85d0fa73d516967115f5658cc977c3a8c11f769adc2aa334275b143976e154194ee304c2a924aa37a7552c265acf2948b9f03bf57216b3ad1f5162e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
179aae00c23c55764316dbd7532109aa

SHA1
a0ba93a7bfacf96c965bd8351b7abdf74054379c

SHA256
c3128a46df621ec127c330644483eb362f16c31cfbe3847d4482dc9c871907bc

SHA512
8ee90ca3c9a8229afda5b78b6d81947e235f589d22a468721a270b2a11521b3e0749cd5ef5c5cdd9a336aa3963db21ba3f293a3517f5db3c8d8a7fc1f7071c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
e0fc97ac0a81ff0b625fe8cce32ce5d4

SHA1
614951334fcec638fe4c29358b9ea2a1051208dd

SHA256
878198fb0ff9eef77579f7ff8b88bf60a314bab75822bd9757a2541b03d754bd

SHA512
2814909cab1a11d9d12a26ef50c734c784fbb54e174f4555777e48af795d12ea2437c2454b81da9f0714eabf72217a4888a2dcae051763001326b8df0e28b107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
302B

MD5
cacee60c91880398e486aee776de5dd6

SHA1
9f58259c160d3a7d76a7f3d2a1990245e5df9870

SHA256
ab944899c2c13aaca7d7fb1121cc401cac712cb5cd534afe36091611edd537f0

SHA512
7fca59c540a8ad85512e8553d9ea4e247e8a3a505624445c23e07606137ee9dce1173073eb4312707170cceaa66a11bb18682aad2b67f54cf526d47e1c072b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2b8bd05596a3629f57239d441b973bf9

SHA1
9f8bc07413e21267342d24f199db2ea37d7a6c49

SHA256
076dc6b06c84ecce5b44b0799a6e5b4e8b9a47d9564e9627dfcc8ef9a77485c0

SHA512
a5984345718bd7033a2bffccad4ffc3172a56802d22d08ca4b53c3b497411310d31128d5f2f7be0f28ca0992cab7f5084e1eed8e8c1cff9959a7afd67073afcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
e28aa960d48c4836308ebad4be4bcc3b

SHA1
c3249f68a005d0ab0be734dcf3832d7e831c6086

SHA256
c09ba0b6ebada279d19baeb46190297a269f59da4207674c019a88fa4ff46e17

SHA512
588975f44b26ebb265e5e741969570539c5353c92b4bca6147fbd88d199388efc0f7eb80c2c569982ca9f8f9f19f4ccf890f1991302ef5530f511ae38405b61e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4f499b24dd3b91e631d921e58aa08ce8

SHA1
210297ea44f485f650a9e6e8478249193435193f

SHA256
0ce095c802be67724f31fc5d70df8249c4c09e9bbd786cd69fd699986ceb2fac

SHA512
ba2264872acbedfe9c4f0bd3a5ba7c8b5a842521dfec35925c7dfd3d7d088f9b4a3473db5386ce2b712522219cc79b09266640bc8035c8418193cc41b8786f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c62cfc95936ba0f6f67760e04fa81607

SHA1
51f18fedbbeb9fa74837f95cc70b89c817eebf66

SHA256
fb42a7c48e86f952323cab035260fd8413e0caf00d341b27974131f7f8495aec

SHA512
fc7e15d77760fff4083a97d8ca19333f5e851e13fcdb30cde78146c1960283c363d38215b91163108497224977ce3e3129029efa0ece9955a3107582953857d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7fdf35bcb1302392167a5824de21f30c

SHA1
68e168014934de63a5e6c208c79211ff4c3c8093

SHA256
a03699af8d54dbb88c39fb41f717fb73e0b749442adfafffb9a691aab8da6000

SHA512
f351eb54e61af651b3ad25327b68951066a478b3ad471549ea61508da1714683318145eb8ecf42f9995578c791d2475d859723b3fac34dd4db3a19c0ce2f3294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
24b9de757243df0c6dd039562bf3ab19

SHA1
b2e0fdced6eb25112fafa6204efe8f4877bca968

SHA256
04af3c374ad79ee1f9187e45707a318d6a7795662195978555501d5ece646f36

SHA512
a1f5b3f876c96eca0410f214e91e6ab10515e4252587bbdd724203d531caebde3ad5bf255615d7b20621dddf8ad3297c1fe424f8d1679fd71b7c621b7d5a5efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
92738f62b9566b4ce1b209c801ec1c5d

SHA1
fbdb92eaefc22cecb896a3911ec03f8b3a76acc7

SHA256
4e064b0b5aa7c9825c6fcda8d627590e02e7cd9c1c2f194d2361c8faffb25b34

SHA512
37a33c1ec373603263ef68a230302b7f22093f6dfe7edabb9a5bf4bb69fcdf6cb8b81ac816e85eceaf56f3070c18767980ad6009fdb9da06945191cdd329f0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
856068d8d04f5376966bc1c7759de7cf

SHA1
91a63d13e86906a239272d55b15bd73372bc3ed0

SHA256
ca26b74c8eac5c6e8428441417bba42a6c2d0fa9667043a86cf941e53d244a1c

SHA512
155d6920859b392523fba36c03e4d79f46beae8cb54630f552a0f7799ef33bb8f847ef8909e5fcc0bb7772aa95e0443fa2411e44f5115a0b441bfa9044a72d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b6f120ea8c36e3bdca86684100a3cbbb

SHA1
073543af24f6fa0a457ffc7526e3dc8b8c6aca62

SHA256
d8f057014df21ff13b2f7be2f72fb19181182416cb95a988abf5deda5f38140d

SHA512
9ff5d1ed6b46c737ca98fb74ce5545f7e67aa831f946bc88c49899fbd464877f7178ad5a78eb74f147c3aa0e3d608ea166a7edcbf23c96e318d1a6259c30351e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b735.TMP
Filesize
1KB

MD5
1971261b16f1b835ebda18f765387e81

SHA1
af8d8424eca68c6d43fac041346832f6ca436151

SHA256
6ffdbb5c09565ead46dd11af681cc75ef10c0049b1f3b6b6edc2f8b0554a90be

SHA512
c2b1a1609ed20291dbd2955791233af7e1cae636582f21b6837979fb75f3aa14eac253a54b8f7dec0afbb79404c90ef8c09eb982c87261e968420b8e8e95d607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e0823620-47f3-41da-999d-5e00ef7a078e.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
104d07165d178352a96eecbb1aa734a6

SHA1
57d325b4a53142ba09ce4b02921a737d2376662d

SHA256
bf00c5d66c317339f1dc7364a37080e155707d28a37b026e8673d46bbb818941

SHA512
bc53b6ba9407fd0d63f3cb5b3237d10f48952b92e2bdb9db43d90c002337f208c01f144f366a3276d20194529a2fc149f329500476b6264fd08260c806fac203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d2853418b2da60e009c14d23fbff195a

SHA1
0cf8a4687a53532a8e74e96174070f3d791a93e4

SHA256
0bbed382e57dca3e206b1080b236d589fa1315afff6b08e78600ce6cabd0df99

SHA512
7b4cbbce87dfb2dbbe870597611533a3aa31328552becf98dec6621b0afc9c2cdd740e3bb43014341e02cb3f2223aa40e4ba9820256322ba52403b31583b021c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d7dfa5e3887521506a7ecdeafc8fd4a0

SHA1
7c1e69a844b7775a99b6fd64c5d8235323287367

SHA256
013a6cde76876e6cd9f2c69e8d0ed10d03bb409e9c431f5adb3456537ba8c44a

SHA512
0ae5f0beb75689e9e8cd2a9474b9945937bb89247a5b212aefa4ea9c143845745f9347738b8417c91372a4f5f4f11a395cfee4ebb8d346c835f69fd5ca76948f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4448_1546098741\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\4448_1546098741\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cccvdpio.lxt.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config
Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png
Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png
Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua
Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config
Filesize
11B

MD5
a3d8125d741db04d38a0c2c56eb9521f

SHA1
69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3

SHA256
e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96

SHA512
014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png
Filesize
534KB

MD5
1ea0fccbceecbcfbe9c57bf230241889

SHA1
4b538297c419731bed21e7f0f8c1f921c6c3f389

SHA256
79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd

SHA512
6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png
Filesize
19KB

MD5
be676e5468366d6f34839bab1a2be5dd

SHA1
14424fc881b910a406f364d1dffb22ee0dc28e04

SHA256
196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e

SHA512
3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua
Filesize
98B

MD5
1f74e0539c4f0816badd444b487dbda9

SHA1
07fc32012374195023f00353c12d800a5ed8d07b

SHA256
f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d

SHA512
d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config
Filesize
6B

MD5
af55765f33160409360ffefd60211d32

SHA1
f16b23456ff82b6875e996c252c92eac375c5c54

SHA256
adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d

SHA512
1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png
Filesize
10KB

MD5
6c5d6e01657cf543c2211452ff43f52f

SHA1
7f4735960b3128f279aa42c4351ee50b32580788

SHA256
014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f

SHA512
f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png
Filesize
12KB

MD5
516a58f5a912ea4cbef1098f8fd5ebc3

SHA1
217162ba93d4c94d7b9389694734e365a91905df

SHA256
c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461

SHA512
ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
38345211bbf6a5a39371fda7cdc009d7

SHA1
d4f33df064fb76e824ea87a25dfdfa331552ac84

SHA256
5348872c64500e1f7affe7e5095eeafa1375879cd8d0ab9807ad11a6601ba31e

SHA512
3fa2730bec4af73aaccd3b138c44bb800afb442808e2f9a14c218c61c5c882d6fd351c94c5d8cbfb4d6b818437e197ca25df37760fda95466a9c85d23dc25b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak
Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak
Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak
Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
0ddd44c3c43817d1acd6bc746a2c426f

SHA1
59bcf7e3991c82ad26255b734e63154984cbde8a

SHA256
97e09c972596d39ca09ce17706bc9173a72d9e281cd6eff2220dc533a345320b

SHA512
ef1d5bcf09341d9b17c4fd09077a740fc524215168463be57b9c7390423d284ba5217d985b0271041f1f6eff16e0a3a9dcd3e057d7c3fcc5504b21d93966fb19

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 586318.crdownload
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
\??\pipe\LOCAL\crashpad_2780_SGFRHUSYFFZXYQMD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1332-495-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/1332-471-0x0000000008670000-0x00000000086A8000-memory.dmp

Filesize
224KB

Download
memory/1332-473-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/1332-336-0x0000000000250000-0x000000000042A000-memory.dmp

Filesize
1.9MB

Download
memory/1332-472-0x0000000008650000-0x000000000865E000-memory.dmp

Filesize
56KB

Download
memory/1332-337-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/1332-494-0x0000000008800000-0x000000000880A000-memory.dmp

Filesize
40KB

Download
memory/1332-526-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/1332-527-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/1332-470-0x0000000007F20000-0x0000000007F28000-memory.dmp

Filesize
32KB

Download
memory/1332-474-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/1420-911-0x00000000006B0000-0x00000000006B8000-memory.dmp

Filesize
32KB

Download
memory/1420-941-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/1420-1041-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/1756-144-0x000002426F820000-0x000002426F830000-memory.dmp

Filesize
64KB

Download
memory/1756-143-0x000002426F820000-0x000002426F830000-memory.dmp

Filesize
64KB

Download
memory/1756-142-0x0000024272730000-0x0000024272752000-memory.dmp

Filesize
136KB

Download
memory/2912-958-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/2912-1043-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/3572-1259-0x0000000004AC1000-0x0000000004AC6000-memory.dmp

Filesize
20KB

Download
memory/4172-959-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/4172-1044-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/4448-942-0x000000000DC80000-0x000000000DD80000-memory.dmp

Filesize
1024KB

Download
memory/4448-879-0x0000000000940000-0x0000000000A5E000-memory.dmp

Filesize
1.1MB

Download
memory/4448-880-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4448-881-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4448-1040-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4448-893-0x0000000005B00000-0x0000000005B10000-memory.dmp

Filesize
64KB

Download
memory/4448-1042-0x000000000DC80000-0x000000000DD80000-memory.dmp

Filesize
1024KB

Download
memory/4448-930-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4448-889-0x0000000005B10000-0x0000000005C14000-memory.dmp

Filesize
1.0MB

Download
memory/4448-885-0x0000000005620000-0x0000000005640000-memory.dmp

Filesize
128KB

Download
memory/4448-1025-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/4448-1026-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/5724-1027-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1028-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1029-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1033-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1038-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1034-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1035-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1036-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1039-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download
memory/5724-1037-0x000001997A170000-0x000001997A171000-memory.dmp

Filesize
4KB

Download