lumma | 27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

Resubmissions

01-04-2023 13:29

230401-qq9yvaac64 10

01-04-2023 13:28

230401-qqt8dsbf5t 10

Analysis

max time kernel
156s
max time network
155s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-04-2023 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_bootstrapper.exe
Size

1.2MB
MD5

f14153bbd95fc26d9ccea77c49cf09b9
SHA1

cb59f900711ea751c4322b4dab50fa2c0ee70b33
SHA256

27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
SHA512

7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
SSDEEP

12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

7za.exe7za.exekrnlss.exekrnlss.exe

pid process

3056 7za.exe
4820 7za.exe
3300 krnlss.exe
3360 krnlss.exe

pid	process
3056	7za.exe
4820	7za.exe
3300	krnlss.exe
3360	krnlss.exe

Loads dropped DLL 48 IoCs

Processes:

krnlss.exekrnlss.exe

pid	process
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3300	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3360	krnlss.exe
3300	krnlss.exe

Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 2 IoCs

Processes:

krnl_bootstrapper.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	krnl_bootstrapper.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

krnlss.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

krnl_bootstrapper.exekrnlss.exekrnlss.exetaskmgr.exe

pid	process
2940	krnl_bootstrapper.exe
2940	krnl_bootstrapper.exe
2940	krnl_bootstrapper.exe
3360	krnlss.exe
3300	krnlss.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

krnl_bootstrapper.exe7za.exe7za.exekrnlss.exekrnlss.exefirefox.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2940	krnl_bootstrapper.exe
Token: SeRestorePrivilege	3056	7za.exe
Token: 35	3056	7za.exe
Token: SeSecurityPrivilege	3056	7za.exe
Token: SeSecurityPrivilege	3056	7za.exe
Token: SeRestorePrivilege	4820	7za.exe
Token: 35	4820	7za.exe
Token: SeSecurityPrivilege	4820	7za.exe
Token: SeSecurityPrivilege	4820	7za.exe
Token: SeDebugPrivilege	3360	krnlss.exe
Token: SeDebugPrivilege	3300	krnlss.exe
Token: SeDebugPrivilege	5092	firefox.exe
Token: SeDebugPrivilege	5092	firefox.exe
Token: SeDebugPrivilege	4780	taskmgr.exe
Token: SeSystemProfilePrivilege	4780	taskmgr.exe
Token: SeCreateGlobalPrivilege	4780	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exekrnlss.exekrnlss.exetaskmgr.exe

pid	process
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
3360	krnlss.exe
3300	krnlss.exe
5092	firefox.exe
5092	firefox.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
5092	firefox.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe
4780	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

5092 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_bootstrapper.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2940 wrote to memory of 3056	2940	krnl_bootstrapper.exe	7za.exe
PID 2940 wrote to memory of 3056	2940	krnl_bootstrapper.exe	7za.exe
PID 2940 wrote to memory of 3056	2940	krnl_bootstrapper.exe	7za.exe
PID 2940 wrote to memory of 4820	2940	krnl_bootstrapper.exe	7za.exe
PID 2940 wrote to memory of 4820	2940	krnl_bootstrapper.exe	7za.exe
PID 2940 wrote to memory of 4820	2940	krnl_bootstrapper.exe	7za.exe
PID 2940 wrote to memory of 3360	2940	krnl_bootstrapper.exe	krnlss.exe
PID 2940 wrote to memory of 3360	2940	krnl_bootstrapper.exe	krnlss.exe
PID 2940 wrote to memory of 3360	2940	krnl_bootstrapper.exe	krnlss.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5052 wrote to memory of 5092	5052	firefox.exe	firefox.exe
PID 5092 wrote to memory of 1460	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 1460	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe
PID 5092 wrote to memory of 4464	5092	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3056

C:\Users\Admin\Documents\krnl\7za.exe
"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4820

C:\Users\Admin\Documents\krnl\krnlss.exe
"C:\Users\Admin\Documents\krnl\krnlss.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3360

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3884

C:\Users\Admin\Documents\krnl\krnlss.exe
"C:\Users\Admin\Documents\krnl\krnlss.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.0.82478358\800222103" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1664 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32818072-3b16-425d-8eca-3da8815f7347} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 1764 1ea81334b58 gpu
3⤵
PID:1460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.1.581335042\789034434" -parentBuildID 20221007134813 -prefsHandle 2100 -prefMapHandle 2096 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b73dbb39-c320-4bcb-ab94-facb7932e48e} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 2120 1ea8000e258 socket
3⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.2.881043155\1857142466" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2648 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5def29d-bc1d-44a8-92c1-821ac51addfd} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 2616 1ea83fe4558 tab
3⤵
PID:4188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.3.1483780692\32990934" -childID 2 -isForBrowser -prefsHandle 3284 -prefMapHandle 3280 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2422fef7-9917-4fe0-bd92-791932acee67} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 3300 1ea84e24958 tab
3⤵
PID:3056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.4.2128569806\1679217277" -childID 3 -isForBrowser -prefsHandle 4304 -prefMapHandle 4320 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {191ed081-b26b-4b17-b893-ab294489fed5} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 4364 1ea86372a58 tab
3⤵
PID:3416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.7.1855993187\1164266424" -childID 6 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {567aaad0-9395-45bc-a5f1-46146266955f} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 5068 1eaf4965658 tab
3⤵
PID:812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.6.763134017\8777527" -childID 5 -isForBrowser -prefsHandle 4892 -prefMapHandle 4896 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a17512f2-3655-40d7-b903-b726d540334b} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 4884 1ea86e22658 tab
3⤵
PID:4304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.5.1910419201\929574970" -childID 4 -isForBrowser -prefsHandle 3984 -prefMapHandle 4072 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {087d95e6-ee8b-4327-96c4-1022f287f395} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 4756 1ea845a1358 tab
3⤵
PID:1160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.8.1301576015\1119449847" -childID 7 -isForBrowser -prefsHandle 5552 -prefMapHandle 2748 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad4edbd5-87e4-41db-bf9c-87af5ecfc73d} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 5548 1eaf4963e58 tab
3⤵
PID:1972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.9.1979519249\1994136772" -childID 8 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27374 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2708504-a348-4f94-8ba4-284496346ad8} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 5572 1ea862bd858 tab
3⤵
PID:4432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.10.1715328741\340075079" -childID 9 -isForBrowser -prefsHandle 4784 -prefMapHandle 4744 -prefsLen 27374 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69ee74f9-4949-4cf3-9107-d9fb245ca538} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 4864 1ea8315aa58 tab
3⤵
PID:1476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5092.11.1537104924\1458043863" -childID 10 -isForBrowser -prefsHandle 5160 -prefMapHandle 4968 -prefsLen 27374 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b42dca8-1634-4258-92dd-36bf9c79499f} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" 432 1eaf492ea58 tab
3⤵
PID:4952

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4780

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_4DBBCB40FA282C06F1543D887F4F4DCC
Filesize
719B

MD5
8b513ea0e6f21ded0f5decdfc9871332

SHA1
f223b2af5ddf91be6404615ee28d487738bf808c

SHA256
673927d5e70ff6815263735ec485a38145aa48a271549d0765b786fdacd78dbd

SHA512
cd5dec477b83aca4a99519b44a0ed2c60827d94b2416dc3ea4787989c8e625d50aadc9fb3c284eac80d36c4535f02831edb48cd004d5db144dfcefa19f12273c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E
Filesize
1KB

MD5
54189283670eb91f51b3c864045b343a

SHA1
3aa3ab234ca7d01f8c572cb59db05717683e32b4

SHA256
4a509adc003609d7078759dafa533b4be4e32d293c24d9b22600ef6a0fb67149

SHA512
0a2685a9e7636f96502b884e4c05cc2ee71b7626d97c71eba1da1329165a3c6ab57791be444e6c14f5b0c502069514d34158af90a470157dad1657b25c3d3b76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D682FDDA10064185EC8111DC39DBA8EC
Filesize
23KB

MD5
4558d764738518c1cb8b69608dd376cd

SHA1
c90cee2c4a10af734e52ce18d9741e153323ce9d

SHA256
0fdf1001625781e6653b6964410d6a7906ffa13f2aa944c94fba13a4d5c28e6c

SHA512
13dca8d1dadf1b772528c542c54748483fcd294df1a20ce7e0ec4b62c80141ae49cfe3d5abce3a63e58bdb7b5315a82a7341e65d35f53cab9b91a9c2e331dc6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\54C62B182F5BF07FA8427C07B0A3AAF8_4DBBCB40FA282C06F1543D887F4F4DCC
Filesize
446B

MD5
dbefa079d481fdc2460bd113314ccde3

SHA1
8d8eb036513ad06cfe12d0022b6e399d4651ace1

SHA256
cb9975e54b117a054658bf94437c75c7c0bda700636dec6cec1121ab59b477e8

SHA512
ccdab2666128b55b7c5956bb2a7c2259b25001a1c91a4a7713238b975ce50a872818f01ad9b2d2452c01bd37fbefb443f2dde2f4349dcd11d70f90028c8f6697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44E
Filesize
406B

MD5
794798a25cba531f6df0e0304d9b3349

SHA1
4f302ecf5cded7dbc8892e2b87ebebdd994b19fd

SHA256
2132ffb78d4d2a6c39c972b713eed1355c43d07be1d1edaccd93baf1d6307b6c

SHA512
647af0845b8f0c85aa09a611ea26325769fa896e8a565d3b1cb07cffb27f9a82f0921d7b009e4be1eecb3b81378aac4684727c972eb5f51011e2e447f324a23f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D682FDDA10064185EC8111DC39DBA8EC
Filesize
308B

MD5
b08f272eed23d97fa0ef6278c83f4f64

SHA1
b0f6682e89fc9a2c5208209f4832156231bc6362

SHA256
d6a1509932b56155fe05dc89d18164377031c8ee49f03bb93b7452ecc918b427

SHA512
880da4f045a4bc4e16aa0c534002ae81e8b56c8c2fb936dfce4d0e0a8a5d5903c0df7bcdb51b9557a22effb5dfd7e2defd9d9390d69c8496abda3efc802f07b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
Filesize
155KB

MD5
36710a8736a0e8707a6217b1b3de7899

SHA1
1692ba38793a0f89cc53265f64ccd603f9076b68

SHA256
3fa886acb7704695eb3e7b4ea1a169b808436aef174870c979f570b1511697f4

SHA512
286c212936e8c1b3942bd6e0dad1de08e84ed0933fbc4f726deb4ae033e82b99c41bf247e0adbd9679a12debea986bfa28db2a91bcccff563c18288579b7a260

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\doomed\21646
Filesize
119KB

MD5
f0c0f261697742dce98a6ae685d240cb

SHA1
2926d4d3e4ef390aa3d72fc6f6f7186ad15cdb76

SHA256
8f5ede905d1c9adbcebeb474a6b21c68f2425fabdfa23df915b0e86bdd0cdd3b

SHA512
38426b29aeb847e2bd4b7878d1e004deb5e1d5af97f9c876dc53115fe2748dea35c14be76c71370f165726d44e8c2a9f7233597f6c6d7bf6b359ed3b7693e083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
8394160409acdeda5725f3bef7505007

SHA1
b0b4bbade69a5f396cedcdf86e8b13daa57407e4

SHA256
a6b5122359bc174c402bc85ffecde62880125083d85471c2ed96048c68c02d2a

SHA512
b44a3a1050bc3b240669cbcb45ecc4bb1d717b5b099051f2ce8c6bffcc0e5673af5bb9d255d9134ea1f73542ad60e8efea7ec2f040565a497cdc8b9f7ef0b528

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
b7b2dfc8da0136e2a37caf3f80a5400c

SHA1
04502c7a66c20e043bd5c7a866b7248bce904e67

SHA256
d383c11bf79d1d6f1499f122dea8448a3abdaac6824beda0ee45d50b3b0db331

SHA512
94bac531f879ffe536fc446306fdc32eb1104a60e9c11512ee14d0de54f80fc752c71f95855deacc9a16f863112e507ec5cfe7c7315798275f68f49cd79c1715

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
ab4677bc6bb4c1269b70e22924db96c7

SHA1
cfa33336186fb89ff02b0596f932791d5b2841f4

SHA256
c9ea01023a8f1e86cb62099a519ce227187a0c24c07f44b7a4db196e01b5e1de

SHA512
9942c52982ba57376f1504234a88fb3f14aa31521497e92e6f985d97bc78304b21d76986f22614cca5bfcb01252858ff05e5855f729cc89225c1d8a61b632d9f

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\Documents\krnl\bin\Monaco.zip
Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Documents\krnl\bin\src.7z
Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Documents\krnl\krnlss.exe.config
Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll
Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll
Filesize
27KB

MD5
103d84c4a22967defcbedaea6e11720f

SHA1
f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2

SHA256
7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2

SHA512
410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll
Filesize
29KB

MD5
5e5fe029bff022007c27d024ae7cf262

SHA1
fb7250ec8ca1acd36023b966fae61e85fe2c8ab4

SHA256
7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b

SHA512
60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
\Users\Admin\Documents\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
memory/2940-121-0x00000000005A0000-0x00000000006CA000-memory.dmp

Filesize
1.2MB

Download
memory/2940-126-0x0000000009960000-0x000000000996A000-memory.dmp

Filesize
40KB

Download
memory/2940-278-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/2940-125-0x000000000A090000-0x000000000A0C8000-memory.dmp

Filesize
224KB

Download
memory/2940-124-0x0000000006160000-0x0000000006168000-memory.dmp

Filesize
32KB

Download
memory/2940-123-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/2940-122-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/2940-173-0x0000000005090000-0x00000000050A0000-memory.dmp

Filesize
64KB

Download
memory/3300-658-0x00000000074F0000-0x0000000007556000-memory.dmp

Filesize
408KB

Download
memory/3300-657-0x0000000007300000-0x0000000007350000-memory.dmp

Filesize
320KB

Download
memory/3300-709-0x0000000008CE0000-0x0000000008CEC000-memory.dmp

Filesize
48KB

Download
memory/3300-394-0x0000000000EE0000-0x0000000001064000-memory.dmp

Filesize
1.5MB

Download
memory/3300-395-0x0000000005D20000-0x000000000621E000-memory.dmp

Filesize
5.0MB

Download
memory/3300-705-0x00000000098A0000-0x0000000009976000-memory.dmp

Filesize
856KB

Download
memory/3300-704-0x00000000092D0000-0x000000000936C000-memory.dmp

Filesize
624KB

Download
memory/3300-396-0x00000000058C0000-0x0000000005952000-memory.dmp

Filesize
584KB

Download
memory/3300-647-0x0000000006FE0000-0x000000000701E000-memory.dmp

Filesize
248KB

Download
memory/3300-648-0x0000000005A50000-0x0000000005A60000-memory.dmp

Filesize
64KB

Download
memory/3300-651-0x00000000071E0000-0x000000000721E000-memory.dmp

Filesize
248KB

Download
memory/3300-760-0x0000000005A50000-0x0000000005A60000-memory.dmp

Filesize
64KB

Download
memory/3300-695-0x0000000008B00000-0x0000000008B2A000-memory.dmp

Filesize
168KB

Download
memory/3300-758-0x0000000005A50000-0x0000000005A60000-memory.dmp

Filesize
64KB

Download
memory/3300-652-0x00000000071A0000-0x00000000071B2000-memory.dmp

Filesize
72KB

Download
memory/3300-654-0x0000000007830000-0x0000000007E36000-memory.dmp

Filesize
6.0MB

Download
memory/3300-691-0x0000000008B70000-0x0000000008C92000-memory.dmp

Filesize
1.1MB

Download
memory/3300-655-0x0000000007370000-0x000000000747A000-memory.dmp

Filesize
1.0MB

Download
memory/3300-689-0x00000000088F0000-0x0000000008934000-memory.dmp

Filesize
272KB

Download
memory/3300-688-0x0000000008970000-0x0000000008A3E000-memory.dmp

Filesize
824KB

Download
memory/3300-687-0x0000000008290000-0x00000000082AA000-memory.dmp

Filesize
104KB

Download
memory/3300-735-0x0000000009A00000-0x0000000009A0E000-memory.dmp

Filesize
56KB

Download
memory/3300-656-0x0000000007290000-0x00000000072A2000-memory.dmp

Filesize
72KB

Download
memory/3300-686-0x0000000008310000-0x0000000008332000-memory.dmp

Filesize
136KB

Download
memory/3300-683-0x0000000008260000-0x0000000008282000-memory.dmp

Filesize
136KB

Download
memory/3300-659-0x00000000072B0000-0x00000000072FB000-memory.dmp

Filesize
300KB

Download
memory/3300-661-0x0000000007560000-0x000000000759C000-memory.dmp

Filesize
240KB

Download
memory/3300-680-0x0000000008190000-0x000000000820D000-memory.dmp

Filesize
500KB

Download
memory/3300-679-0x0000000008D70000-0x000000000923A000-memory.dmp

Filesize
4.8MB

Download
memory/3300-662-0x00000000075A0000-0x00000000075F6000-memory.dmp

Filesize
344KB

Download
memory/3300-663-0x0000000008370000-0x000000000889C000-memory.dmp

Filesize
5.2MB

Download
memory/3300-677-0x00000000077C0000-0x00000000077DC000-memory.dmp

Filesize
112KB

Download
memory/3300-676-0x00000000077A0000-0x00000000077BE000-memory.dmp

Filesize
120KB

Download
memory/3300-671-0x0000000007770000-0x0000000007792000-memory.dmp

Filesize
136KB

Download
memory/3300-670-0x0000000007E40000-0x0000000008190000-memory.dmp

Filesize
3.3MB

Download
memory/3360-756-0x0000000008FD0000-0x0000000009012000-memory.dmp

Filesize
264KB

Download
memory/3360-678-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3360-745-0x0000000005F50000-0x0000000005F5E000-memory.dmp

Filesize
56KB

Download
memory/3360-681-0x0000000006E00000-0x0000000006E0A000-memory.dmp

Filesize
40KB

Download
memory/3360-682-0x0000000006E30000-0x0000000006E4E000-memory.dmp

Filesize
120KB

Download
memory/3360-708-0x0000000007E40000-0x0000000007E62000-memory.dmp

Filesize
136KB

Download
memory/3360-685-0x0000000007420000-0x0000000007452000-memory.dmp

Filesize
200KB

Download
memory/3360-684-0x0000000006E50000-0x0000000006E70000-memory.dmp

Filesize
128KB

Download
memory/3360-690-0x0000000007490000-0x00000000074AA000-memory.dmp

Filesize
104KB

Download
memory/3360-692-0x0000000007690000-0x00000000076F0000-memory.dmp

Filesize
384KB

Download
memory/3360-693-0x0000000007530000-0x0000000007554000-memory.dmp

Filesize
144KB

Download
memory/3360-731-0x0000000008DC0000-0x0000000008E0A000-memory.dmp

Filesize
296KB

Download
memory/3360-694-0x00000000076F0000-0x0000000007734000-memory.dmp

Filesize
272KB

Download
memory/3360-759-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3360-715-0x0000000008930000-0x0000000008A7D000-memory.dmp

Filesize
1.3MB

Download
memory/3360-696-0x0000000007DC0000-0x0000000007DF2000-memory.dmp

Filesize
200KB

Download
memory/3360-697-0x0000000007E90000-0x0000000007F1C000-memory.dmp

Filesize
560KB

Download
memory/3360-698-0x00000000080A0000-0x0000000008216000-memory.dmp

Filesize
1.5MB

Download
memory/3360-699-0x0000000008220000-0x00000000084E9000-memory.dmp

Filesize
2.8MB

Download
memory/3360-706-0x00000000085F0000-0x0000000008656000-memory.dmp

Filesize
408KB

Download
memory/3360-707-0x0000000008870000-0x000000000892A000-memory.dmp

Filesize
744KB

Download