Malware Analysis Report

2025-08-11 06:28

Sample ID 230424-wq2kcsdf64
Target krnl_beta.exe
SHA256 ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
Tags
microsoft phishing lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Threat Level: Known bad

The file krnl_beta.exe was found to be: Known bad.

Malicious Activity Summary

microsoft phishing lumma stealer

Lumma Stealer

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Enumerates physical storage devices

Checks processor information in registry

Uses Volume Shadow Copy service COM API

Uses Volume Shadow Copy WMI provider

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies Internet Explorer settings

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-24 18:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-24 18:08

Reported

2023-04-24 18:17

Platform

win10-20230220-en

Max time kernel

510s

Max time network

493s

Command Line

"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 84a3779c5945d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9c7631c7e876d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "14" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = e09806c3e876d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "880" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "14" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "378" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "389180526" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 61434eace876d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 106863111b77d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B = 03000000010000001400000083da05a9886f7658be73acf0a4930c0f99b92f011400000001000000140000003656896549cb5b9b2f3cac4216504d91b933d79104000000010000001000000062455357dd57cb80c32ab295743cccc00f00000001000000200000006811c6215f18c75fdbe32cf56bd66248562a7fa3ba459cfee338745061e583941900000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d705c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e976542000000001000000dc060000308206d8308204c0a003020102020a613fb718000000000004300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131313031383232353531395a170d3236313031383233303531395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f66742053656375726520536572766572204341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100d00bc0a4a81981e236e5e2aae5f3b2155875beb4e549f1e084f9bb0d64ef85c18155b8f3e7f16d40553dce8b6ad18493f5757c5ba4d47410ca32f323d3aeeecf9e0458c2d947cbd17c004148711b01671718afc6fe73037ee4ef439cef01712a1f81264377985457739d552bf09e8e7d060eac1b54f326f7f82308228b9e061d3738fd72d2cae563c19a5a7db26db352a96ee9aeb5fc8b36f99efaf61c581b9756a511e5b752dbbbe9f054bfb4ff2c6cb85d26cea00ad7df93ed7fddacf12c731ad9193755badd22788ea1d49b09f807223171b094aee0b0e726445790819715ce61ec65e24bf185521632f8b578aa7ecd4dec8321a4a89bbe9a6a04e0a31ccd56186cfd6b2f423ee237f272abd07873727bdeec0058e52130a3083a99ef9fc3f77a169665b5c381aff4397049aff6a9f66a0038f9b40819e01a35a55676225f6af269ae3ead58464db854f68941441e72b1bc122753d2c1ffb2cd50981eb5f4bbb6c28239d9ac1bf23b27846ab0c6260bd73a10e7b3db7cd356ac534c0bfa3b313774d8592bf9007919067bfd1c1d42d4410d2f050ed56b4923ffcfcdf87a82cfda3c2ddfe8d8120418ba1e8877b8981f1007bbc8057e0b09bf6bdde34e5bb0f9c784a63bca4c9f5b6229f7c7a2a89588702ce5c13f3c52234f409ac33185832fbf29f11d508f219607ceeff280c2447d9b62ef2fc37789ab454d533e0279d30203010001a382014b30820147301006092b06010401823715010403020100301d0603551d0e041604143656896549cb5b9b2f3cac4216504d91b933d791301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e637274300d06092a864886f70d01010b0500038202010041c861c1f55b9e3e9131f1b0c6bf0901b49db69074d709dba62e0d9fc8e7763446af0760894c81b33cd5f4123575c273a5f54d848ccba45dafbf92f617085742957265057679adeed1bab82e54a35107ac68eb210ce32581c2cd2af2c3ffcfc2bd49189ac7f084c5f914bc6b95e596efb342d253d54aa012c4ae12765309560e9df7d3a6498850f28a2c9720a2be4e78ef0565b74ba11688de31c70842247ca47b9e9dbc60005e6297e393fca7fe5b7b25dfe4537f4bbee63ef0db0179421c6e856c7db64430fba5379293b2a5ee20ad3f53d5c9f4286b57c1f81d6ab7562ab627811ca62d9fe7f4d0318397a82ab6acbe1b41f5e4895f56fbda5ad35e7d5594107e5357f44a3d402ac8bd679f84e110eefdda6b158249fc461dff4506749c4214edc539d3b3cd0b832790435192f24482ae6e9a1517b219fac7456c98017bbf37a9b088a492bc3838e01de47c97981a2e5fef3865b7352fbd7f4f21fac48cd26f06f94935eadf200f25aaea60ab2c1f4b89fcb7fa5c54904b3ea2284f6ce45265c1fd901c8582886ee9a655dd21287945b014e50acce65fc4bbdb6134699fac2638f7c1294108152e4ca0f7f90c3ede5fab08092d83acac348362f4c949428925b56eb247c5b339a0b1201b2cb18e046fa530491cd046e9405bf4ad6ebadb824a87124a80094ddbdf76b9055b1be0bb20705f0025c7d30efa16ad7b229e7108 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 84a3779c5945d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "29" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d4094edfe876d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "28" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe.jpztfdj.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2788 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 2788 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 2788 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 2788 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 2788 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 2788 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 2788 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 2788 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 2788 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 3632 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 380 wrote to memory of 2448 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1944 wrote to memory of 1636 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe
PID 1944 wrote to memory of 1636 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe
PID 1944 wrote to memory of 1636 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe
PID 1636 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe
PID 1636 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe
PID 1636 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe

"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe"

C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe

C:\57b0a8a0d5c7e9957578da14756c6cb4\\Setup.exe /x86 /x64 /web

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.krnl.place udp
US 66.228.51.170:443 cdn.krnl.place tcp
US 8.8.8.8:53 170.51.228.66.in-addr.arpa udp
US 8.8.8.8:53 k-storage.com udp
US 188.114.96.1:443 k-storage.com tcp
US 8.8.8.8:53 1.96.114.188.in-addr.arpa udp
US 52.182.143.208:443 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 58.250.217.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.237.68:443 dotnet.microsoft.com tcp
US 13.107.237.68:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 68.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 173.223.113.131:443 www.microsoft.com tcp
NL 173.223.113.131:443 www.microsoft.com tcp
US 8.8.8.8:53 statics-marketingsites-eus-ms-com.akamaized.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
DE 23.32.238.105:443 statics-marketingsites-eus-ms-com.akamaized.net tcp
DE 23.32.238.105:443 statics-marketingsites-eus-ms-com.akamaized.net tcp
US 13.107.237.48:443 js.monitor.azure.com tcp
US 13.107.237.48:443 js.monitor.azure.com tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.237.48:443 wcpstatic.microsoft.com tcp
US 13.107.237.48:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 131.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 105.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 48.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.238.32.23.in-addr.arpa udp
US 66.235.152.115:443 microsoftmscompoc.tt.omtrdc.net tcp
US 66.235.152.115:443 microsoftmscompoc.tt.omtrdc.net tcp
US 8.8.8.8:53 115.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.73.24:443 browser.events.data.microsoft.com tcp
US 20.42.73.24:443 browser.events.data.microsoft.com tcp
US 13.107.237.68:443 dotnet.microsoft.com tcp
US 13.107.237.68:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 148.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.237.68:443 www.clarity.ms tcp
US 13.107.237.68:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
HK 20.205.115.81:443 c.clarity.ms tcp
HK 20.205.115.81:443 c.clarity.ms tcp
US 8.8.8.8:53 81.115.205.20.in-addr.arpa udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 156.124.96.23.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 200.232.18.117.in-addr.arpa udp
US 13.107.237.68:443 www.clarity.ms tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 statics-marketingsites-wcus-ms-com.akamaized.net udp
NL 173.223.113.131:443 www.microsoft.com tcp
NL 173.223.113.131:443 www.microsoft.com tcp
DE 23.32.238.99:443 statics-marketingsites-wcus-ms-com.akamaized.net tcp
DE 23.32.238.99:443 statics-marketingsites-wcus-ms-com.akamaized.net tcp
US 13.107.237.48:443 wcpstatic.microsoft.com tcp
US 13.107.237.48:443 wcpstatic.microsoft.com tcp
US 66.235.152.115:443 microsoftmscompoc.tt.omtrdc.net tcp
US 66.235.152.115:443 microsoftmscompoc.tt.omtrdc.net tcp
US 8.8.8.8:53 99.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.65.85:443 browser.events.data.microsoft.com tcp
US 20.42.65.85:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 150.155.9.20.in-addr.arpa udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.237.68:443 www.clarity.ms tcp
US 13.107.237.68:443 www.clarity.ms tcp
HK 20.205.115.81:443 c.clarity.ms tcp
HK 20.205.115.81:443 c.clarity.ms tcp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 204.79.197.200:443 c.bing.com tcp
US 204.79.197.200:443 c.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 20.42.65.85:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
US 192.229.232.200:443 download.visualstudio.microsoft.com tcp
US 192.229.232.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 200.232.229.192.in-addr.arpa udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 73.239.69.13.in-addr.arpa udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.150:443 westus2-0.in.applicationinsights.azure.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp

Files

memory/2788-118-0x00000000009F0000-0x0000000000BCA000-memory.dmp

memory/2788-119-0x00000000056E0000-0x00000000056F0000-memory.dmp

memory/2788-120-0x0000000008450000-0x0000000008458000-memory.dmp

memory/2788-121-0x00000000056E0000-0x00000000056F0000-memory.dmp

memory/2788-122-0x00000000093B0000-0x00000000093E8000-memory.dmp

memory/2788-123-0x00000000056E0000-0x00000000056F0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config

MD5 1705af08ed535cba6454e6c72069cc21
SHA1 a5fa2373c55b9c06934dd62918553cda63f71bdd
SHA256 a8f27919b3bb09a38e6dbd93f9c80518159454e2f4dc0e86f4f7d5d9951ad14f
SHA512 bd73d8c4fcad6d079fa5f1c3055956953762c678bb795f1b36a8c8d13e3e02174213875a3a94c6be315af52aa2f3a21a1c329f16601784cd6c1f3fdbf1da6c9f

memory/2788-132-0x00000000056E0000-0x00000000056F0000-memory.dmp

memory/2788-137-0x00000000056E0000-0x00000000056F0000-memory.dmp

\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

MD5 982475050787051658abd42e890a2469
SHA1 d955e35355e33a9837d00e78c824f6e5792b47f3
SHA256 4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c
SHA512 c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

memory/2788-145-0x0000000009530000-0x000000000953A000-memory.dmp

\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

MD5 982475050787051658abd42e890a2469
SHA1 d955e35355e33a9837d00e78c824f6e5792b47f3
SHA256 4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c
SHA512 c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z

MD5 cb244bb2cbed782853d39042fd705b4b
SHA1 f9a69f8f2b87134579ca8c50b91a67bd596553fe
SHA256 d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015
SHA512 3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

memory/2788-152-0x00000000056E0000-0x00000000056F0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z

MD5 e7e69e3bb82e50d10e17fceb8851f1e3
SHA1 ac38d2c834b5ef30feb0b23272ee289779caf14c
SHA256 1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd
SHA512 ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

MD5 39ed86952a1e7926924a18802c0b75e4
SHA1 e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3
SHA256 b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126
SHA512 fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

MD5 39ed86952a1e7926924a18802c0b75e4
SHA1 e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3
SHA256 b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126
SHA512 fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config

MD5 909df77c711b4133a8f8560483ec2bb3
SHA1 8df8505ec0a0dd670b4044c641e772f6ded485a1
SHA256 c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c
SHA512 0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

memory/3748-529-0x0000028496400000-0x0000028496410000-memory.dmp

memory/3748-547-0x0000028495E00000-0x0000028495E10000-memory.dmp

memory/3748-566-0x00000284959F0000-0x00000284959F1000-memory.dmp

memory/3748-568-0x0000028495F00000-0x0000028495F02000-memory.dmp

memory/3748-570-0x000002849A710000-0x000002849A712000-memory.dmp

memory/3748-571-0x000002849A750000-0x000002849A752000-memory.dmp

memory/3632-583-0x0000022531820000-0x0000022531822000-memory.dmp

memory/3632-586-0x0000022531850000-0x0000022531852000-memory.dmp

memory/3632-588-0x0000022531870000-0x0000022531872000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/3632-677-0x0000022543A90000-0x0000022543A92000-memory.dmp

memory/3632-692-0x0000022547B50000-0x0000022547B52000-memory.dmp

memory/3632-697-0x0000022547B70000-0x0000022547B72000-memory.dmp

memory/3632-699-0x0000022547B90000-0x0000022547B92000-memory.dmp

memory/3632-701-0x0000022547BB0000-0x0000022547BB2000-memory.dmp

memory/3632-703-0x0000022547BE0000-0x0000022547BE2000-memory.dmp

memory/3632-707-0x0000022547BF0000-0x0000022547BF2000-memory.dmp

memory/3632-709-0x0000022547D10000-0x0000022547D12000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 7b31dc686bf1311fd243014c855a12fc
SHA1 9f6e5becd266b210a2153be9eacc57eb0795896d
SHA256 662bd2cac51d230d06d99b12b80398a7323fff530cf0e4dc2927dc574dc59bad
SHA512 b580ea391f297fbeda74d089e34195ac76ef5468eb9e7fff1e666956a08f2be94f35c6e70f4261ac20663d878b160c5d307a1fe00af7bb061b525af3d712afcf

memory/3632-776-0x0000022548820000-0x0000022548920000-memory.dmp

memory/3748-821-0x000002849BFE0000-0x000002849BFE1000-memory.dmp

memory/3748-820-0x000002849BFD0000-0x000002849BFD1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\68fb8n7\imagestore.dat

MD5 7d4f86e858e5aa945cb6d32c2ebc3615
SHA1 fb21b72aa940cac154e3356c28bceafa58cfbd7b
SHA256 ef0ab053b9a33c2801e20904c54c9d2930cb4c5d4fef527b52e223790f6133bf
SHA512 c4929d4027f0de9d90a06621b0a6228a42b82c99a3f54f0e167c66c5a7d1d43e794ec18ea5fae53f7b46d0d3eb1a672573c5d2c2e7efc075ca9bd42fd82bcf0c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1VDOL5XO\favicon[1].ico

MD5 12e3dac858061d088023b2bd48e2fa96
SHA1 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA256 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512 c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

memory/3632-855-0x00000225438B0000-0x00000225438D0000-memory.dmp

memory/3632-881-0x00000225492D0000-0x00000225493D0000-memory.dmp

memory/3632-899-0x00000225498D0000-0x00000225499D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6CI3IN3W\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/3632-959-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-960-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-961-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-962-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-963-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-964-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-965-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-966-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-967-0x0000022531830000-0x0000022531840000-memory.dmp

memory/3632-968-0x0000022531830000-0x0000022531840000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

MD5 e2b88765ee31470114e866d939a8f2c6
SHA1 e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256 523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512 462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

memory/3632-971-0x0000022531830000-0x0000022531840000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

MD5 e2b88765ee31470114e866d939a8f2c6
SHA1 e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256 523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512 462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

MD5 5c4121825e026a48f6aad606896ed1a6
SHA1 a13863fad350818281f1dd504148ca573618ec43
SHA256 8d57737e3b278ae034194800d7f8e140627c24aa79fdd81cfa3c94c08614e3b7
SHA512 a2065004e0e5155efdb78b21cf85e2e300627a89241e1e2cb984428b6b8312211ae21a9cb3e253cba94e3cad61a4a54b92b8f6309de70f432f746e58d9da65a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

MD5 4f546783922fda52e3645e33cdf79e86
SHA1 d03549e994a94a2918872d259ca8d7b9d7eb44fd
SHA256 6fd1d0bce8412d730dd6ed92531e07a19ef81319631eeb1dc83283c946735ba2
SHA512 b6b2e0d1feb2e458f0fe76f016239d3a5bbcf6405ca609f015ecc8cc68cf1a5c7d730adb289b30e7d868697c393edc97f92390874c743eed07fd5c0defa0ac41

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 d8813b904b770626379c479ce78b1ff9
SHA1 05d913fa9b23aa00b7e46617b11f653ac22ce2da
SHA256 d33f48af90372bb23b23392dfaba152c5cd80bc35bb2bb2435ed921cf92d8f06
SHA512 e17bb9a4a78d290500ff54526961bf5b7ac9f624224ab0212f985926a9f7f2e027642656c626bcd86eb2f42c1d8704d372be8c33e3aab051320dd410f7edd514

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 5c417637ec7c2703ade1d00cf9303753
SHA1 542e72171264c0af2d835c45c519e8af17ec87a5
SHA256 d59e1f6ab134be6389e35db413e765c1024a11e551fe945133ea3f23a7f448cd
SHA512 b26861102102fa588945e4469b1e3f0f225eb83299c16b953342240c81aa6a4b874d9fc2a9973f9f276af7ad6eff264f75928d3bec299ed2ff7f6986f11943b1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPMYPZGH\bootstrap-custom.min[1].css

MD5 1b7d32f433b2aea297ddae3c6f2891f4
SHA1 d466b77c34b46d64b73bf37f42434ffdc9fdedbc
SHA256 44d1bc3c3c915f77fc52953ca6440a3b7741dc05bc15ec313d7d3768ef047e35
SHA512 c97adb623557d09072179be1f8ac043bf6b456f854349cb05551fda8e86fe2df738ddf22d77b2128896376373293455a74017a36cdf4c3603ad0c9737ea91dd8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QE90Z885\analytics.min[1].js

MD5 b4a1847f1be996c08716d3b97456d657
SHA1 49113ee2989496eb1858a45ffaa319863d8ccd69
SHA256 8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a
SHA512 b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 b009dd30e49fc51864bcfb651ad7c679
SHA1 3b72ddd5ce382fe49392b5449e3b0df3bb03e0a1
SHA256 35fd03a10de8eadd14550f99dfe9f6dde1f5ffbea1760fc9b41de50b7659ed0b
SHA512 2fb11d9e65d513dbca3dc34385d9c7db9895002677e74469aaaed7ae8c6368e5584b5c2da56f4ab19a49c7d7da5d6c4e7d0f9d3f048cd1f769e4f8da0254c9d5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 94719769aef72d29fb8ddaaafec9e7db
SHA1 fd0eada85e5248ebab64ae2ace863b61b3eca54a
SHA256 46e05b53fa035422d96aab6428c06fb1dfae232500e5f2ee27d58076005192b9
SHA512 1903afcc880561ac4f0387a97b19a0725e2a672afa34dc766fe3c39e928badb163287a83c3de26678f5a875cd0f8e16aa02d8de41743b381d3170dd7248198e3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

MD5 f44e66489d4a262101286b6d65c003e9
SHA1 c7c811e087c08e3a64da08af90986908d8359374
SHA256 c760ead8bb072d29879c5b9e378d4a259b45ebff1b202b7d8bbccc2a390b28ef
SHA512 91a50f3a69a4aecc50690dabc6002da1d02eb997343d5f835ad967c66714f0b8c1ba01e9bfd66c7b1aa9df2b828f6e05dd868c677b4d16bcf843e14d4b98f358

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

MD5 d42b612dfd142064d247eba776a8cf89
SHA1 04fdf2c94b7afe5053a0b366b8912aae0c5a2682
SHA256 f1ca1f0df9cfadcbe0817f8dded1f3f8c4903f9453251fc966df010869b23fd5
SHA512 27519468561e89700c8827f0d2b2604ccfe54240816367b979d40c5458094e45e75d9b4eff08fcbda8159f4e7757d4c3f073f7aadaf0f6f24514609ab2a01df6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\at-config.1.4.1[1].js

MD5 72dcd95e1872e4e7dd4debd9363a3f23
SHA1 73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3
SHA256 d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf
SHA512 12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPMYPZGH\ms.analytics-web-3.min[1].js

MD5 4c857dcc20e04ea8a7d20276654f7639
SHA1 cffdee04572968b3c7d9555c19b7263b8daece52
SHA256 f0b9540efbccfbb653a503f29cbbf788ce73d0f350e56658e3e318bbdb178d85
SHA512 2fd84e0b6be1284eef5cb10487a57854f608f927e9719e42813339c04b704ce364531f77f7caff666b9d5fd9fcfc438711d09b03abc482f46594ec8abc528a2a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\at[1].js

MD5 6b56d2bd5139bc5c00f412cd917a3bac
SHA1 7ebb960a86d15ba09b075265c6c098b9cdafc624
SHA256 cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b
SHA512 e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\dotnet-framework-runtime[1].svg

MD5 5aaa8c37cd59979b920cd21c4a50a38d
SHA1 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7
SHA256 db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6
SHA512 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0MNRVX9C\culture-selector.min[1].js

MD5 4147b3bfb0a145eec758f0cb7292cefb
SHA1 8e02467706ce768bc9e68fea2a8d01b49513d631
SHA256 8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20
SHA512 49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\RE1Mu3b[1].png

MD5 9f14c20150a003d7ce4de57c298f0fba
SHA1 daa53cf17cc45878a1b153f3c3bf47dc9669d78f
SHA256 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
SHA512 d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0MNRVX9C\general.min[1].js

MD5 0a51551c9a5fe36e372fc39eb9bf0b3a
SHA1 6c76d69df786828afad990a0144b5d27d56e7863
SHA256 124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794
SHA512 7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0MNRVX9C\cookie-consent.min[1].js

MD5 276fadd25103db9ea780c1ab25dd42c8
SHA1 54483dc13e60306f87a0e4a4b16b47ffac51e097
SHA256 c9cb2eed50644985e9f73a6897d05d94b80b8c317ea3bb5524c28a16683a63f5
SHA512 174919bc2b37c379531819d3b2fea5097181b600b68b746afb8c52131db2bc05ac6d6c97821fe35f1c4018fb2b2982dcc1d542c568ed3bf0cff71e32b9408eca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QE90Z885\main.min[1].js

MD5 b9b13a437cdee66d01ab9cb18d85d3e0
SHA1 6614ec983dc34b78eda8a8e3ada837a503541a92
SHA256 0d56c5660f9a5afc4b544798551201d14c6d222b658bb1bb0e3f40ca04cb7bb9
SHA512 987cc6da7ac9e739b70572464917b464c0f90b3ba795133d852d7eddea3de89db8e880a3fc05745f1f964e5770d7ab9736f50d241e3577705c80ecf088fc888d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QE90Z885\wcp-consent[1].js

MD5 413fcc759cc19821b61b6941808b29b5
SHA1 1ad23b8a202043539c20681b1b3e9f3bc5d55133
SHA256 daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536
SHA512 e9bf8a74fef494990aafd15a0f21e0398dc28b4939c8f9f8aa1f3ffbd18056c8d1ab282b081f5c56f0928c48e30e768f7e347929304b55547f9ca8c1aabd80b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QE90Z885\74-888e54[2].css

MD5 d094e9449e6ed3dac9facc510011602e
SHA1 8d05d69df299fc59b61ba20b2245ed3bd90571d5
SHA256 a9f24da628989ece81a468b5a98977c64c8d914e9d139aad578bccde73bcc2da
SHA512 de2dc17a3f755b7fc06a92b0b610b3b6e005abe94d38c6ff087fd6f0e50eb1800e42d47045aa54f84832e8b89e946f508877bb60cd6572ed3be814d22d924bd4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\override[1].css

MD5 a570448f8e33150f5737b9a57b6d889a
SHA1 860949a95b7598b394aa255fe06f530c3da24e4e
SHA256 0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248
SHA512 217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QE90Z885\cda-tracker.min[1].js

MD5 a3827d5909344f41d270fc8475f7733c
SHA1 bb6cb83e4d2080ee02ea366699f487c7362d4934
SHA256 bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a
SHA512 5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 7b31dc686bf1311fd243014c855a12fc
SHA1 9f6e5becd266b210a2153be9eacc57eb0795896d
SHA256 662bd2cac51d230d06d99b12b80398a7323fff530cf0e4dc2927dc574dc59bad
SHA512 b580ea391f297fbeda74d089e34195ac76ef5468eb9e7fff1e666956a08f2be94f35c6e70f4261ac20663d878b160c5d307a1fe00af7bb061b525af3d712afcf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPMYPZGH\open-sans-v34-latin-600[1].woff2

MD5 603c99275486a11982874425a0bc0dd1
SHA1 ffeb62d105d2893d323574407b459fbae8cc90a6
SHA256 4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127
SHA512 662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\open-sans-v34-latin-700[1].woff2

MD5 e45478d4d6f15dafda1f25d9e0fb5fa1
SHA1 52cb490cd0ee4442ede034085cda9652b206f91c
SHA256 d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72
SHA512 2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPMYPZGH\open-sans-v34-latin-regular[1].woff2

MD5 e43b535855a4ae53bd5b07a6eeb3bf67
SHA1 6507312d9491156036316484bf8dc41e8b52ddd9
SHA256 b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
SHA512 955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 7b31dc686bf1311fd243014c855a12fc
SHA1 9f6e5becd266b210a2153be9eacc57eb0795896d
SHA256 662bd2cac51d230d06d99b12b80398a7323fff530cf0e4dc2927dc574dc59bad
SHA512 b580ea391f297fbeda74d089e34195ac76ef5468eb9e7fff1e666956a08f2be94f35c6e70f4261ac20663d878b160c5d307a1fe00af7bb061b525af3d712afcf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0MNRVX9C\a2-598841[2].js

MD5 391d31bcdc9733823bdda80ab094ddff
SHA1 11111b527ac86bed0748a026da7fec757b414c46
SHA256 f972ffc4af215a60ab0d70a63535cfcd23a951766c9903c6770bfc431e88852e
SHA512 7a838a824e728fd9a38ff532f19e0b8f965f486256e0c62924d5ac55cb3fee62d745dc1b2e32c5e1123f2541d70721eaaca552ecb67f3f4f335939fedfaf86c6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QE90Z885\space-grotesk-v12-latin-700[1].woff2

MD5 514360ed1b78e71aabe58ecd08f36706
SHA1 1062c179ea2f74b5db67f9d7822c556ed25637dd
SHA256 751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc
SHA512 1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0MNRVX9C\mwfmdl2-v3.54[1].woff

MD5 d0263dc03be4c393a90bda733c57d6db
SHA1 8a032b6deab53a33234c735133b48518f8643b92
SHA256 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA512 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\ai.2.min[1].js

MD5 cd66343575a38db62e92e381d0316440
SHA1 822b959f7d87d16e294faffcff1619d1ca99bc38
SHA256 679a89792c6667a5ef5606e009328640dc1ba78b04f8c876378748967221fa48
SHA512 6c0f8d352f7d41c5a65a0ea169ad283ba9db5e2bc1de0d8a92e37458f938ebaca7e373a41c87aafa53a71cc41041e63ebcdefd505951034e8b3d27ed8d966d03

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPMYPZGH\alert-info[1].svg

MD5 c7db49644f6bf1f50b3190ffba0516ed
SHA1 5bb312a0b6357ccb7e93158ac0f97b4e249e4696
SHA256 2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281
SHA512 9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FPMYPZGH\alert-promo[1].svg

MD5 b119b49f7f799d680e0ade981c8c36e1
SHA1 b2134ee3d8a4669c4b93225c0b987be0c78b6e6e
SHA256 2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4
SHA512 c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 1963c7633424c72704a4b2998a39c758
SHA1 5f68d6112bc3f32d5a67017183551fe3d51db8e5
SHA256 7520f3639898119f8a813df39900946ab40ce35842536ed5a7fc96739cb0f081
SHA512 d7bcae3785c680226610103fcb70ba38f5ab145624b9f7ebb128cdc7f85f3185b79dc313487b0aab1ea14066841281b7e0deb88eb9d8f67c11f2f76f9144587d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A

MD5 d413e16042b931dd6309d727d4df59c4
SHA1 ddb20acf15b29cc53087656780c58632b6116bec
SHA256 680705c8e45bf7288fce3a23778e24d009aee50d7fe8fa12637c34585ac6c81d
SHA512 6f3c20e75cc53c735ba15d3e51c8818a2809691aaaed9f202d9df01c4da312ef6c89a594d859ab939606ddf0e8b00f5d5d75bc19c278e1decdcc2670aa3f94f5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A

MD5 34724619863aef3691eed3e9df10e413
SHA1 141b0e1f7ec6b1668a9b6fa29b610fa18c6ef201
SHA256 9210aad76a7f8f0058d1d8edc05d0a3efb6a6a3dd8ca5be56987f34147a4f6ab
SHA512 442d00e744a9603e9e66bb758b13b5d23b5375a4f1cb1207068e375f180e35ed0eb318094d74eb0f7db02a8cac46e0d2e3f93d400b82c66aa1b2c0ef0c9939b7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 5321eb4efd06d9c18d36148209f53e9c
SHA1 854b4dc33f4bed4474eedc9dee30ecb9a798a18d
SHA256 e2d765f19e3f0cad9a4d0e2ddf9d779453cedbd7306d902a4e7862688e726621
SHA512 5a29b3a44c9257f28d858dbe69087db1af42a10298c800df2ffff34cc7f2addb947fcc54d7c38bf9f65e5ede21d34c6db37367b9230fa387164a9918cf8df6c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 5321eb4efd06d9c18d36148209f53e9c
SHA1 854b4dc33f4bed4474eedc9dee30ecb9a798a18d
SHA256 e2d765f19e3f0cad9a4d0e2ddf9d779453cedbd7306d902a4e7862688e726621
SHA512 5a29b3a44c9257f28d858dbe69087db1af42a10298c800df2ffff34cc7f2addb947fcc54d7c38bf9f65e5ede21d34c6db37367b9230fa387164a9918cf8df6c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 5321eb4efd06d9c18d36148209f53e9c
SHA1 854b4dc33f4bed4474eedc9dee30ecb9a798a18d
SHA256 e2d765f19e3f0cad9a4d0e2ddf9d779453cedbd7306d902a4e7862688e726621
SHA512 5a29b3a44c9257f28d858dbe69087db1af42a10298c800df2ffff34cc7f2addb947fcc54d7c38bf9f65e5ede21d34c6db37367b9230fa387164a9918cf8df6c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231

MD5 feedd7aa119e726542b2db7b01407dd0
SHA1 55d54cd5091907286ba83a18a12a598a2d9accfa
SHA256 0a25eed0e57cf997edccb6ce591b0bdd48f82452dcfb814faf8b8f2fb83fc482
SHA512 b038b6f6ddb86ff94796759c279ac08342d94a68aba262fd6c1a60d3eeb7ad24e88edb48e694b484deed26e547d1e8fca22a5f50d1b02984e95bcbc0ee07832e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231

MD5 2db0fc67cfb1632f6995ab9d6354a086
SHA1 a131bffe12af8e21d603e7bdb8ccd9643bb4eac1
SHA256 738e8a8e439c58c8655b2188d8ab79ca03a6cac8a57cdb35048f928f6066b511
SHA512 c9296f922907c38bf5db77f7051e0a7ea93cf3e12608f7b2fef80ff8e8a7de14dce687f9ebba3cf3242896b42b9b951fa829d9b1f800f585734694c7f81379bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0MNRVX9C\clarity[1].js

MD5 5705f8e24923c332c4da15007746b69e
SHA1 f0bbfc3a328663e77cf279550b0a81476146f25a
SHA256 e63cf738c3a577e286765aaa9de59ed4300f6bf8b5d34773d131afd3da456b9c
SHA512 fb7a979d1506b49d21e8afbe751eb3314debe0c141f2811ffc1cdb8314c8933e9deded9d3256c59f9f735c3594b3a5e784dfa5c581379ddf417ea1610deb10c6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B363E346B43755F918E68AC3AA10D686_6D5DC573178B0888E38E901B96F4F561

MD5 23f13fa5d5276b7dbf238d74556e1a31
SHA1 fd555113d2ff7dce593928de6222af7bc934a454
SHA256 a87124688e3a5c3a620527d852a3a85779af2e7f4e61834438f908d94e46d5d5
SHA512 652ced7c701752622f72e55bccabe075f134e28d688ec52f10716c6c4871eefcdb231c04d6c474ecc82ba8ac948e81fd0c962b32b2e43761424901852a61d06a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B363E346B43755F918E68AC3AA10D686_6D5DC573178B0888E38E901B96F4F561

MD5 676a10f5e1ef00bf0a78e83d2b3d3d93
SHA1 801c189de4022656738b9f1f84bfaa018cff77e3
SHA256 e4f5b238a2335b3762d924907f3f9b49b21b48effbbb5bd4545b653649490b30
SHA512 04539a90c30422806c94e37895639baa800a936f7e2418bbcaf7fe6e854fd963fba96eea91090fd5e3735b68586a27d88a486492c7d48455c268e4a427edffba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

MD5 957378a6d7a5c14f452ad7e35aec3d51
SHA1 09694187ce3041ba93ba7300932e22cc56d9aad0
SHA256 8cbe3f76f948cad844480cce2daf256a23f8b7b94ce3972584c15fea1ee3d63c
SHA512 6b0b5e0ee560c13ea78c9d561da1339960174efc904441c49e377dbe642de286b36172446a3b4a451294b2b4a7aa289be3bb942688366682750dcc8f7204d259

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

MD5 90e26e15ea575f72c26d0cef39b4d275
SHA1 ba9314bc193c63ca6d1a99434d617c3057a928c2
SHA256 e799e8a817425f176c979d90a03e040d7662976e0178919f4249e573310df5f9
SHA512 ee8a747ecf9529eac7a29b695d57896bb28b97905392e024352a49d12b407d5b2ec454073a76ff002c4603a83494022e5792b6a628a37aed863f826358eb2dc3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I79BP5KN\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 5321eb4efd06d9c18d36148209f53e9c
SHA1 854b4dc33f4bed4474eedc9dee30ecb9a798a18d
SHA256 e2d765f19e3f0cad9a4d0e2ddf9d779453cedbd7306d902a4e7862688e726621
SHA512 5a29b3a44c9257f28d858dbe69087db1af42a10298c800df2ffff34cc7f2addb947fcc54d7c38bf9f65e5ede21d34c6db37367b9230fa387164a9918cf8df6c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 c2883f42d99e49620a2f61c8e697da1f
SHA1 913b2ec648648f2dfc38150d6354e47207d2b0d0
SHA256 7d8de8b567fcb30d70a90d41bf16ab20f02e61de058acd1f034cdd4f55974524
SHA512 39234301c6b0b5b27fca4141ab4d62c3bc073ba562c71e3e7df85a6114e9a2d32c38d8f6f8c5cb0c851e4edf37befddc8ac958b8b9d314e6ab56d6437ba19134

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 2b6dd9a1b3230e4b0bc9dc2b7e52b109
SHA1 122e0ab38fa89698985cf7aa475fa49d91741b72
SHA256 022260cb6aac0711c961531d2a922623e1c68d458c619cc933cd25d1eea5c860
SHA512 ad31ada7eab1c0ce5380e83859026756b0a6988ff70989aa2042a9180166f3e7d6082d4d935a4e76b94e516ea6c60b982165fab68f5a50bf55d9019918e79876

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 2b6dd9a1b3230e4b0bc9dc2b7e52b109
SHA1 122e0ab38fa89698985cf7aa475fa49d91741b72
SHA256 022260cb6aac0711c961531d2a922623e1c68d458c619cc933cd25d1eea5c860
SHA512 ad31ada7eab1c0ce5380e83859026756b0a6988ff70989aa2042a9180166f3e7d6082d4d935a4e76b94e516ea6c60b982165fab68f5a50bf55d9019918e79876

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4X92ZOF8\dotnet.microsoft[1].xml

MD5 2b6dd9a1b3230e4b0bc9dc2b7e52b109
SHA1 122e0ab38fa89698985cf7aa475fa49d91741b72
SHA256 022260cb6aac0711c961531d2a922623e1c68d458c619cc933cd25d1eea5c860
SHA512 ad31ada7eab1c0ce5380e83859026756b0a6988ff70989aa2042a9180166f3e7d6082d4d935a4e76b94e516ea6c60b982165fab68f5a50bf55d9019918e79876

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\ndp481-web[1].exe

MD5 31ece8f8856abd47e33f408b54d6f4b5
SHA1 7b03b156e50058474c140290f74621b9842cff06
SHA256 a370bb342fa4547d89fd038143a91e27fcf2e8d330826e64e036ef5b2dc3fac1
SHA512 74f60279ac0b828431b3c5045e73ac0d3f2ffd7d8ee80c57ae4e6f918ae25b17d73ddf2595c5bed577ac375558053009727f349062464b62492f7a51e17f1554

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N4LPIT3V\ndp481-web[1].exe

MD5 0f774e364b59d81f9396b075da92c10e
SHA1 8b5c78682e0fcc358dc37a24a8ad8e46847db1fd
SHA256 c46aa513b122786e133064af1b8d59293bcdedead298c6087f17d03a2ed096c5
SHA512 ab60a1f72a66d7cea5c85650d5b6fa182a88a5014549c1b94114b445b91e22af51e9fbf2693c967c7a7bca1a93f75a8b7673e371ec9037344bf095752b9bc214

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe.jpztfdj.partial

MD5 0f774e364b59d81f9396b075da92c10e
SHA1 8b5c78682e0fcc358dc37a24a8ad8e46847db1fd
SHA256 c46aa513b122786e133064af1b8d59293bcdedead298c6087f17d03a2ed096c5
SHA512 ab60a1f72a66d7cea5c85650d5b6fa182a88a5014549c1b94114b445b91e22af51e9fbf2693c967c7a7bca1a93f75a8b7673e371ec9037344bf095752b9bc214

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe:Zone.Identifier

MD5 0bb8518ad30da7e9392f544fe6d524cc
SHA1 5e8c2310c0de3b2ecc6dd89cdeafc9ce75e67d3c
SHA256 a494c5f2ddd5003bd7423f00a0cb9d07559bc41137055535f34bc2dbef40819c
SHA512 06eed8ac60ec11f5d74b9d754b4df16707f48be4a0225b08d25b9b265fa7082714793c23b1a9ed59d9e8a1daeecbdbcaba3616ee2cdda32eef5d1a422ab6a30c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe

MD5 0f774e364b59d81f9396b075da92c10e
SHA1 8b5c78682e0fcc358dc37a24a8ad8e46847db1fd
SHA256 c46aa513b122786e133064af1b8d59293bcdedead298c6087f17d03a2ed096c5
SHA512 ab60a1f72a66d7cea5c85650d5b6fa182a88a5014549c1b94114b445b91e22af51e9fbf2693c967c7a7bca1a93f75a8b7673e371ec9037344bf095752b9bc214

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe

MD5 0f774e364b59d81f9396b075da92c10e
SHA1 8b5c78682e0fcc358dc37a24a8ad8e46847db1fd
SHA256 c46aa513b122786e133064af1b8d59293bcdedead298c6087f17d03a2ed096c5
SHA512 ab60a1f72a66d7cea5c85650d5b6fa182a88a5014549c1b94114b445b91e22af51e9fbf2693c967c7a7bca1a93f75a8b7673e371ec9037344bf095752b9bc214

C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe

MD5 a219f355b54cc2c40301f34671079f7b
SHA1 f5d68f79ef3954eac723bf671bc327f670e8ef75
SHA256 2b1c5c075627d587efec81bb7e6d39334975d82270f54c80f2b6362b6153003d
SHA512 88936e00b912c33e6d775a703f8059550214ecc95bba17f4634d742ffe910e031f96d5948744c36cbca543e2151f387fc402cd3ddc2899977e462e695c54a4b3

C:\57b0a8a0d5c7e9957578da14756c6cb4\Setup.exe

MD5 a219f355b54cc2c40301f34671079f7b
SHA1 f5d68f79ef3954eac723bf671bc327f670e8ef75
SHA256 2b1c5c075627d587efec81bb7e6d39334975d82270f54c80f2b6362b6153003d
SHA512 88936e00b912c33e6d775a703f8059550214ecc95bba17f4634d742ffe910e031f96d5948744c36cbca543e2151f387fc402cd3ddc2899977e462e695c54a4b3

C:\Users\Admin\AppData\Local\Temp\HFIC88C.tmp.html

MD5 8be68cd624a8316b43c280dab7db9f95
SHA1 535f7c23672d74bfc322c900454ccdca64b0d94e
SHA256 2091b55614f7dff8ac912adb974e24d374ebb90966878eb18298b750610f8c42
SHA512 7e8580f85d8eadee54ffced1dabb1fe63cd1504901c0831220e8c8012925dfee897057b8fb01530cbaba6073147e646dcf1467faf196e2ea7a4e3267c39a2fd8

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-24 18:08

Reported

2023-04-24 18:11

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3216 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 3216 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 3216 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 3216 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 3216 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 3216 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 3216 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 3216 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 3216 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 1864 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1864 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

Processes

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe

"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=2296,i,2974000201198288488,7162926877579410985,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=1864

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=3048 --field-trial-handle=2296,i,2974000201198288488,7162926877579410985,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1864

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3244 --field-trial-handle=2296,i,2974000201198288488,7162926877579410985,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1864 /prefetch:1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=2296,i,2974000201198288488,7162926877579410985,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1864 /prefetch:1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=1652 --field-trial-handle=2296,i,2974000201198288488,7162926877579410985,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1864

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 cdn.krnl.place udp
US 66.228.51.170:443 cdn.krnl.place tcp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 170.51.228.66.in-addr.arpa udp
US 8.8.8.8:53 k-storage.com udp
US 188.114.97.0:443 k-storage.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
NL 173.223.113.164:443 tcp
US 131.253.33.203:80 tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
NL 142.250.179.163:443 udp

Files

memory/3216-133-0x0000000000B20000-0x0000000000CFA000-memory.dmp

memory/3216-134-0x0000000005790000-0x00000000057A0000-memory.dmp

memory/3216-135-0x00000000084A0000-0x00000000084A8000-memory.dmp

memory/3216-136-0x0000000009740000-0x0000000009778000-memory.dmp

memory/3216-137-0x0000000009720000-0x000000000972E000-memory.dmp

memory/3216-138-0x0000000005790000-0x00000000057A0000-memory.dmp

memory/3216-139-0x0000000005790000-0x00000000057A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config

MD5 1705af08ed535cba6454e6c72069cc21
SHA1 a5fa2373c55b9c06934dd62918553cda63f71bdd
SHA256 a8f27919b3bb09a38e6dbd93f9c80518159454e2f4dc0e86f4f7d5d9951ad14f
SHA512 bd73d8c4fcad6d079fa5f1c3055956953762c678bb795f1b36a8c8d13e3e02174213875a3a94c6be315af52aa2f3a21a1c329f16601784cd6c1f3fdbf1da6c9f

memory/3216-152-0x0000000005790000-0x00000000057A0000-memory.dmp

memory/3216-160-0x00000000098D0000-0x00000000098DA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

MD5 982475050787051658abd42e890a2469
SHA1 d955e35355e33a9837d00e78c824f6e5792b47f3
SHA256 4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c
SHA512 c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

MD5 982475050787051658abd42e890a2469
SHA1 d955e35355e33a9837d00e78c824f6e5792b47f3
SHA256 4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c
SHA512 c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z

MD5 cb244bb2cbed782853d39042fd705b4b
SHA1 f9a69f8f2b87134579ca8c50b91a67bd596553fe
SHA256 d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015
SHA512 3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

memory/3216-285-0x0000000005790000-0x00000000057A0000-memory.dmp

memory/3216-286-0x0000000005790000-0x00000000057A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z

MD5 e7e69e3bb82e50d10e17fceb8851f1e3
SHA1 ac38d2c834b5ef30feb0b23272ee289779caf14c
SHA256 1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd
SHA512 ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

MD5 39ed86952a1e7926924a18802c0b75e4
SHA1 e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3
SHA256 b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126
SHA512 fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

MD5 39ed86952a1e7926924a18802c0b75e4
SHA1 e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3
SHA256 b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126
SHA512 fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config

MD5 909df77c711b4133a8f8560483ec2bb3
SHA1 8df8505ec0a0dd670b4044c641e772f6ded485a1
SHA256 c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c
SHA512 0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

memory/1864-544-0x0000000000220000-0x000000000033E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

MD5 6a9e3555a11850420e0e1d7cbaa0ada4
SHA1 17597a85caf29df6556fef012dd1fe5205ef2cb2
SHA256 a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac
SHA512 41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

MD5 6a9e3555a11850420e0e1d7cbaa0ada4
SHA1 17597a85caf29df6556fef012dd1fe5205ef2cb2
SHA256 a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac
SHA512 41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

memory/1864-548-0x0000000004CD0000-0x0000000004CF0000-memory.dmp

memory/1864-549-0x0000000004F00000-0x0000000004F10000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

MD5 6a9e3555a11850420e0e1d7cbaa0ada4
SHA1 17597a85caf29df6556fef012dd1fe5205ef2cb2
SHA256 a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac
SHA512 41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

memory/1864-550-0x0000000004F00000-0x0000000004F10000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

memory/1864-554-0x0000000005420000-0x0000000005524000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

memory/1864-558-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

MD5 100f91507881f85a3b482d3e1644d037
SHA1 4319e1f626318997693e06c6a217fbf2acdf77b2
SHA256 7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550
SHA512 993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

MD5 100f91507881f85a3b482d3e1644d037
SHA1 4319e1f626318997693e06c6a217fbf2acdf77b2
SHA256 7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550
SHA512 993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

MD5 100f91507881f85a3b482d3e1644d037
SHA1 4319e1f626318997693e06c6a217fbf2acdf77b2
SHA256 7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550
SHA512 993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

MD5 7bc0244dba1d340e27eaca9dd8ff08e2
SHA1 3b6941df7c9635bce18cb5ae9275c1c51405827c
SHA256 43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e
SHA512 3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

MD5 7bc0244dba1d340e27eaca9dd8ff08e2
SHA1 3b6941df7c9635bce18cb5ae9275c1c51405827c
SHA256 43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e
SHA512 3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

MD5 1b2a029f73fe1554d9801ec7b7e1ecfe
SHA1 01f487f96a5528e28ca8ca75da60a58072025358
SHA256 d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912
SHA512 a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

MD5 1b2a029f73fe1554d9801ec7b7e1ecfe
SHA1 01f487f96a5528e28ca8ca75da60a58072025358
SHA256 d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912
SHA512 a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat

MD5 d866d68e4a3eae8cdbfd5fc7a9967d20
SHA1 42a5033597e4be36ccfa16d19890049ba0e25a56
SHA256 c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
SHA512 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak

MD5 0d362e859bc788a9f0918d9e79aea521
SHA1 33abea51f76bde3e37f71b7e94f01647bb4dcbd5
SHA256 782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28
SHA512 37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak

MD5 e05272140da2c52a9ebef1700e7c565f
SHA1 e1dc01309fca499af605f83136d35e6d51fcd300
SHA256 123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3
SHA512 476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak

MD5 34516ad6ff9278dea1fa89839156cbe5
SHA1 c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5
SHA256 91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426
SHA512 6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak

MD5 99b4fdf70abc76d31e44186e09a053a6
SHA1 fb4192460341de2a04127f1e7fdf5c41b12ca392
SHA256 87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa
SHA512 d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

MD5 5f7e54710987e30dfca1e90c2063402d
SHA1 3917a469d1516efe34f275b5f31a83227cd14694
SHA256 2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af
SHA512 b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

MD5 5f7e54710987e30dfca1e90c2063402d
SHA1 3917a469d1516efe34f275b5f31a83227cd14694
SHA256 2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af
SHA512 b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

memory/3952-576-0x0000000000420000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png

MD5 971fcb67b3ed9746cfd5c12032c8f54a
SHA1 378d56a2909c9b4dacc1a679664de7a3b9b48109
SHA256 94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc
SHA512 3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

MD5 9aa41e58b0ceded6442c54e93cc279dc
SHA1 76b3622d8bd5c0ab88d2a6422866e8b572afb318
SHA256 a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d
SHA512 ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua

MD5 4417aa7a7b95b7e9d91ffa8e5983577c
SHA1 367b923829db8fecf2c638fb500f161d22631715
SHA256 eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6
SHA512 04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\preview.png

MD5 220cf576403c96a12e4831c4e1aff13a
SHA1 b6ff4cb1a6aec90ea01f3807a66ff1b0864d10bf
SHA256 1bc331bf9cfe7a2ec83fea1d9d67cfd2754239edc4dda5a17f99b420b75d6fd9
SHA512 103aab3a35694076ab14874c1f826a51bf8db59349f66765528d70484a4f5a4c6d751e2af3b5c4b832df68233ea33c5b08662d009fc9f2897c4414d61e0f4e41

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

MD5 1b2a029f73fe1554d9801ec7b7e1ecfe
SHA1 01f487f96a5528e28ca8ca75da60a58072025358
SHA256 d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912
SHA512 a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\profile.png

MD5 20f7c123960c173546b91a9147be8a98
SHA1 d83534a97c5ff8e917bcd92f2e31d558e863796a
SHA256 d132445e583c7e8662fa48a83c35074d91557c34ea713d1812040c33ce8b89dc
SHA512 1f3b3897f21599f99f89846fb92783fad0c2018a4d20da12c9ae1789bc8b284987433c183582dfc5914f3d3b176ecf9f70de036f032b24e78054869ada87826b

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\script.lua

MD5 ef0dfaca318853907f49290a828e73f9
SHA1 e4c200f30ed72a6b384c712ba1304fa2dbe72a73
SHA256 80c4123264cd0e6ae4d5308b8c451ef89cd35ab3bbe214f034a34d243abeb8c5
SHA512 b5fec7a5b7c446f6ed8802740b8afbe948ed24c5d677a8748819988e4501e94deead3e7c933e33e19dbce0e10260dc43ac7710435c3864576b38fd27bc35503b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\card.config

MD5 656626d3691e02c2c2e83276a94add4f
SHA1 258635defa94ec462fbe0c1af91c7b59bef1d1e4
SHA256 0fcf591eb63af5717e253be0931f2e09747df34a27b3ba8d092faf0e55318920
SHA512 2878ceeff7c9d8225006bea6f280587d84d0be316aae41c9c859b632ae71043af52dd2ff1cf50a0804a0a5120da4a500a468170b710e6bb53cc18a391fdf514f

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\profile.png

MD5 5f7201b94d86517399ee2a8de627cbeb
SHA1 0028f36c47b6dd36e7e5a1b24ee41f965be3671c
SHA256 6acc361fca4ef73d7a0bdd39482f3d2938eab6d2d942db995666e0978c0f59a4
SHA512 8037df886217f45330630205090724fd2a1c5e66b6084c9ac746cb52e5d653f3d1816e1feb236df760bf72090b8a880ac6391daae5253ac99e9489551ffd1526

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\preview.png

MD5 4178311492a7c89b085dd0f9e16059d1
SHA1 a8c09191f29ba3538bec9ae2ba14aa4eeb59b5ef
SHA256 7a6e75f8f2a3ed7ba1b3ddb2b34b56ff751053896f37c02d527ba496504563be
SHA512 770cc5a277455c4a6f6da2dcc0ab4951580cde25ba1524194967dc1dff8d5d0cc81c9131313f131fd83f7569b2e56bbd55673fad8ff5f1a847e1ddd7f750a4e3

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\script.lua

MD5 1cf55875084e2163bbdfbf66452b29e6
SHA1 f28c38a655dd68075ade6b915f683968e77bee97
SHA256 177d8cf42fee5c6012f6571b20e7e17e55df8564af59b9be5dddcdbd879b5c5d
SHA512 3e72263077a032688770f08e181d8786c1248bec31a5f69fdbbff2c127b49466909ecd68a5dd7e1061542bf1900a6f7a6ab498310a460c8fbfaeae81aa5f5db3

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\card.config

MD5 5e42cc2c2e0f1e430aa404314afa53e4
SHA1 794be48d0f018d9ef67a9dddb4dd4b6ba66d020e
SHA256 4f94d5d922df31f5611e97f785b3f7bae178268b0f0727e733590ddd6de13bc2
SHA512 e38a0e93a5f7b9d0f3f09d8408fd29450a88672382e828a5926239ce926782fab49692178ba4614e0683bf4ae50d4ebb6491e6bb6e85372972ef4b1b5435639d

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\profile.png

MD5 6cef901a51f67313821f9f7ccca5d38f
SHA1 6a612a1918e94c08b54af9e7e63356d41eff2d82
SHA256 1461d4e5cc1d955721e68d745c900c56c3c28490d86e00cab39f0bcaedc702d8
SHA512 818314e8bbb20fc0fc7ca7884a930063c8c906e8af39abe6c507b96ddeaf5515a9de0c0408bc2483eea067dcd1102bc63095cfd27a6a1af2f628a1bd26929522

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\preview.png

MD5 7b0d11f82c6d558ddccda8a4563f6238
SHA1 615e90c3d799e58850efb189bc220a621dc56e96
SHA256 24f687838f65b20e4f826cc6ab709124a8a91c43789a0b71cb6fc8a58ce8273e
SHA512 5a8dce1fc5c9e2d47634b888bc51ca0ed73eef0f305993979f380e2597a3f5fa45facf0639a2a7d3410c40b29f2ce2b40fbb222660babf009382475cde1e676f

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\tags.config

MD5 b042ffedee19500bf6d971c456ec3655
SHA1 077c12ca4595d02a810a592f8cc85bc961676f4d
SHA256 83167cc46576dd7ff84b1f107e9024238395d2a6016f88b9cb911292d52ec2a9
SHA512 0010593f27183cc66acaeba66c0cc4bf82c8faa821c1f5ee75bc78552792068eaec6b120f17112a3df267784dbf8975d6fce2f394e5b616c7f719148e68e0d86

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\script.lua

MD5 c0baed80a080fcfbcbde7dc86d38b14e
SHA1 1d81bb414f6853c313b6eea6169a7b68001dca68
SHA256 0109c27defe896cf9cccf23e0dc8765d705e8660360c3eca2a2f30599b46d77b
SHA512 3397e3b5bf3591e8ae5ac4b41be05973c484279151d1239d1976ba1267441809e2addc04f74fb61f7ec6f82fa1c3b6f92acab90eb620095e11f55c9f3f2edb2c

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config

MD5 af55765f33160409360ffefd60211d32
SHA1 f16b23456ff82b6875e996c252c92eac375c5c54
SHA256 adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d
SHA512 1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png

MD5 516a58f5a912ea4cbef1098f8fd5ebc3
SHA1 217162ba93d4c94d7b9389694734e365a91905df
SHA256 c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461
SHA512 ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png

MD5 6c5d6e01657cf543c2211452ff43f52f
SHA1 7f4735960b3128f279aa42c4351ee50b32580788
SHA256 014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f
SHA512 f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua

MD5 1f74e0539c4f0816badd444b487dbda9
SHA1 07fc32012374195023f00353c12d800a5ed8d07b
SHA256 f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d
SHA512 d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config

MD5 a3d8125d741db04d38a0c2c56eb9521f
SHA1 69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3
SHA256 e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96
SHA512 014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png

MD5 be676e5468366d6f34839bab1a2be5dd
SHA1 14424fc881b910a406f364d1dffb22ee0dc28e04
SHA256 196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e
SHA512 3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png

MD5 1ea0fccbceecbcfbe9c57bf230241889
SHA1 4b538297c419731bed21e7f0f8c1f921c6c3f389
SHA256 79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd
SHA512 6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config

MD5 773229091774b2b77583da0f15a718ac
SHA1 fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3
SHA256 f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9
SHA512 7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png

MD5 fe0cf96f57839cdd21191af66c241b96
SHA1 fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562
SHA256 bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc
SHA512 5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

MD5 7bc0244dba1d340e27eaca9dd8ff08e2
SHA1 3b6941df7c9635bce18cb5ae9275c1c51405827c
SHA256 43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e
SHA512 3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

MD5 9aa41e58b0ceded6442c54e93cc279dc
SHA1 76b3622d8bd5c0ab88d2a6422866e8b572afb318
SHA256 a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d
SHA512 ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

MD5 9aa41e58b0ceded6442c54e93cc279dc
SHA1 76b3622d8bd5c0ab88d2a6422866e8b572afb318
SHA256 a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d
SHA512 ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

MD5 9aa41e58b0ceded6442c54e93cc279dc
SHA1 76b3622d8bd5c0ab88d2a6422866e8b572afb318
SHA256 a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d
SHA512 ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

memory/1864-607-0x0000000004F00000-0x0000000004F10000-memory.dmp

memory/3952-613-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/1864-614-0x000000000D570000-0x000000000D670000-memory.dmp

memory/3628-615-0x0000000005340000-0x0000000005350000-memory.dmp

memory/2676-616-0x0000000005250000-0x0000000005260000-memory.dmp

memory/2184-617-0x0000000004D00000-0x0000000004D10000-memory.dmp

memory/1864-618-0x0000000004F00000-0x0000000004F10000-memory.dmp

memory/1864-619-0x0000000004F00000-0x0000000004F10000-memory.dmp

memory/1864-620-0x0000000004F00000-0x0000000004F10000-memory.dmp

memory/3952-621-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/1864-622-0x000000000D570000-0x000000000D670000-memory.dmp

memory/2676-624-0x0000000005250000-0x0000000005260000-memory.dmp

memory/3628-623-0x0000000005340000-0x0000000005350000-memory.dmp

memory/2184-625-0x0000000004D00000-0x0000000004D10000-memory.dmp

memory/4736-628-0x0000000004D60000-0x0000000004D70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1864_1057201352\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Users\Admin\AppData\Local\Temp\1864_1057201352\manifest.json

MD5 59741ca0b4ed8f06f8984e5c91747a4a
SHA1 334c396dd6e710de0e5b82b93cfaba764abc0331
SHA256 8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7
SHA512 9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8