lumma | ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
1801s
max time network
1701s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

KrnlUI.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exekrnl_beta.exeCefSharp.BrowserSubprocess.exekrnl_beta.exeCefSharp.BrowserSubprocess.exekrnl_bootstrapper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	krnl_bootstrapper.exe

Executes dropped EXE 20 IoCs

Processes:

7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exekrnl_beta.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exekrnl_bootstrapper.exe7za.exe7za.exe7za.exekrnlss.exekrnlss.exe

pid	process
4244	7za.exe
884	7za.exe
5068	KrnlUI.exe
1324	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
1052	krnl_beta.exe
900	7za.exe
5540	KrnlUI.exe
5812	CefSharp.BrowserSubprocess.exe
5628	CefSharp.BrowserSubprocess.exe
1992	CefSharp.BrowserSubprocess.exe
1808	CefSharp.BrowserSubprocess.exe
3376	krnl_bootstrapper.exe
5776	7za.exe
3396	7za.exe
5184	7za.exe
5480	krnlss.exe
5756	krnlss.exe

Loads dropped DLL 64 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exekrnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exe

pid	process
4268	krnl_beta.exe
4268	krnl_beta.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
1052	krnl_beta.exe
1052	krnl_beta.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5812	CefSharp.BrowserSubprocess.exe
5812	CefSharp.BrowserSubprocess.exe
5812	CefSharp.BrowserSubprocess.exe
5812	CefSharp.BrowserSubprocess.exe
5812	CefSharp.BrowserSubprocess.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248499751670676"	chrome.exe

Modifies registry class 2 IoCs

Processes:

msedge.exekrnl_bootstrapper.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	krnl_bootstrapper.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

krnlss.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	krnlss.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

chrome.exemsedge.exemsedge.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exekrnl_bootstrapper.exechrome.exekrnlss.exekrnlss.exe

pid	process
1964	chrome.exe
1964	chrome.exe
5144	msedge.exe
5144	msedge.exe
2136	msedge.exe
2136	msedge.exe
1324	CefSharp.BrowserSubprocess.exe
1324	CefSharp.BrowserSubprocess.exe
5068	KrnlUI.exe
5068	KrnlUI.exe
5556	CefSharp.BrowserSubprocess.exe
5556	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
984	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
4688	CefSharp.BrowserSubprocess.exe
5540	KrnlUI.exe
5540	KrnlUI.exe
5812	CefSharp.BrowserSubprocess.exe
5812	CefSharp.BrowserSubprocess.exe
5628	CefSharp.BrowserSubprocess.exe
5628	CefSharp.BrowserSubprocess.exe
1992	CefSharp.BrowserSubprocess.exe
1992	CefSharp.BrowserSubprocess.exe
1808	CefSharp.BrowserSubprocess.exe
1808	CefSharp.BrowserSubprocess.exe
3376	krnl_bootstrapper.exe
3376	krnl_bootstrapper.exe
3376	krnl_bootstrapper.exe
3376	krnl_bootstrapper.exe
4540	chrome.exe
4540	chrome.exe
5480	krnlss.exe
5480	krnlss.exe
5756	krnlss.exe
5756	krnlss.exe
5756	krnlss.exe
5756	krnlss.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

chrome.exemsedge.exe

pid	process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exekrnl_beta.exe7za.exe7za.exe

description	pid	process
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeDebugPrivilege	4268	krnl_beta.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeRestorePrivilege	4244	7za.exe
Token: 35	4244	7za.exe
Token: SeSecurityPrivilege	4244	7za.exe
Token: SeSecurityPrivilege	4244	7za.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeRestorePrivilege	884	7za.exe
Token: 35	884	7za.exe
Token: SeSecurityPrivilege	884	7za.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1964 wrote to memory of 4088	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 4088	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 180	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 2464	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 2464	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe
PID 1964 wrote to memory of 3836	1964	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4268

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4244

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://krnl.place/invite
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9083046f8,0x7ff908304708,0x7ff908304718
3⤵
PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
3⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
3⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
3⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
3⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
3⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10615075929320446452,7233244530897947476,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
3⤵
PID:5372

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=2300,i,6397945832858438102,12885533068143600424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=5068
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1324

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2968 --field-trial-handle=2300,i,6397945832858438102,12885533068143600424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=5068
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5556

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=2300,i,6397945832858438102,12885533068143600424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5068 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3068 --field-trial-handle=2300,i,6397945832858438102,12885533068143600424,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5068 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cfd9758,0x7ff90cfd9768,0x7ff90cfd9778
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:2
2⤵
PID:180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3284 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5360 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3472 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3684 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3164 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1740 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:5424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=944 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5176 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5768 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=940 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3244 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5364 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5912 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5896 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:1
2⤵
PID:5264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6356 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6304 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5592

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1052

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:900

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5540

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=2248,i,1182758952120497657,4396431383494748278,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=5540
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5812

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=1012 --field-trial-handle=2248,i,1182758952120497657,4396431383494748278,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=5540
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5628

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3160 --field-trial-handle=2248,i,1182758952120497657,4396431383494748278,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5540 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1992

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2248,i,1182758952120497657,4396431383494748278,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5540 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:8
2⤵
PID:2028

C:\Users\Admin\Downloads\krnl_bootstrapper.exe
"C:\Users\Admin\Downloads\krnl_bootstrapper.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Users\Admin\Downloads\krnl\7za.exe
"C:\Users\Admin\Downloads\krnl\7za.exe" x "C:\Users\Admin\Downloads\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Downloads\krnl\bin" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:5776

C:\Users\Admin\Downloads\krnl\7za.exe
"C:\Users\Admin\Downloads\krnl\7za.exe" x "C:\Users\Admin\Downloads\krnl\bin\src.7z" -o"C:\Users\Admin\Downloads\krnl\bin" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:3396

C:\Users\Admin\Downloads\krnl\krnlss.exe
"C:\Users\Admin\Downloads\krnl\krnlss.exe"
3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6760 --field-trial-handle=556,i,7076559832468322019,10463256825850362293,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cfd9758,0x7ff90cfd9768,0x7ff90cfd9778
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4740

C:\Users\Admin\Downloads\krnl\7za.exe
"C:\Users\Admin\Downloads\krnl\7za.exe"
1⤵
- Executes dropped EXE
PID:5184

C:\Users\Admin\Downloads\krnl\krnlss.exe
"C:\Users\Admin\Downloads\krnl\krnlss.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
Filesize
43KB

MD5
b92b544213e2171cd3abb15d336409b3

SHA1
c3ad43de61c76ad6f61d18d300ddab91d1d20b0f

SHA256
633e2d09b00da9afc51902344eba9e362ec4ecb2eca8489a0c0509015f5baffa

SHA512
ec5c8dcd263283be6571620f418c9b7e993e23b4b56b02d8b5d82d6306495bf6e4a271eeb2b69b031d820897c8bac771d494c8ecf1908c4bc18b4e2d476d1a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
Filesize
18KB

MD5
bcd2aac240e363d6598e7616dccaff51

SHA1
d6716588c928b3d670b3eb0af1a4d246a8b0ea96

SHA256
b802ddff4a7de9a985925eaac650e3279acacde65cb8d6a8491d6dcbe6fc405c

SHA512
d315c9108fac9f36faa9ab1bd278fb8e6dcedb7d5c4e9aa2a848c4ecece2e87d4d3c8addf998377918d92afaa8e0d7391994c3b29c04946fa50438f460394016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
27KB

MD5
53b5e785dfdca21fa7adf7119fa1f8cc

SHA1
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8

SHA256
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

SHA512
615020bbdcaec3b8e7fb0fd2b8c5cdaf3c4013c9323b6884fdaed5151788e213260c01c7ccd766898ee91612ab6163150167f9cc7109700b571b546e39f7cb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e376ec4003d0072692483697eaf78904

SHA1
71c4f73e073c58ffdadce899bfc1e52f3d6a11c4

SHA256
b1388e76fe82a1141d6f32fefab2c5eca70bd30ae6e625fa21f53a4e2592b091

SHA512
c27505ccad3dcbbcb1a89044f9861cac7bbc58112135bb93a0672b3e25519a398c669c3a5d05f3dfb0f66c9cc96d20775c2080ca685e1901192e6383d81e1bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ec959eb4bdbd55f41fc55de78937b1c6

SHA1
f17c17617ef076ec2865acdd2121de0822feed96

SHA256
753c33d027b7841c75b19a71c9eaae1365ce00826b474ab9821129d81d80ea26

SHA512
062bdc60bb7b0e130655073d4f41fcd9696143b930e93711a69c190339d54865b36682006f39857071579e349203c55918e4bf47d7d1af0486c598081ce1ac1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
9538bc481822ca30d44c5400180b5113

SHA1
e813f7ebe1f039b1b7ae4375a9ec05df301249be

SHA256
ab9a34049f2223a336c24d35be10ee59f5e34c599e68f6aa7ae5762f088664b9

SHA512
4c7641dea5f1f3f72fb92ba58ed327cb54e43d2454b6086e86f158f3e1953b41e1ffd147e279f34e5db0115b6b78d1c10920ec3a66e46caa6d31af5876e8aadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
ad0fa1816420439504577f018e71d7d4

SHA1
b0b9275f5cb6fe6e5b504a7e60f1cdce9183a1ac

SHA256
4e31ed346c14a0eb8fdbd6fb24a9ba17a6e886f225b628fa2bc15544a301ddd2

SHA512
bf0e8d6d1321740dae1e604deb8a824c392184814ccbf8d2c8d2f837d46f1b0e4860d7df4741e0152cf83bb2de6387f492086920b6434049bb10a4fcd6d5e566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
8d2b5d4437930915898797a8637f4218

SHA1
1d1891f900a42a1b063cc192236edfb9fd230fe6

SHA256
d2dcbb4dd5a63972e0cf2fb44fcd8d31dbcc3512d68a261b5ed28f1a638378fa

SHA512
010a51021f1df54c308baa62af01014b6cc9dead19e203ba8a9dec90b5e92b79923e7f8392ddc8953df489d0fc579200784cf211a8cef1ade07b4266e0320b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
3dc7f7a522a4e2ce000a7cf02b4c5c21

SHA1
41625aa9d6ea1aa53a2cfae7f4adccfdd0843374

SHA256
f654d8b1e93f0823037f2edead067d4c9ff221b6fd01cf379e38eda3d0aba0c8

SHA512
aaa12e6831a2ca4aadf7288608a39be03ae134b3fdeb4446d930b9eeb9544b9ddbdf6365e925af3dfc31ef34181f5076ff232137269dfbd3de25daf7dc980b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
4ee03a998a8322ebfa17334a6ee132b5

SHA1
ad7ec2cc8ee9f9638df511772c000f81f4dcf45b

SHA256
01de02f338ab545ad33304b952d4c5ca48ba077b8d88199be2808ee5ed9c2139

SHA512
3dab2a53037f65523d46a8d2eeac29bf52ef45be629b19f66d1968a91654cece1b46a144cb1a7c399228dacf6e17f1d63363f4f9e269337f5bf050d2376116cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
f8fdec64f6a090b39f8afde8f70760fe

SHA1
31c0d0f447b671ec5bdfd163c4043d0e59261ab1

SHA256
7610efbf159b96603faf2c8681e31e3bcc7dad1a12c194eed2de70e8dc983659

SHA512
42544b3a4079cbae09f4626ca283b03684f3ec7468c18beb77c0e5fcceecdaad87460472da6424c94e6f1583a34443084c437e9bad806f0657b2a1ac10033dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dcde6209248b88a1c2e25c3e98efc200

SHA1
8e72efe444d7dd6173a59b0b3d511aed414a4715

SHA256
972b83e6087a11350a79a9431fd1a0ce31c60f7ddad3536ccbcbdc97e628afed

SHA512
7e7508b331911261cc07b16366cef6896a6c2547175cba6a09b8baf598b53383f884491b677d5a17ba374691c805a3b94645fb137261540225516af752282d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5a9cadb4988a297e61ac23f3ec072e13

SHA1
7077b04a7448c8ce9412aa86fc23dfd7b7578bb9

SHA256
6f6399f07021cd6417cda17b2aeb1e35c6d547ae0ebba2d97d9c07315442dc84

SHA512
cc80d6f5b055b77d6d85bd35c85c2c20311e26e95e5a8c204731c2149c2f97aee2ab92280eee23a9139dba70a5a2a72d2f058e884b6bf65024db189b9ca42d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1914d87f1afb52950d3dc96bb972b30c

SHA1
ee2ab5f85a3dabc1e8ce59fb052fa216dfb91128

SHA256
94efd2e2ad194239c236a669475f30e1d6e953b25d6a092b5160840e5656eb1c

SHA512
6ea772c408a7a07b6c53524011a5000345bc3d7c6dff06c3bd9dd0cd392a1d79fb4381487aaab78721f6a67a9dc0c887e52c8d398412544375b80b86f5519572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
2ee7ea8b26574533629c0f7f1dfc3ce6

SHA1
2d810f7baa7fb19db28273b8f3e21b0ef30cab3c

SHA256
7a626e88b6077593bf88e6d3e2de7f0723d12357462f1749c3e7c038a19ea3dd

SHA512
395f0665443882eb47fc831baa119c36d687daee75aecbb87286675758833411b3f0476dd84038735b8903566e078694c81f7398312d24eeed0adb4372ce2b19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
193c098c447271e1264fc7f4d73726ae

SHA1
7353129ab8233077cc560609d8be25fee2374e56

SHA256
d94b510c192134df22e0d8372ea4deb8b28fe80cdb523657d62a2f831dfa1313

SHA512
b14d7ffa40aeeaa41775c16b9f9e9ed6625d66fdf3345e566eab2a4327ed9179f4c24d6ad0fc8d978042227bffe49e2d0271cd31640377a0c16d04b7c2632805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
84c6ca3c8fc65f5d52aac568c11f64cf

SHA1
bc7be273555a6c2a48b5a7ac3faace344e023665

SHA256
de74bced8d56fbb2e46f96f905bd3bbc952c58df3929536850092509ad122367

SHA512
e0289f75ca68d25ed1c7f2e967be0bd5ffc430162367682d0d95416f22b26e627f72f32636f7e163e8177fac53bb9ed357739abbf8a88ddf12dbbb4488f21cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
2a42352dfd5640ef3b4395ba0fb91b54

SHA1
78ee66bf6775faf4edae79ee622eb4e655668a5e

SHA256
c86adb419ef9336c396c36c51590fa5866e5e775515b2d2c1412a86343a87f57

SHA512
e655ad00a7d6745bc477043d7d07318ef297c38ac7dfc92b3f39e7220954061b5872070595efd7fbe2fd02d3e1c0c86cf0787111e87e051c90becb0a3ed72584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f0c25b878be1f1acdf766ce17aa6d8c4

SHA1
828befa39631da24dc3486c259202e704e185a4d

SHA256
39a41a8d4bfb6d057e0797c3cdbb979bec5ba1ba4819bacad8e2f3f324f426e3

SHA512
4da413bf6fc7abb6dbc0a38247384c8a39d43ed9343578681b7d3eeecceff24b4962e37f1aa9bc3a3a88ef6377b69014a4b84e626610ad891c19f5244319560e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
48929d0254f0b5dfd84b760129a33ab3

SHA1
465feafbbc36297f4b089cfe72fd658b20246b23

SHA256
dfbb7aada961a2482dbb04077fb696d71d05abb5780f4140de0c3056b3e53316

SHA512
e3b9ade73dfa8f6fe2241d421c1acf9982cb9a5ce7e7b87f053a76f26a21960d7b88f0b6d8ea185768f22c75be2a6c923f8664a62ac13823fcb471bb9727dcc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f9bc9d3e64314fca773ba42f865021ba

SHA1
cf3d28359ab3202669a724cdf9bada55d4c4edc9

SHA256
d7f883264c1c8df197059168b7317a89f0d16e64eb23c05711033dbabbde7475

SHA512
0f1abef025745796583df32bec5749c526460d7352d3bd0670a9f88a9fb3ef2f616cf6c86946b7ce9045b022b1ff56b06cbaac7ea0cadb1b520f57eaf7d2fb96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f0a173ea3b13c4a0928ef0ba22e293e5

SHA1
9d4cebccb9bc4c9944325ac735ccf1ab63785fae

SHA256
79ae660c17141e210f461c72842bf0f7b8a74131e773247cf24d901a78482582

SHA512
0e3d9dd2979b51690ea56ec60542a71e1d8cea568e52d4c957757a4a66bd1c164163cfe4b3d998dc6e9113ce76872db24e93ba5564005bc4c85c8a2b9121fd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
0a47f726618234a93d0dcc103393b894

SHA1
c0a7d273646c7aaddf50ebc85adc52c4eabad1be

SHA256
fb8abd4cacc58a1d5b69da54b774a5277c0bf0c8a43870ca3f5983f01b47d496

SHA512
83902b6aeba59da08cda194dcdd88959b25e372e30f754090f1ddb4687a8075a7b35368fd72fced5fec191dce1948639735fd2ba9413b42dbb4b67a542b88326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
64734e9ca2487885752db92f757c849b

SHA1
5d9cbecf00a2a77665d2e5b14d7e3dab24600a78

SHA256
f2d644fafeff41b124f6f8aac677b268c90cc25c5e18cbf185bde9875a0763c6

SHA512
b7f177b0b321e7d6ab90c855ce9e3445119ea4ba48c07d6ea7eb8c30b3bb72315db8b047064d1461059e372684ae8637f0a7b2aca0f4007fffd104b593764954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
64734e9ca2487885752db92f757c849b

SHA1
5d9cbecf00a2a77665d2e5b14d7e3dab24600a78

SHA256
f2d644fafeff41b124f6f8aac677b268c90cc25c5e18cbf185bde9875a0763c6

SHA512
b7f177b0b321e7d6ab90c855ce9e3445119ea4ba48c07d6ea7eb8c30b3bb72315db8b047064d1461059e372684ae8637f0a7b2aca0f4007fffd104b593764954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
5b648d1d6dcb2e5b5469d1a9534b543b

SHA1
d04b3e83d8eeb09b0a2dbd5c8601e1ec705c0496

SHA256
32463a36a2dd830b9657b22f44355da739c5eb11f06a1ba33330f8129664ca0c

SHA512
a4a255148316301549414238fbf7274588bb88dce57100136385ba89dd7975b1b327a589fe7b4a4f6702f872ac4be0f52575eced53df0cd6fe79a83a0829f347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
72dece5d95ce16f3367132e9e9a37a2b

SHA1
7f9b9057c00b0570b27f384dac0c065815176915

SHA256
0e48acf18fceb9054e2ba095a8b5558875594df741bce0a399f291678815703f

SHA512
774060ab466cff2f30edc781500679f7b2df8ca0c65b4221e900c78069ead7e95ac862b99ef4fa0bc83f43fc9fb18234a7ea350de9a8be9a2ffbf033e011cf43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586ba6.TMP
Filesize
97KB

MD5
7c479f2c5d7e2a812b30be064e6265d1

SHA1
946aa5b1eb39cdad7a244e762a72e5c31db4d33f

SHA256
9600db7a09bd2f5ac7d1dda30189a7539ed028545c0dfd998c9df14c5c63f78b

SHA512
4b9d6fe1e2ace0082026dbe5bb87205e073af04ff0006400548472e29b4336ea6a18104942589508872f4bbef9cb34ceb06c0558fe8c189b81340c63a39ae0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
51aea6550ad03a0b2680a6850332cfa9

SHA1
7c5cf63b0efd160d537576fe444d1fc82dd9e44a

SHA256
32bbe32c360df25c1c486b8a2040e4ff7fe46216b4399b26087ad85878bdd3ff

SHA512
934394ed19ead6098fdccdfe2ec7a05c7612b389a2af83065b7d183cb5d26af657246b40778d42c020b40b2ed5db1bc6bcce923be4b2ef94a0407481a3f8b77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a45e.TMP
Filesize
48B

MD5
417061229c222ea24cb1996c8f2e863a

SHA1
43ae3f33c078a80f0b8f28f9a141169c169c1721

SHA256
ac5cf8269ee0c1dbe4424a57b459ad1c6b8a599e71d65dd9d8b2787c8c10c551

SHA512
1f50d3355261f558e71c0ca8f84a86342b371b6002c2459d082adcaa806ae4f79a0dab2d8d0ec34be33f46d7430c021f661cc7b967204a15b1345905784d4c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
120058cbbcd15ab8ae5ffff297704a09

SHA1
72bedbe43a4434767f90a3e7e3b0a3ebd661d8bd

SHA256
66c1cd34a911d16ffcd5856363b655d4d5768323ffedb6140546a455a3c6e336

SHA512
bf50800b6cb816c2e829200d5ef67837f6f748a334ef4dc8685fa128d926ee36cb699ce474da6c0a2f71f987cf6196995e44376af6aa7e4fdd50bb4480010e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
754B

MD5
25fa34352a6aae9cb2fe6d0ecbfc69b4

SHA1
274e18bcf435a8fc86ab7fe2320131ef07dbb49c

SHA256
1fcf1e1ab2fba4b41b2d67c6d0bc865499b74d1add37aa8a881fe76edb72fc1f

SHA512
29cfce157a41594172802a2553ad81a59d91d2624f58a1b7a4033b6c7ec4960b9cfd47b5776a10793e914735e050b3b5aa77b9c23ce3a1ad979d45e902c7f512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4b341ddac46b36aa643db9cbac0be117

SHA1
b4e5099b86b6614bcea095d3825b9993d11007b0

SHA256
ac43a5aab10d1dccffa029b99c1e7ceb22013243265d969503f923415cdc8847

SHA512
273cd5cfb320c743d796f52c8523487944923a46393ef6ccd8bd8f0e8e77f403cfe52050168f6076c9056c8be64484744ae040a3cc8263b3cdf3e8f67cd6d850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
b4cb4564d54d9ccd0a90ed066acc6483

SHA1
fbacd813b122c60098c112121470b080fd20ab11

SHA256
4d515b4c6098c5f615f1e6deb611d8e39ad203cf5e1f37b9f874d46ac8c83f8e

SHA512
26548fdda471b8a7b47acdaa94382e57293afe6676af53bb4430379703030aa2730605947e450cffe65facaaf19120b30971560462c5ee7aecc53996f1cd830e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3ee862b297afddfdbe638750d43a5c88

SHA1
2b043e89165709f61cbf7a681650719d2063fdcc

SHA256
3e1eacb4f1922f29fd3467c26e8eb1c1a88dddc304d74b4920a58ff05e736ca5

SHA512
323cbd90868d7aa114694706a53ad0d3f0767dc8be9597966af1933ac299395b3b2db18c30b3fa6beb3e65a0043d361801d5ceee6c2b1b244ca49cb39eb5a9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
75dc89382eb59c54d2105edfb88335cd

SHA1
847e5d694033da11d77053c72c1d06bd500f7a2b

SHA256
3cc2db08e29b6a9212a4fc6bfa705056c1ebc0756a0174262abc306ac6ec25ff

SHA512
ff4761f18ef82d4b8fd86cafb4901a24616bc5e92e858dd24541ed52ceb7823882c441832b16f24f8416425c2e6c27cab74d386ae85e5a9994825f08cc12e318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4a2e90f7db2c7c53d1686a7dac09db4a

SHA1
bea781337144ca536066fb419097f6b228460a08

SHA256
c7cf0520ceaff8d9dcc60c179dc19793f9ac993a2702fd8fa6a95fd4a37255b9

SHA512
35b5b17607dc4e51529d0521aa03fa80dacd6e6be8515151d83654c24d4fa89d6c8d923244538f226d2a02886b5f5d559b4633c173d06bf19f0fb533bcb9eab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b347145e28f4c504631090bc991c9e9a

SHA1
1345d0675fbcd2ee06951bac5446d5071995e95a

SHA256
5bc895d35a516c6c1bd00b7759e38d266c21c4536e3307214484a6910a1a0040

SHA512
6253208d114b43119347f793704bbe72a0a06fdd3b2968c9f4e4efac063c189f9ec1308094d8557bdaa618631d5c761480198a8994971845cf21a0a4eb24da0f

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config
Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png
Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png
Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua
Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
38345211bbf6a5a39371fda7cdc009d7

SHA1
d4f33df064fb76e824ea87a25dfdfa331552ac84

SHA256
5348872c64500e1f7affe7e5095eeafa1375879cd8d0ab9807ad11a6601ba31e

SHA512
3fa2730bec4af73aaccd3b138c44bb800afb442808e2f9a14c218c61c5c882d6fd351c94c5d8cbfb4d6b818437e197ca25df37760fda95466a9c85d23dc25b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak
Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak
Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak
Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 327398.crdownload
Filesize
1.2MB

MD5
f14153bbd95fc26d9ccea77c49cf09b9

SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33

SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

Download Submit
C:\Users\Admin\Downloads\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Downloads\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
\??\pipe\LOCAL\crashpad_2136_UVSOVVPSWQLWTGRS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_1964_EXGCCANDUTILJLKG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1052-1467-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/1052-1465-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/1052-1466-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/1324-975-0x0000000005A30000-0x0000000005A40000-memory.dmp

Filesize
64KB

Download
memory/1324-922-0x0000000005A30000-0x0000000005A40000-memory.dmp

Filesize
64KB

Download
memory/1324-909-0x0000000000DA0000-0x0000000000DA8000-memory.dmp

Filesize
32KB

Download
memory/1808-1542-0x0000000004900000-0x0000000004910000-memory.dmp

Filesize
64KB

Download
memory/1992-1543-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/3376-1894-0x00000000051D0000-0x00000000051E0000-memory.dmp

Filesize
64KB

Download
memory/3376-1610-0x00000000006D0000-0x00000000007FA000-memory.dmp

Filesize
1.2MB

Download
memory/3376-1893-0x00000000051D0000-0x00000000051E0000-memory.dmp

Filesize
64KB

Download
memory/3376-1612-0x00000000051D0000-0x00000000051E0000-memory.dmp

Filesize
64KB

Download
memory/3376-1611-0x00000000051D0000-0x00000000051E0000-memory.dmp

Filesize
64KB

Download
memory/4268-147-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4268-206-0x0000000009160000-0x000000000916A000-memory.dmp

Filesize
40KB

Download
memory/4268-148-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4268-207-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4268-136-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4268-151-0x0000000008F90000-0x0000000008FC8000-memory.dmp

Filesize
224KB

Download
memory/4268-143-0x0000000008630000-0x0000000008638000-memory.dmp

Filesize
32KB

Download
memory/4268-152-0x0000000008F70000-0x0000000008F7E000-memory.dmp

Filesize
56KB

Download
memory/4268-174-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4268-134-0x0000000000CB0000-0x0000000000E8A000-memory.dmp

Filesize
1.9MB

Download
memory/4688-1143-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download
memory/5068-997-0x000000000CE00000-0x000000000CF00000-memory.dmp

Filesize
1024KB

Download
memory/5068-923-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/5068-789-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/5068-801-0x0000000004DF0000-0x0000000004E00000-memory.dmp

Filesize
64KB

Download
memory/5068-781-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/5068-797-0x00000000055F0000-0x00000000056F4000-memory.dmp

Filesize
1.0MB

Download
memory/5068-976-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/5068-945-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/5068-793-0x0000000004DC0000-0x0000000004DE0000-memory.dmp

Filesize
128KB

Download
memory/5068-788-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/5068-944-0x0000000004EE0000-0x0000000004EF0000-memory.dmp

Filesize
64KB

Download
memory/5068-938-0x000000000CE00000-0x000000000CF00000-memory.dmp

Filesize
1024KB

Download
memory/5480-2153-0x0000000004C20000-0x0000000004C30000-memory.dmp

Filesize
64KB

Download
memory/5480-2161-0x0000000006690000-0x00000000066CC000-memory.dmp

Filesize
240KB

Download
memory/5480-2141-0x0000000005130000-0x00000000056D4000-memory.dmp

Filesize
5.6MB

Download
memory/5480-2142-0x0000000004A90000-0x0000000004B22000-memory.dmp

Filesize
584KB

Download
memory/5480-2152-0x00000000060F0000-0x000000000612E000-memory.dmp

Filesize
248KB

Download
memory/5480-2171-0x0000000007250000-0x0000000007270000-memory.dmp

Filesize
128KB

Download
memory/5480-2154-0x0000000006130000-0x000000000616C000-memory.dmp

Filesize
240KB

Download
memory/5480-2155-0x00000000060D0000-0x00000000060E2000-memory.dmp

Filesize
72KB

Download
memory/5480-2156-0x0000000006790000-0x0000000006DA8000-memory.dmp

Filesize
6.1MB

Download
memory/5480-2157-0x00000000064A0000-0x00000000065AA000-memory.dmp

Filesize
1.0MB

Download
memory/5480-2158-0x00000000063D0000-0x00000000063E2000-memory.dmp

Filesize
72KB

Download
memory/5480-2159-0x0000000006440000-0x0000000006490000-memory.dmp

Filesize
320KB

Download
memory/5480-2160-0x0000000006620000-0x0000000006686000-memory.dmp

Filesize
408KB

Download
memory/5480-2140-0x0000000000070000-0x00000000001F4000-memory.dmp

Filesize
1.5MB

Download
memory/5480-2162-0x00000000066D0000-0x0000000006726000-memory.dmp

Filesize
344KB

Download
memory/5480-2163-0x00000000072E0000-0x000000000780C000-memory.dmp

Filesize
5.2MB

Download
memory/5480-2164-0x0000000007110000-0x0000000007132000-memory.dmp

Filesize
136KB

Download
memory/5480-2165-0x0000000006760000-0x000000000677E000-memory.dmp

Filesize
120KB

Download
memory/5480-2166-0x0000000007140000-0x000000000715C000-memory.dmp

Filesize
112KB

Download
memory/5480-2167-0x0000000007CE0000-0x00000000081AC000-memory.dmp

Filesize
4.8MB

Download
memory/5480-2168-0x0000000007200000-0x000000000720A000-memory.dmp

Filesize
40KB

Download
memory/5480-2169-0x0000000007230000-0x0000000007250000-memory.dmp

Filesize
128KB

Download
memory/5480-2170-0x0000000007280000-0x00000000072A2000-memory.dmp

Filesize
136KB

Download
memory/5540-1540-0x000000000D9A0000-0x000000000DAA0000-memory.dmp

Filesize
1024KB

Download
memory/5540-1538-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/5540-1535-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/5540-1536-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/5812-1539-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download