lumma | a8ebc2f5c78093046ccdc96ed499b3bd263e95b53747ccec408858af6805bf82

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2023 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Phoenix.exe
Size

415KB
MD5

2807ce367d65d1d80ea563097d7a7a23
SHA1

650bdea392dac369a877bbd032c82ff175fe69a6
SHA256

a8ebc2f5c78093046ccdc96ed499b3bd263e95b53747ccec408858af6805bf82
SHA512

17612c7d624f18b7d9126a9938b13490a13196a804286f45f3dfd497ce89ebde707e55670e5571650bd6d72db8deb45d5994e1fd1a6aaaf0c2e5ef76ed669a72
SSDEEP

6144:rDTojL6Ed0YXwBx1X2gTiPHqAZ/exrdKV2:rDToXd0YOX2aQYxRKV2

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

KrnlUI.exeCefSharp.BrowserSubprocess.exekrnl_beta.exeCefSharp.BrowserSubprocess.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe

Executes dropped EXE 8 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
1268	krnl_beta.exe
4424	7za.exe
3836	7za.exe
3144	KrnlUI.exe
4012	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe

Loads dropped DLL 46 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
1268	krnl_beta.exe
1268	krnl_beta.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248778264241166"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exechrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
3144	KrnlUI.exe
3144	KrnlUI.exe
4012	CefSharp.BrowserSubprocess.exe
4012	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
3676	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
4468	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
1584	CefSharp.BrowserSubprocess.exe
4768	chrome.exe
4768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

chrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4840 wrote to memory of 1344	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1344	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4908	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 4908	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 452	4840	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Phoenix.exe
"C:\Users\Admin\AppData\Local\Temp\Phoenix.exe"
1⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9fb9758,0x7ffcd9fb9768,0x7ffcd9fb9778
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:2
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff609f47688,0x7ff609f47698,0x7ff609f476a8
3⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5144 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3240 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5420 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5588 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5744 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5408 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:1276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3180 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3240 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5496 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5704 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6300 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5656 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4896 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6368 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4404 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5680 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1756 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:2592

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1268

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:4424

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:3836

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3144

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2188 --field-trial-handle=2420,i,8301146448333625670,2193963628798525438,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=3144
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4012

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2200 --field-trial-handle=2420,i,8301146448333625670,2193963628798525438,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=3144
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3676

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3112 --field-trial-handle=2420,i,8301146448333625670,2193963628798525438,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=3144 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4468

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=2420,i,8301146448333625670,2193963628798525438,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=3144 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2612 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5276 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4920 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6060 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:8
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5072 --field-trial-handle=1860,i,2345236161762199966,9911186370066931841,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20230402025707.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\01f801d1-f3d1-4f56-b457-c2a259649bc2.tmp

Filesize
175KB

MD5
ea38ac2b78396d97a69e58be7f9396ba

SHA1
b8cc1985e91369a66648b0d73df9e521139a0938

SHA256
4627d68b36a80db81460769898bcbdfa119b4ba31e399d3f03bc8a03595bbb5b

SHA512
3895f477302a150b668c0a25d4fc4d3d98bd6a49c83ff8e42ac9b2008f082b1cceae75389823ca5a01744d32da8b4350624bd52ee375feafa5a0679da4af4383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
10b1102baf964d75a0ce7676ee85dbb7

SHA1
b1e6c78b08ae79f5aa021fdecd5ab04fc04c2995

SHA256
a908f0b83b50291bba322fa1d67afa9c1217c0d544d93b29fd6ecd9c394b4f95

SHA512
cfcfd7da69e1648ca1ccc86365a2977bb21ecb9aeb173a3bb95bb39adab64bc88694d2377e9dec76563cc2277ad8292be9d43b706d4dbdc1a2a23f76cfc1fb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
299KB

MD5
a71de54f8ab2288074608cbc653bf3ad

SHA1
a2ee4caa4901eec77742e7bade150d9e89bf42aa

SHA256
f6627d50e18b44edf4426a1d4f1aade2326b3002fc4f845b8ee7ecfb6bfcdfc0

SHA512
5df77398c99482005412a79d144a4c7cb85a95d8cd13f85a45fa02f5db12aa16304a8d658cb5d514a2ac92d252545bd0900ac42d341d0810dc4c1c4f37d7164e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
68KB

MD5
75d646446e92f953c075982d56a16c40

SHA1
f58c07c5a85ab9fc5f3966de5716099e0eca42c3

SHA256
b849818336676895ae90e416108f8e218db4388fc57adfb45f3af58d202d58c6

SHA512
4af2259eae1660d90b3543a6c86fd8bd2dff0b81dadedcaa3d74b7efe2cc2c4f5e7238416d8cb518247cec9cb53537eae169c1c328d1f59193bfa3e41129bb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9408799389191bd06c071bfd456c63c0

SHA1
0b43323fb198c0683f0028fe69881990417ac78c

SHA256
cd88654555b3cceebac8293520a57d1f516d4ca1d793810a8b90b7f685014097

SHA512
b29f9a2cc8ada2a698772edf4ab22b96133717280f7c73da99fbbdc83d49ebde7aa1ccd508b916a12375907143574d677c98732ad09b8c107636b28c63c540bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_googleads.g.doubleclick.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_googleads.g.doubleclick.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
8f420b931ae01eeb463fd8e04deb5e3b

SHA1
fb52813190189f3985cc1d3add5b92f49377f0a2

SHA256
7ce2db70103de1653410af9b46f6b6140084c788cb5f40b5191ffb997879edb0

SHA512
f59ede02040ce2286ab5d5e1b1087af96bc6c9f12a8a658680ed17bcdc66af830822f4f024fcf131148664ef48a9c17eca06413aa1512c41da7d11d5767c7787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
aa4bb164f8b75ef556f7eb9f4b88c85c

SHA1
de1a4a35ed5bee8a006fabf5953e64b742a600c3

SHA256
bd6fda41e07ee5a65f5d54d201274775065c7b1c1af60fc5c5f3edfb622e396e

SHA512
c671311192f44b5ab3ad47a1fc3e69113d447165b41f5005ffbdc37ffab5f5c373c4280cebec21921136b96e5c52dacf94f03cbb6719150f3ee96fbaceb4e231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
813679cd45824baccbe4b6b839571bee

SHA1
7d6ed430306a4f7758bb21445dc5028f003a1169

SHA256
d709429eae1a6c63964762cfe1ed301c88cfc6f0f811ac83f1892dd47cbcf219

SHA512
221845219c6b42570467cd35c75b2acf05a3b68a1d0be11045f91e9520d3051cf60b69e64b1c05aa46136158eab45f42ea278a9961ce31d04d389aff63541d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4f0b0c6c8aea0c2ce7d4d117fd96ffbb

SHA1
8f26457c6e73ec51bdb67baed14ce7e5b579470b

SHA256
112ee15ae6d648532aa38d980d9969f5e1b62b8f49676f433cb7e5f68bc74928

SHA512
120dee839616f80ee9c558ac725d621ea6d9998375a1111cfc454ca69c4995b8cc76165044bfa241e9fb9f8111869a7b651efa6393086c0bff890e34cdff412f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7a71495d2a9c0d1faebd5e9489f079eb

SHA1
6665dec2ae414391581937e4df9ffcfb8b3e3ac2

SHA256
8fb36d3ef2fdab1ae9589ae199121ed1801b451889e15ba2861bef2c7aeb0599

SHA512
85bbfa19ffa14f45e1eff511a0d9b97f4649f5511ba2c6bbfd54d3027bcd976890248e84f93b2624aee0a142b48b20b9b50fc0a894548455788616c8d5ff1118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e5298c3a73f6483b13e4662182f01f6a

SHA1
efc22666aaf3eb932cf5aa9644aa9b89a394065a

SHA256
8f3623f0a4178e325e905c81ea409230157d8fc2ffdd7eff445220444fe7d641

SHA512
efc6d6efbe5b9a6ce6a8387f3645d453274882eb3d1de6af11ed10563db7d52cf3306d7176cf07fd18a1691692f3fc168e8f0b14cc8f062a6b62603c9e45aa23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8990c69781b343a3db70a73c913cb9a7

SHA1
5968072459f3cfa99221541a27b50162e58138e6

SHA256
43c09b6a241fca5199c00d019d759c8d2ca270c005a5f7829e81e0d75b0dbd60

SHA512
038fec9210a7c165efd834f94bbfdce6aab0358e9681a9c9b525286fc64f504750906f1fa9f4382787ecd119c7e22eccd95ec31ed48b1ce43274c46f5eb03717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
34bf3491111c3ec34dedab1f5887049e

SHA1
9ead76d6975f5d64efbddb945d220be1b270e100

SHA256
3d7fa8e2ff1531003f576258931e5784c0f4cb6f015350f685b7092d8e77abcb

SHA512
4d1d6713202a208f4b3dfa94d902229b2aabc2bf7ab8afab4ff947f68b1cca133f92b699945714515453511fcf7246c7b229248c164efed66309ff1729783e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
49026752fe176092b9339932357d5db0

SHA1
bf794934e9028a42e94234ddd1af9a56e9169111

SHA256
34f0ff6ba2a208e9d0fe229462502b905a303fe600f2969f1a7e16632941333e

SHA512
72b29a208d32c7f938738d1ce151c4f3d563739820d8a01de20e4fdd711dc9ebf1f87e767a58e1b57a35007bf5c1d31a2f8ed99d9a3172bc1762d6c53dbff226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f6635954844b05724f8a77a4efcfe48

SHA1
c3338ced352bf7f4a8f037e091524625401effdd

SHA256
1bc0eb4597cae14e6ebf2d98332c184ee71e51e3fde8eba5b2b344b6c167ffdf

SHA512
b2c0eb19be80ea9321daf680e2f6d0007160b82a5e049cdf0829e1de5eb6aaa60eae3fe299eac7bfb36478f7c9fec76c2e43b8a9b857a9de677594f3383510e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4bb8270424254b60299356ea8232933

SHA1
a0a1c80be22fcde079be45c0a4fcd7907ff2d6a8

SHA256
9d935216fe667fb2dd0f33d930ba0ad9858fe48b14f20a2916756ed342bb7cbd

SHA512
6d7d8206f702167cede3e235ade516901d7fc903af4a047209bede729ad9024f99261971241960473caca02cb26ec6f03e1cffbae3cded5517bbba4083ffa33e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d24f52d7588868e306e674880546bdcc

SHA1
00d0615cf53a7dca882b49d11468aad22c85a767

SHA256
209b18134e0c89c1b5bfa796bdfff8c425ea959bac2a9afffca741457d5a9a71

SHA512
d631b5f9b627c2914b64cd6604259ab76bd45e90febdb073dc071ebb3b411bb8b0e9920f5f9ce064d41f50b0604b175a88ebcd9f0c3c389d41049be61cc0fc20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f97d62ba701f88414ea5d2c65f013170

SHA1
4ecc8ae5be97d3543a828e284ff95008eb93f0c7

SHA256
d0453671f86fe370b9aaec73b3f27dfdb6e211335ff623bdec52385d3645f97e

SHA512
8fe58679740944bb7a451de8c3d98c3c7451fab8441e6e9e45a491215ce384b00af940ba9e8c8856eabd0510e338ebce62d1330102daaa6639245d282bd2bc92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
af4b2dedce900d29baad17b38e7dd92b

SHA1
1f64c4139e1481f49d8a10db54eac4230c888dbb

SHA256
801d192c6eccc75cd4860aba9d13918afa14680879d62ca3c348b5b78ea5ac74

SHA512
7c3f6a2d6b80bad9561b2632ae79ecaf4fc4ac41965092ffe74ab967877f9f42b3e427efc24e28f9dff7c712106c60db60c596290f8be754e84f696bd44341cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
086027c247524fe95eb69cb009ec463a

SHA1
1162dcee752fd8a1a84d9c17c991f60cc5c2f249

SHA256
dae11208f308b12a7bfa02698ff359d5bee5a644b7c9f09fb025366d8cdac13d

SHA512
315bbb8cd48804a08b564b8df5fd4e5a333ec175cf172136f66dd9a23fa5f35effe2f219ac57bf9c6d11b530154bd18e7e44c192eb1f2f6f66d8ab9a1b25cf3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
15b7503370eac27c0d5ea3292932716e

SHA1
40012ce5fda73612e4c3a1566e766f51311a597d

SHA256
13211be8029ee494350b5529a59cd2be46df9da7628c71f04d13db8035922ee7

SHA512
9c1b00b13e6bc32237abf549a55be95860946e77273aefacca45a45392bef5b94ff78a028204f87d8cde9ec211f1b75869165f23d4e982ab217c91e8d7f548f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56d49a.TMP

Filesize
120B

MD5
d857943cddf03f77ee56aa3d9b118e65

SHA1
4cd9927f2df2a5b7d270c7836cd0fe542ecff9ad

SHA256
12d9a20eff2697a4149ee6903be51eaf5831784eb7a29b75d5d15db716373601

SHA512
5118801dfb4dcd30a675ed74c77c7a46a5abb74008a58eda1374038a17965791f7e487a3c6601473a2bd073c530007c00a07839d3d7269f3d889feaa0c3505e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
aa0faeaa3424709c70def385dc54d453

SHA1
dd8a5bd001ef672bcefbd2845af752f47d1ae209

SHA256
50131e01e443846a55d50ab2eacd9d125559e99eca1dec612f63092587eeabaf

SHA512
644ebb5e4f4df49c35065008a0b968a39253c655f29ea79f45797f8c3b8fb02de802af7bd77579b94f332a471536b3d158547b385bd4a39dbd106ab569e5a029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
825fe8c5f8ad07d32d9bc48625867747

SHA1
db8be09f3ee875d137f3040761e9300905a2bfa3

SHA256
e0cc4646a8b311ca5c15d8b4ada5268d9243c6b62c5a5e33d19a3e2c34f069bb

SHA512
ce0913776783f20a9f3faa15d1d60af3eff016981358042e9714c3485331cc3d9824530c9897f27c761a2e2731a49e96213d7c2148ac3073b8953af883a7134b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
35a23b1b900249d50aa7f3a8ea28b4c9

SHA1
399b4c0ee9683511072348efdecceb933955db55

SHA256
4615cfc4ab632e2bf36e8b236bfc354558e7ad8a61bd0700bfb2aeaa2a77aad1

SHA512
2bd534f87b39d84e23648aaf7ea14bf752dd9fc0ffc8c917f278e53a38f9f68179b91a47a3ae0e0afff9dc5a08a378cd28d5e15272e8dcc3498c6077b84cd280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
c932d2af0f438c3b11478bbe3da71cfe

SHA1
bc15b83aa1466262aef7d60dbf921e513c88b4cf

SHA256
fd5404d92ecaaa2d1f95f76f2eefc623305901fadbb75964ddca6ab31ca73175

SHA512
27d814f288a77bd09ec2d4f15b5c34085d31a217e3d32a7322ab74f838eaa95a694596928dce032bcf509417771e1bd4c1c6c1ada0914b361d2a22e6554e1697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
b2a9a2b8cd927442084f952de9e1aa14

SHA1
a3db4f38e0c09a9e4f3174ba534aae57098a2809

SHA256
5ecf9ff76cec1e8cc0b720c1a22bb2fd2372fccf12658ce345d3ce58f09484c0

SHA512
f44151ee75307c755d49b0a264c6caead444875f69be72e42e733dfcb6f87fec1af0c821d177659550574a98756e06494a51a8a916d9467edebe7c2fc1a846a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
8999b851f33064935a79a1412ab40b28

SHA1
0e4cb80e51d7f27b0df7c2bb86d7e676cf0ba671

SHA256
f12cf56d891686c596fc564b950efa6f0286a1a8f545eebe060a37bdf900a4ee

SHA512
1f2007151a53f6055e356516e40644aa68c1be107950b6733f117cc34ca6fd8a8de0d9a00e5d5143298d84159e0a932dc7df445b267f4d198f6fb70325215d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
4c606f9af6792c2c66b7be0f943162fa

SHA1
0861b79d03e5a43c6eda2ccbbf67d1a8b276bfe9

SHA256
59d41881c134079ac57b2582effa733a8d64480ef7f5e163417c2c3d7a481f9b

SHA512
2f0b6796b88bd850341ba50e923c2b4ac969905080f393a23d8dbff52a1530bd12b849f4b1c53a61dad3895483e068059759601249a3781dd4f9b9630603644a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe570b89.TMP

Filesize
99KB

MD5
4a5d52bc03c285a735f92ac68b1d94e6

SHA1
a777c30f6333e15bf8427ac0388c7e53718fc660

SHA256
6de1b5e26f97d596d69c49e9ada9d3dc469699efa24457a5a2584676a7cf8965

SHA512
187205a66cb8eabc4b667b71ae96ab6c58377c81618aa877965e8594e227021ee6a4c7c018d0f1ad6629210013cc07fe249ffe387ba27807d29d65f104d77f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z

Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\SavedTabs\Untitled\tab.config

Filesize
16B

MD5
ff886f43b6ee40cee882df7c664ab787

SHA1
98a2823c0d6254e6091fcc07eb650325632dc75c

SHA256
b5cfe3edaaa58a1d0c05cb78bf5acbbacf41701b38c268cb83e2e2026aec01a9

SHA512
48211e831064f00f0538effcbd4cfc4f5204b5e6c98ddaaa64e6fd83fda32976df51e555af3187f5bb420ee5d7f1488659da1746aba7eae574b916410ee8ac64

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config

Filesize
48B

MD5
38345211bbf6a5a39371fda7cdc009d7

SHA1
d4f33df064fb76e824ea87a25dfdfa331552ac84

SHA256
5348872c64500e1f7affe7e5095eeafa1375879cd8d0ab9807ad11a6601ba31e

SHA512
3fa2730bec4af73aaccd3b138c44bb800afb442808e2f9a14c218c61c5c882d6fd351c94c5d8cbfb4d6b818437e197ca25df37760fda95466a9c85d23dc25b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config

Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z

Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 993883.crdownload

Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe

Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe

Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
\??\pipe\crashpad_4840_XLKVTRISICGIECYU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1268-932-0x0000000005380000-0x0000000005390000-memory.dmp

Filesize
64KB

Download
memory/1268-865-0x0000000005380000-0x0000000005390000-memory.dmp

Filesize
64KB

Download
memory/1268-864-0x0000000009170000-0x000000000917E000-memory.dmp

Filesize
56KB

Download
memory/1268-863-0x0000000009190000-0x00000000091C8000-memory.dmp

Filesize
224KB

Download
memory/1268-855-0x00000000007F0000-0x00000000009CA000-memory.dmp

Filesize
1.9MB

Download
memory/1268-922-0x0000000009320000-0x000000000932A000-memory.dmp

Filesize
40KB

Download
memory/1268-866-0x0000000005380000-0x0000000005390000-memory.dmp

Filesize
64KB

Download
memory/1268-861-0x0000000005380000-0x0000000005390000-memory.dmp

Filesize
64KB

Download
memory/1268-929-0x0000000005380000-0x0000000005390000-memory.dmp

Filesize
64KB

Download
memory/1268-862-0x0000000008160000-0x0000000008168000-memory.dmp

Filesize
32KB

Download
memory/1584-1352-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/1584-1378-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/3144-1343-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/3144-1371-0x000000000E080000-0x000000000E180000-memory.dmp

Filesize
1024KB

Download
memory/3144-1351-0x000000000E080000-0x000000000E180000-memory.dmp

Filesize
1024KB

Download
memory/3144-1320-0x0000000006220000-0x0000000006230000-memory.dmp

Filesize
64KB

Download
memory/3144-1316-0x0000000006110000-0x0000000006214000-memory.dmp

Filesize
1.0MB

Download
memory/3144-1367-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/3144-1312-0x0000000005C20000-0x0000000005C40000-memory.dmp

Filesize
128KB

Download
memory/3144-1308-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/3144-1307-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/3144-1306-0x0000000000F50000-0x000000000106E000-memory.dmp

Filesize
1.1MB

Download
memory/3144-1330-0x0000000005890000-0x00000000058A0000-memory.dmp

Filesize
64KB

Download
memory/3676-1369-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

Filesize
64KB

Download
memory/3676-1349-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

Filesize
64KB

Download
memory/4012-1342-0x0000000000D90000-0x0000000000D98000-memory.dmp

Filesize
32KB

Download
memory/4012-1368-0x00000000057C0000-0x00000000057D0000-memory.dmp

Filesize
64KB

Download
memory/4468-1350-0x0000000000D00000-0x0000000000D10000-memory.dmp

Filesize
64KB

Download
memory/4468-1370-0x0000000000D00000-0x0000000000D10000-memory.dmp

Filesize
64KB

Download