Malware Analysis Report

2025-08-06 00:53

Sample ID 230429-yshldabh89
Target krnl_bootstrapper.exe
SHA256 27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
Tags
lumma stealer evasion spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

Threat Level: Known bad

The file krnl_bootstrapper.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer evasion spyware trojan

Lumma Stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Checks whether UAC is enabled

Drops Chrome extension

Checks computer location settings

Executes dropped EXE

Drops file in Program Files directory

Loads dropped DLL

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-29 20:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-29 20:02

Reported

2023-04-29 20:05

Platform

win7-20230220-en

Max time kernel

43s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
N/A N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
N/A N/A C:\Users\Admin\Documents\krnl\krnlss.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: 35 N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: 35 N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1940 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 280 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1940 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 1800 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1800 wrote to memory of 1416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"

C:\Users\Admin\Documents\krnl\7za.exe

"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1

C:\Users\Admin\Documents\krnl\7za.exe

"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6609758,0x7fef6609768,0x7fef6609778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Users\Admin\Documents\krnl\krnlss.exe

"C:\Users\Admin\Documents\krnl\krnlss.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=996 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3956 --field-trial-handle=1212,i,17421680975810033843,6372008783442124136,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.krnl.place udp
DE 170.187.189.97:443 cdn.krnl.place tcp
DE 170.187.189.97:443 cdn.krnl.place tcp
DE 170.187.189.97:443 cdn.krnl.place tcp
DE 170.187.189.97:443 cdn.krnl.place tcp
DE 170.187.189.97:443 cdn.krnl.place tcp
DE 170.187.189.97:443 cdn.krnl.place tcp
DE 170.187.189.97:443 cdn.krnl.place tcp
US 8.8.8.8:53 k-storage.com udp
US 188.114.97.0:443 k-storage.com tcp
US 188.114.97.0:443 k-storage.com tcp
US 8.8.8.8:53 sslcom.repository.certum.pl udp
NL 95.101.74.145:80 sslcom.repository.certum.pl tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2cs35.gcp.gvt2.com udp
US 8.8.8.8:53 e2c9.gcp.gvt2.com udp
IN 35.207.193.180:443 e2cs35.gcp.gvt2.com tcp
ID 34.101.114.154:443 e2c9.gcp.gvt2.com tcp
IN 35.207.193.180:443 e2cs35.gcp.gvt2.com tcp
ID 34.101.114.154:443 e2c9.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
NL 142.250.179.131:443 beacons.gvt2.com tcp
NL 142.250.179.131:443 beacons.gvt2.com udp

Files

memory/1940-54-0x0000000000110000-0x000000000023A000-memory.dmp

memory/1940-55-0x0000000004A30000-0x0000000004A70000-memory.dmp

memory/1940-57-0x0000000000600000-0x000000000060A000-memory.dmp

memory/1940-56-0x0000000000600000-0x000000000060A000-memory.dmp

memory/1940-58-0x0000000002130000-0x000000000213A000-memory.dmp

\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\bin\Monaco.zip

MD5 1a19fd7c42169c76e75e685dca02c190
SHA1 f16b4697bcd348d44965bf9ded731523db9bd606
SHA256 d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331
SHA512 93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

C:\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\bin\src.7z

MD5 7c380ecd5bc2cd51511d0ee5b58df745
SHA1 615749979477621579dd9b04ada8d4dcd9430f1e
SHA256 38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07
SHA512 110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

memory/1940-329-0x0000000004A30000-0x0000000004A70000-memory.dmp

memory/1940-330-0x0000000000600000-0x000000000060A000-memory.dmp

memory/1940-333-0x0000000000600000-0x000000000060A000-memory.dmp

\??\pipe\crashpad_1800_RRPSMKVXZDURPSTO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Documents\krnl\krnlss.exe

MD5 4d7c519cc2127f785d13694d7a281f33
SHA1 6d5d49494ca03fb99f7124197296d43c68d0c027
SHA256 6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5
SHA512 50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

C:\Users\Admin\Documents\krnl\krnlss.exe

MD5 4d7c519cc2127f785d13694d7a281f33
SHA1 6d5d49494ca03fb99f7124197296d43c68d0c027
SHA256 6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5
SHA512 50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

C:\Users\Admin\Documents\krnl\krnlss.exe.config

MD5 0ed4b3831ff5e91dff636145f68aac4c
SHA1 2d1140812945dc1b9e400a88c911803639cb2e49
SHA256 03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
SHA512 4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

memory/2324-617-0x0000000000820000-0x00000000009A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab76E7.tmp

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\Local\Temp\Tar770A.tmp

MD5 73b4b714b42fc9a6aaefd0ae59adb009
SHA1 efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256 c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA512 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\Tar79B0.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

memory/2324-803-0x0000000001FD0000-0x000000000200E000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

memory/2324-806-0x0000000001FD0000-0x000000000200E000-memory.dmp

memory/2324-807-0x0000000004BA0000-0x0000000004BE0000-memory.dmp

memory/2324-808-0x0000000005950000-0x0000000005A0A000-memory.dmp

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

memory/2324-812-0x00000000066F0000-0x000000000683D000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

memory/2324-815-0x00000000066F0000-0x000000000683D000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\Documents\krnl\bin\src\libcef.dll

MD5 8c51876f1b5dfbf4964732a65c1f2724
SHA1 ed5653a3a5655ba65d6221285da93799bd2517f9
SHA256 5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e
SHA512 a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

\Users\Admin\Documents\krnl\bin\src\libcef.dll

MD5 8c51876f1b5dfbf4964732a65c1f2724
SHA1 ed5653a3a5655ba65d6221285da93799bd2517f9
SHA256 5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e
SHA512 a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

memory/2324-837-0x0000000004BA0000-0x0000000004BE0000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll

MD5 6499ea6b92ab4971886bd06c12625819
SHA1 5ebb75eeca7625b9511233158a02f50a92867a39
SHA256 6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b
SHA512 e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll

MD5 6499ea6b92ab4971886bd06c12625819
SHA1 5ebb75eeca7625b9511233158a02f50a92867a39
SHA256 6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b
SHA512 e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

memory/2324-851-0x0000000004B30000-0x0000000004B3E000-memory.dmp

memory/2324-854-0x0000000004B30000-0x0000000004B3E000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

memory/2324-858-0x0000000004B40000-0x0000000004B4E000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

memory/2324-861-0x0000000004B40000-0x0000000004B4E000-memory.dmp

\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512 e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512 e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

memory/2324-865-0x0000000005640000-0x0000000005682000-memory.dmp

\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512 e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

memory/2324-866-0x0000000004BA0000-0x0000000004BE0000-memory.dmp

memory/2324-867-0x0000000004BA0000-0x0000000004BE0000-memory.dmp

C:\Users\Admin\Documents\krnl\ScintillaNET.dll

MD5 9166536c31f4e725e6befe85e2889a4b
SHA1 f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256 ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512 113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

\Users\Admin\Documents\krnl\ScintillaNET.dll

MD5 9166536c31f4e725e6befe85e2889a4b
SHA1 f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256 ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512 113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

\Users\Admin\Documents\krnl\ScintillaNET.dll

MD5 9166536c31f4e725e6befe85e2889a4b
SHA1 f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256 ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512 113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

memory/2324-871-0x0000000007DD0000-0x0000000007F24000-memory.dmp

\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll

MD5 2ff7acfa80647ee46cc3c0e446327108
SHA1 c994820d03af722c244b046d1ee0967f1b5bc478
SHA256 08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d
SHA512 50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 723289faca7df9329306414d17cca368
SHA1 962b042e43e45a775ef4e90b990d05df034d72ba
SHA256 048d59f19f65961bdf3f53c9df30c9986644a2fdf91467a83f8c01b38f52b855
SHA512 a3643293a7f211b04a3e00ee971572e5b5ef72d542103aa564437284836536a056f8fc131a55ec78411cfd601420189064d4bdd8003540b0180ef2079458ac0c

memory/2324-886-0x0000000004BA0000-0x0000000004BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05c06db75c437e32a029db3bacda2c71
SHA1 44b7dcea5e9a2b52fa37fd22448f8bf89f48d790
SHA256 3bac435e626b844ce86e66e6b154483a1127dfebdcd43d562fc6ab1087f3019d
SHA512 5526f4b7d3244ec8ad757bc93ecf3572ecba6d8fc2276968da687762970d91d93aebe9fa7cd6705838da7aa9fe3179b1e66bea55d49c6085fd1b44a2594dd71a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\40edab41-ccae-482f-9166-5d63ddc52a7b.tmp

MD5 facba56a5d4405475362ea165f37613c
SHA1 bf0bf4bf11d9c18614dfd73389dd01d89cdbbfc1
SHA256 2bbe50650cd27a134f7d0eda94fd04534c255aec83110b98b3ee52734da60357
SHA512 8af274af808752d5bf0569f4a6ea96deb414145735d9367dd371279543e7f55be131181867c4c110824257990125f6c15169a336d0db3e3521fa21d4c533a724

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-29 20:02

Reported

2023-04-29 20:05

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.61.4_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Settings\Players\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Settings\Players\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AnimationEditor\Checkmark.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\TerrainTools\mt_erode.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AlignTool\button_max_24.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\DeveloperFramework\checkbox_checked_dark.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\traildot.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Emotes\Large\SelectedLine.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\ScreenshotHud\Close.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Settings\Slider\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\TopBar\HealthBarTV.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\avatar\unification\CharacterEmulation.lua C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AnimationEditor\FaceCaptureUI\CloseButton.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\PluginManagement\checked_dark.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\StudioToolbox\EndorsedBadge.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\dropdown_arrow.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\VoiceChat\Blank.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AnimationEditor\button_radio_innercircle.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\RoactStudioWidgets\slider_bar_light.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\StudioToolbox\Clear.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ViewSelector\left_hover_zh_cn.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\PlatformContent\pc\textures\grass\normal.dds C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\fonts\TwemojiMozilla.ttf C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\ButtonRight.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\InGameMenu\ScrollBottom.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\PlayerList\AcceptButton.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AssetManager\explorer.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AudioDiscovery\icon.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\DeveloperFramework\checkbox_unchecked_light.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\StudioSharedUI\DEPRECATED_pending_withbg.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\icon_friendrequestrecieved-16.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Menu\hoverPopupRight.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\VoiceChat\SpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AnimationEditor\Pin.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\MaterialManager\Texture_None.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\RoactStudioWidgets\toggle_on_disable_dark.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Emotes\Editor\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\ScreenshotHud\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\AvatarImporter\img_light_RthroNarrow.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\DeveloperFramework\StudioTheme\clear_hover.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\FaceControlsEditor\checkbox_checked.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\RecordDown.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Chat\MessageCounter.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\btn_newGreyGlow.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Slider-BKG-Left-Cap.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Input\Ring_padded.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\fonts\GothamSSm-Bold.otf C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\menuDownArrow.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\GameSettings\refresh_dark_theme.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\PivotEditor\PivotEditor.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\StudioSharedUI\preview_expand.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\PlatformContent\pc\textures\water\normal_13.dds C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\StudioUIEditor\icon_resize3.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\VoiceChat\MicDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\DeveloperInspector\Filter.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Modal.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Chat\ToggleChat.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-31b938635c234124\content\textures\ui\Emotes\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133272794479796897" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E C:\Users\Admin\Documents\krnl\krnlss.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\Documents\krnl\krnlss.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\Documents\krnl\krnlss.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\Documents\krnl\krnlss.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c C:\Users\Admin\Documents\krnl\krnlss.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: 35 N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: 35 N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Documents\krnl\7za.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Documents\krnl\krnlss.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Documents\krnl\krnlss.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5036 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 5036 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 5036 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 5036 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 5036 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 5036 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\7za.exe
PID 5036 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\krnlss.exe
PID 5036 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\krnlss.exe
PID 5036 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe C:\Users\Admin\Documents\krnl\krnlss.exe
PID 3736 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\krnl_bootstrapper.exe"

C:\Users\Admin\Documents\krnl\7za.exe

"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1

C:\Users\Admin\Documents\krnl\7za.exe

"C:\Users\Admin\Documents\krnl\7za.exe" x "C:\Users\Admin\Documents\krnl\bin\src.7z" -o"C:\Users\Admin\Documents\krnl\bin" -aoa -bsp1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Documents\krnl\krnlss.exe

"C:\Users\Admin\Documents\krnl\krnlss.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9a59758,0x7ffbc9a59768,0x7ffbc9a59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1404 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4988 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5412 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5668 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5756 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3236 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3436 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2708 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1644 --field-trial-handle=1812,i,4257231717680502299,12209014658905082442,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=84184678f9eab8ed5ceb955a9995c3213bffb741 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x794,0x78c,0x790,0x798,0x79c,0x11f57bc,0x11f57cc,0x11f57dc

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 cdn.krnl.place udp
DE 194.233.168.129:443 cdn.krnl.place tcp
US 8.8.8.8:53 k-storage.com udp
US 188.114.96.0:443 k-storage.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 129.168.233.194.in-addr.arpa udp
US 188.114.96.0:443 k-storage.com tcp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 crls.ssl.com udp
US 18.65.39.32:80 crls.ssl.com tcp
US 8.8.8.8:53 150.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 135.223.24.100.in-addr.arpa udp
US 8.8.8.8:53 32.39.65.18.in-addr.arpa udp
NL 8.238.177.126:80 tcp
US 40.125.122.176:443 tcp
US 20.189.173.12:443 tcp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 142.251.36.1:443 clients2.googleusercontent.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
US 128.116.114.3:443 roblox.com tcp
US 128.116.114.3:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
IN 128.116.104.3:443 www.roblox.com tcp
US 8.8.8.8:53 3.114.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.185.216.42:443 js.rbxcdn.com tcp
US 205.185.216.42:443 js.rbxcdn.com tcp
US 205.185.216.42:443 js.rbxcdn.com tcp
US 205.185.216.42:443 js.rbxcdn.com tcp
US 205.185.216.42:443 js.rbxcdn.com tcp
US 205.185.216.42:443 js.rbxcdn.com tcp
NL 23.72.252.144:443 static.rbxcdn.com tcp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 42.216.185.205.in-addr.arpa udp
US 8.8.8.8:53 144.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 104.18.42.229:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
NL 23.72.252.130:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
IN 128.116.104.4:443 apis.roblox.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 205.234.175.102:443 css.rbxcdn.com tcp
IN 128.116.104.4:443 apis.roblox.com tcp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
IN 128.116.104.4:443 apis.roblox.com tcp
IN 128.116.104.4:443 apis.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 93.184.220.29:80 tcp
IN 128.116.104.3:443 auth.roblox.com tcp
US 8.8.8.8:53 130.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
NL 142.250.179.168:443 ssl.google-analytics.com tcp
NL 8.238.177.126:80 tcp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
NL 142.250.179.170:443 content-autofill.googleapis.com udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 assetgame.roblox.com udp
NL 142.250.179.168:443 ssl.google-analytics.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
DE 23.32.238.104:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
NL 23.72.252.144:443 static.rbxcdn.com tcp
US 8.8.8.8:53 realtime.roblox.com udp
US 8.8.8.8:53 aws-us-east-1c-lms.rbx.com udp
US 8.8.8.8:53 aws-us-west-1c-lms.rbx.com udp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
US 3.229.141.189:443 aws-us-east-1c-lms.rbx.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 54.67.95.246:443 aws-us-west-1c-lms.rbx.com tcp
US 128.116.114.3:443 silver.roblox.com tcp
US 8.8.8.8:53 104.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.124.116.128.in-addr.arpa udp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 8.8.8.8:53 presence.roblox.com udp
US 8.8.8.8:53 189.141.229.3.in-addr.arpa udp
US 8.8.8.8:53 246.95.67.54.in-addr.arpa udp
US 8.8.8.8:53 3.50.116.128.in-addr.arpa udp
US 8.8.8.8:53 67.211.227.13.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 followings.roblox.com udp
US 8.8.8.8:53 badges.roblox.com udp
US 8.8.8.8:53 aws-eu-central-1a-lms.rbx.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 aws-us-east-2c-lms.rbx.com udp
US 8.8.8.8:53 ams1-128-116-121-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-2c-lms.rbx.com udp
US 8.8.8.8:53 sjc1-128-116-117-3.roblox.com udp
DE 3.123.122.247:443 aws-eu-central-1a-lms.rbx.com tcp
NL 128.116.121.3:443 ams1-128-116-121-3.roblox.com tcp
US 3.139.181.74:443 aws-us-east-2c-lms.rbx.com tcp
US 52.89.249.84:443 aws-us-west-2c-lms.rbx.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 8.8.8.8:53 cs.ns1p.net udp
SG 52.76.26.178:443 cs.ns1p.net tcp
SG 52.76.26.178:443 cs.ns1p.net tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 s.ns1p.net udp
US 8.8.8.8:53 accountinformation.roblox.com udp
SG 3.0.214.239:443 s.ns1p.net tcp
US 8.8.8.8:53 247.122.123.3.in-addr.arpa udp
US 8.8.8.8:53 74.181.139.3.in-addr.arpa udp
US 8.8.8.8:53 3.121.116.128.in-addr.arpa udp
US 8.8.8.8:53 84.249.89.52.in-addr.arpa udp
US 8.8.8.8:53 3.117.116.128.in-addr.arpa udp
US 8.8.8.8:53 178.26.76.52.in-addr.arpa udp
SG 3.0.214.239:443 s.ns1p.net tcp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 8.8.8.8:53 239.214.0.3.in-addr.arpa udp
US 8.8.8.8:53 bom1-128-116-104-3.roblox.com udp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 3.101.116.128.in-addr.arpa udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
NL 23.222.19.64:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
IN 128.116.104.3:443 ephemeralcounters.api.roblox.com tcp
NL 23.222.19.64:443 clientsettingscdn.roblox.com tcp
IN 128.116.104.3:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.qq.com udp
US 8.8.8.8:53 64.19.222.23.in-addr.arpa udp
US 8.8.8.8:53 clientsettingscdn.roblox.qq.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 setup-ak.rbxcdn.com udp
US 8.8.8.8:53 setup-ll.rbxcdn.com udp
US 8.8.8.8:53 setup-cfly.rbxcdn.com udp
US 8.8.8.8:53 setup-hw.rbxcdn.com udp
US 8.8.8.8:53 www.roblox.com udp
IN 128.116.104.3:443 www.roblox.com tcp
US 8.8.8.8:53 188.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 205.185.216.42:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 40.125.122.176:443 tcp

Files

memory/5036-133-0x0000000000A20000-0x0000000000B4A000-memory.dmp

memory/5036-134-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/5036-135-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/5036-136-0x0000000009DE0000-0x0000000009DE8000-memory.dmp

memory/5036-137-0x0000000009E60000-0x0000000009E98000-memory.dmp

memory/5036-138-0x0000000009E40000-0x0000000009E4E000-memory.dmp

C:\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\bin\Monaco.zip

MD5 1a19fd7c42169c76e75e685dca02c190
SHA1 f16b4697bcd348d44965bf9ded731523db9bd606
SHA256 d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331
SHA512 93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

C:\Users\Admin\Documents\krnl\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\Documents\krnl\bin\src.7z

MD5 7c380ecd5bc2cd51511d0ee5b58df745
SHA1 615749979477621579dd9b04ada8d4dcd9430f1e
SHA256 38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07
SHA512 110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

memory/5036-401-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/5036-402-0x00000000055D0000-0x00000000055E0000-memory.dmp

C:\Users\Admin\Documents\krnl\krnlss.exe

MD5 4d7c519cc2127f785d13694d7a281f33
SHA1 6d5d49494ca03fb99f7124197296d43c68d0c027
SHA256 6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5
SHA512 50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

C:\Users\Admin\Documents\krnl\krnlss.exe

MD5 4d7c519cc2127f785d13694d7a281f33
SHA1 6d5d49494ca03fb99f7124197296d43c68d0c027
SHA256 6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5
SHA512 50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

C:\Users\Admin\Documents\krnl\krnlss.exe.config

MD5 0ed4b3831ff5e91dff636145f68aac4c
SHA1 2d1140812945dc1b9e400a88c911803639cb2e49
SHA256 03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
SHA512 4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

C:\Users\Admin\Documents\krnl\krnlss.exe

MD5 4d7c519cc2127f785d13694d7a281f33
SHA1 6d5d49494ca03fb99f7124197296d43c68d0c027
SHA256 6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5
SHA512 50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

memory/1576-651-0x00000000009B0000-0x0000000000B34000-memory.dmp

memory/1576-652-0x00000000058F0000-0x0000000005E94000-memory.dmp

memory/1576-653-0x00000000053E0000-0x0000000005472000-memory.dmp

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

memory/1576-666-0x0000000006B70000-0x0000000006BAE000-memory.dmp

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.dll

MD5 5f79e7737e5e8be2cf8711374c114e85
SHA1 86eabaa284074dd2f86f856cea043061091897ef
SHA256 5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72
SHA512 41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

memory/1576-669-0x0000000006BB0000-0x0000000006BEC000-memory.dmp

memory/1576-671-0x0000000006B50000-0x0000000006B62000-memory.dmp

memory/1576-670-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/1576-672-0x0000000007210000-0x0000000007828000-memory.dmp

memory/1576-673-0x0000000006F20000-0x000000000702A000-memory.dmp

memory/1576-674-0x0000000006E50000-0x0000000006E62000-memory.dmp

memory/1576-675-0x0000000006EC0000-0x0000000006F10000-memory.dmp

memory/1576-676-0x00000000070A0000-0x0000000007106000-memory.dmp

memory/1576-677-0x0000000007110000-0x000000000714C000-memory.dmp

memory/1576-678-0x0000000007150000-0x00000000071A6000-memory.dmp

memory/1576-679-0x0000000007D60000-0x000000000828C000-memory.dmp

memory/1576-680-0x0000000007B90000-0x0000000007BB2000-memory.dmp

memory/1576-681-0x00000000071E0000-0x00000000071FE000-memory.dmp

memory/1576-682-0x0000000007BC0000-0x0000000007BDC000-memory.dmp

memory/1576-683-0x0000000008760000-0x0000000008C2C000-memory.dmp

memory/1576-684-0x0000000007C80000-0x0000000007C8A000-memory.dmp

memory/1576-685-0x0000000007CB0000-0x0000000007CD0000-memory.dmp

memory/1576-686-0x0000000007D00000-0x0000000007D22000-memory.dmp

memory/1576-687-0x0000000007CD0000-0x0000000007CF0000-memory.dmp

memory/1576-688-0x00000000082D0000-0x0000000008302000-memory.dmp

memory/1576-689-0x0000000008290000-0x00000000082B2000-memory.dmp

memory/1576-690-0x0000000007D30000-0x0000000007D4A000-memory.dmp

memory/1576-691-0x00000000083E0000-0x00000000084AE000-memory.dmp

memory/1576-692-0x0000000008360000-0x00000000083A4000-memory.dmp

memory/1576-693-0x0000000008330000-0x000000000834A000-memory.dmp

memory/1576-694-0x00000000085E0000-0x0000000008702000-memory.dmp

memory/1576-695-0x0000000008510000-0x0000000008570000-memory.dmp

memory/1576-696-0x00000000084B0000-0x00000000084D4000-memory.dmp

memory/1576-697-0x0000000008710000-0x0000000008754000-memory.dmp

memory/1576-698-0x00000000084E0000-0x000000000850A000-memory.dmp

memory/1576-699-0x0000000008C30000-0x0000000008C62000-memory.dmp

memory/1576-700-0x0000000008D00000-0x0000000008D8C000-memory.dmp

memory/1576-701-0x0000000008F10000-0x0000000009086000-memory.dmp

memory/1576-702-0x0000000009410000-0x00000000094AC000-memory.dmp

memory/1576-703-0x0000000009640000-0x00000000097C6000-memory.dmp

memory/1576-704-0x0000000008E90000-0x0000000008EF6000-memory.dmp

memory/1576-705-0x0000000009570000-0x000000000962A000-memory.dmp

memory/1576-706-0x0000000008CA0000-0x0000000008CC2000-memory.dmp

memory/1576-707-0x0000000008C80000-0x0000000008C8C000-memory.dmp

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.Core.dll

MD5 c7430597fb837d6bc7549b988bdc78a5
SHA1 447d90f6cad3afe3d2c47fd45f730c68d3201990
SHA256 531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88
SHA512 41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

C:\Users\Admin\Documents\krnl\bin\src\libcef.dll

MD5 8c51876f1b5dfbf4964732a65c1f2724
SHA1 ed5653a3a5655ba65d6221285da93799bd2517f9
SHA256 5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e
SHA512 a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll

MD5 6499ea6b92ab4971886bd06c12625819
SHA1 5ebb75eeca7625b9511233158a02f50a92867a39
SHA256 6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b
SHA512 e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

C:\Users\Admin\Documents\krnl\bin\src\chrome_elf.dll

MD5 6499ea6b92ab4971886bd06c12625819
SHA1 5ebb75eeca7625b9511233158a02f50a92867a39
SHA256 6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b
SHA512 e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

C:\Users\Admin\Documents\krnl\bin\src\libcef.dll

MD5 8c51876f1b5dfbf4964732a65c1f2724
SHA1 ed5653a3a5655ba65d6221285da93799bd2517f9
SHA256 5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e
SHA512 a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

memory/1576-718-0x0000000009B30000-0x0000000009B7A000-memory.dmp

memory/1576-722-0x0000000009510000-0x000000000951E000-memory.dmp

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

memory/1576-728-0x0000000009520000-0x000000000952E000-memory.dmp

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.OffScreen.dll

MD5 103d84c4a22967defcbedaea6e11720f
SHA1 f33ff1b8d18ba90ec6dc641dd9a6666746fc72a2
SHA256 7984b97cf1aa2a45381bf4d1849a70c3a37527da6c433b0ff6771912c28d20f2
SHA512 410e63fdae507b97d61b815a846a9ccfd655da4ff23e39652be182e139a974a4a26cc8d4c22057da99c42ce59f215db2f87a173d99ba9cd9a16f392671476fe7

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

C:\Users\Admin\Documents\krnl\bin\src\CefSharp.WinForms.dll

MD5 5e5fe029bff022007c27d024ae7cf262
SHA1 fb7250ec8ca1acd36023b966fae61e85fe2c8ab4
SHA256 7bee1ead1fe16cc4bae25758d1708163489724427f4b540b21ce1e943f070c3b
SHA512 60df60ca9c12295057afb10a050587010ac6326f8e636ef811bb13ef891aa19c98a54ca2e7514181f93a9622677c82d73ea13fb4e72a14f62911eb5ca9073216

memory/1576-735-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/1576-734-0x0000000009E30000-0x0000000009E72000-memory.dmp

C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512 e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512 e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

C:\Users\Admin\Documents\krnl\Bunifu_UI_v1.5.3.dll

MD5 2ecb51ab00c5f340380ecf849291dbcf
SHA1 1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256 f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512 e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

C:\Users\Admin\Documents\krnl\ScintillaNET.dll

MD5 9166536c31f4e725e6befe85e2889a4b
SHA1 f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256 ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512 113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

C:\Users\Admin\Documents\krnl\ScintillaNET.dll

MD5 9166536c31f4e725e6befe85e2889a4b
SHA1 f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256 ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512 113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

memory/1576-739-0x000000000C8D0000-0x000000000CA24000-memory.dmp

C:\Users\Admin\Documents\krnl\ScintillaNET.dll

MD5 9166536c31f4e725e6befe85e2889a4b
SHA1 f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
SHA256 ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
SHA512 113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562

memory/1576-740-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/1576-741-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/1576-742-0x000000000C670000-0x000000000C770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll

MD5 2ff7acfa80647ee46cc3c0e446327108
SHA1 c994820d03af722c244b046d1ee0967f1b5bc478
SHA256 08f0cbbc5162f236c37166772be2c9b8ffd465d32df17ea9d45626c4ed2c911d
SHA512 50a9e20c5851d3a50f69651bc770885672ff4f97de32dfda55bf7488abd39a11e990525ec9152d250072acaad0c12a484155c31083d751668eb01addea5570cd

memory/1576-747-0x000000000C820000-0x000000000C896000-memory.dmp

memory/1576-748-0x000000000CA50000-0x000000000CA6E000-memory.dmp

memory/1576-749-0x00000000055D0000-0x00000000055E0000-memory.dmp

memory/1576-750-0x00000000055D0000-0x00000000055E0000-memory.dmp

\??\pipe\crashpad_3736_YNVOZOPHOCKLFNSU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1734425022\100bcae0-f1c3-485e-b54a-7bd95c8d7ab7.tmp

MD5 9caa8c614bab0c667ec308c2fc7268d0
SHA1 118810cb2e84e9fb58b45786809e1062c1032658
SHA256 3474c2e016e2e6558afa52729659a90e014e7437be68f8606f9f152f1ba2f8fa
SHA512 85111e6075bd5b5a260684cdcb30718f6b0ea295faeeb5e8e406848597a3e35b62a15cd0977c6a13c62537021db00d0bb2317bfe3773e40028495f4e19bf7369

C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1734425022\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1734425022\CRX_INSTALL\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1734425022\CRX_INSTALL\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\128.png

MD5 913064adaaa4c4fa2a9d011b66b33183
SHA1 99ea751ac2597a080706c690612aeeee43161fc1
SHA256 afb4ce8882ef7ae80976eba7d87f6e07fcddc8e9e84747e8d747d1e996dea8eb
SHA512 162bf69b1ad5122c6154c111816e4b87a8222e6994a72743ed5382d571d293e1467a2ed2fc6cc27789b644943cf617a56da530b6a6142680c5b2497579a632b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 66c8ab7e67dc86dae51afd4a87ce9f96
SHA1 372b6444741d40e00b94a0a574f90fd96ffdee86
SHA256 f2be21f6ebda57d94390e896f7cdbbd308e6858857ea03104d504c2b450ee4f2
SHA512 0eda0a927b4ad27d671d1b01a31b131175f75e59aea0f0d1b92a79756773cedad18b487082cd52280de69ce6d707f54c5f4803a75c6263289d0ac97ac8f952c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_metadata\verified_contents.json

MD5 4caf0842b05eed2901158557c86b9a85
SHA1 789062049adf0fc5bbaa61e83e76194a28737b76
SHA256 bdee000b3487443b951aa6f6a0a50eeb81caf0fe943977d987e5acda16c5812c
SHA512 c9c7ddc1007a50f2d0445b9e1400fad79c20eb41b6f6e7832c4bc5462adcfe38cfb0020028da1472b7e0f2a83091166ef950d581a1d0f68bf90d7f57226b919a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\page_embed_script.js

MD5 62fda4fa9cc5866797295daf242ec144
SHA1 b0fd59acfe000541753d0cb3cb38eb04e833f603
SHA256 cae608555363a5ffe6940574ac6ecd03c9ac24c329484598b78ee463554bc591
SHA512 f6a324ad4372387adc9f5b66e4bca678e22b16ca621e6ca8a57b7dd84bc9636f9c6fc3e07251d526ffde03200357c074762cc5d7b707b0a303f9c9a195d98f58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\manifest.json

MD5 c5f9ca95f25d11c8cb46ad8ad121e34d
SHA1 4183e6899a2011a33d429fd0af9770fc26b297ae
SHA256 5e4edb7d56beacfa752e2ba806c31743b0276fd9a752d937645b2246aa4e7612
SHA512 e2606a971cc80851fa5f3be392eaeb2dbcc3567a1d58eee53bae1f05677f0456fc873569078304e3a7c1fd5f7e7aa832bd2fa2f90ddf28f428eaf4e9f9727775

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\eventpage_bin_prod.js

MD5 a03d289fcfab28005ecb9d577944c888
SHA1 3a390c3afd10125e4ecd820bf5e5177589dee696
SHA256 4b36137c70513d476e5c7e86c2bddfa6eeefa0b77092f22f72217cb8f6863c11
SHA512 9182b41c2d4a443f7ec6167601fb280e339638f32b663a46a9afa7546d41591f985ba010d47635119048073f77c8ac496182f94239d1d342c3247a3f89d2fc1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\zu\messages.json

MD5 71f916a64f98b6d1b5d1f62d297fdec1
SHA1 9386e8f723c3f42da5b3f7e0b9970d2664ea0baa
SHA256 ec78ddd4ccf32b5d76ec701a20167c3fbd146d79a505e4fb0421fc1e5cf4aa63
SHA512 30fa4e02120af1be6e7cc7dbb15fae5d50825bd6b3cf28ef21d2f2e217b14af5b76cfcc165685c3edc1d09536bfcb10ca07e1e2cc0da891cec05e19394ad7144

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\zh_TW\messages.json

MD5 0e60627acfd18f44d4df469d8dce6d30
SHA1 2bfcb0c3ca6b50d69ad5745fa692baf0708db4b5
SHA256 f94c6ddedf067642a1af18d629778ec65e02b6097a8532b7e794502747aeb008
SHA512 6ff517eed4381a61075ac7c8e80c73fafae7c0583ba4fa7f4951dd7dbe183c253702dee44b3276efc566f295dac1592271be5e0ac0c7d2c9f6062054418c7c27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\zh_CN\messages.json

MD5 3e76788e17e62fb49fb5ed5f4e7a3dce
SHA1 6904ffa0d13d45496f126e58c886c35366efcc11
SHA256 e72d0bb08cc3005556e95a498bd737e7783bb0e56dcc202e7d27a536616f5ee0
SHA512 f431e570ab5973c54275c9eef05e49e6fe2d6c17000f98d672dd31f9a1fad98e0d50b5b0b9cf85d5bbd3b655b93fd69768c194c8c1688cb962aa75ff1af9bdb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\zh_HK\messages.json

MD5 524e1b2a370d0e71342d05dde3d3e774
SHA1 60d1f59714f9e8f90ef34138d33fbff6dd39e85a
SHA256 30f44cfad052d73d86d12fa20cfc111563a3b2e4523b43f7d66d934ba8dace91
SHA512 d2225cf2fa94b01a7b0f70a933e1fdcf69cdf92f76c424ce4f9fcc86510c481c9a87a7b71f907c836cbb1ca41a8bebbd08f68dbc90710984ca738d293f905272

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ur\messages.json

MD5 8b4df6a9281333341c939c244ddb7648
SHA1 382c80cad29bcf8aaf52d9a24ca5a6ecf1941c6b
SHA256 5da836224d0f3a96f1c5eb5063061aad837ca9fc6fed15d19c66da25cf56f8ac
SHA512 fa1c015d4ea349f73468c78fdb798d462eef0f73c1a762298798e19f825e968383b0a133e0a2ce3b3df95f24c71992235bfc872c69dc98166b44d3183bf8a9e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\vi\messages.json

MD5 773a3b9e708d052d6cbaa6d55c8a5438
SHA1 5617235844595d5c73961a2c0a4ac66d8ea5f90f
SHA256 597c5f32bc999746bc5c2ed1e5115c523b7eb1d33f81b042203e1c1df4bbcafe
SHA512 e5f906729e38b23f64d7f146fa48f3abf6baed9aafc0e5f6fa59f369dc47829dbb4bfa94448580bd61a34e844241f590b8d7aec7091861105d8ebb2590a3bee9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\uk\messages.json

MD5 970963c25c2cef16bb6f60952e103105
SHA1 bbddacfeee60e22fb1c130e1ee8efda75ea600aa
SHA256 9fa26ff09f6acde2457ed366c0c4124b6cac1435d0c4fd8a870a0c090417da19
SHA512 1bed9fe4d4adeed3d0bc8258d9f2fd72c6a177c713c3b03fc6f5452b6d6c2cb2236c54ea972ece7dbfd756733805eb2352cae44bab93aa8ea73bb80460349504

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\no\messages.json

MD5 a1744b0f53ccf889955b95108367f9c8
SHA1 6a5a6771dff13dcb4fd425ed839ba100b7123de0
SHA256 21ceff02b45a4bfd60d144879dfa9f427949a027dd49a3eb0e9e345bd0b7c9a8
SHA512 f55e43f14514eecb89f6727a0d3c234149609020a516b193542b5964d2536d192f40cc12d377e70c683c269a1bdcde1c6a0e634aa84a164775cffe776536a961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\nl\messages.json

MD5 32df72f14be59a9bc9777113a8b21de6
SHA1 2a8d9b9a998453144307dd0b700a76e783062ad0
SHA256 f3fe1ffcb182183b76e1b46c4463168c746a38e461fd25ca91ff2a40846f1d61
SHA512 e0966f5cca5a8a6d91c58d716e662e892d1c3441daa5d632e5e843839bb989f620d8ac33ed3edbafe18d7306b40cd0c4639e5a4e04da2c598331dacec2112aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\pa\messages.json

MD5 97f769f51b83d35c260d1f8cfd7990af
SHA1 0d59a76564b0aee31d0a074305905472f740ceca
SHA256 bbd37d41b7de6f93948fa2437a7699d4c30a3c39e736179702f212cb36a3133c
SHA512 d91f5e2d22fc2d7f73c1f1c4af79db98fcfd1c7804069ae9b2348cbc729a6d2dff7fb6f44d152b0bdaba6e0d05dff54987e8472c081c4d39315cec2cbc593816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ne\messages.json

MD5 065eb4de2319a4094f7c1c381ac753a0
SHA1 6324108a1ad968cb3aec83316c6f12d51456c464
SHA256 160e1cd593c901c7291ea4ecba735191d793ddfd7e9646a0560498627f61da6f
SHA512 8b3e970a2beb8b6b193ad6ab9baa0fd8e1147cb5b9e64d76a6d3f104d636481621be52c2d72c588adf444e136a9b1350ac767255d2e680df44e9a1fb75e4c898

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\id\messages.json

MD5 34d6ee258af9429465ae6a078c2fb1f5
SHA1 612cae151984449a4346a66c0a0df4235d64d932
SHA256 e3c86ddd2efebe88eed8484765a9868202546149753e03a61eb7c28fd62cfca1
SHA512 20427807b64a0f79a6349f8a923152d9647da95c05de19ad3a4bf7db817e25227f3b99307c8745dd323a6591b515221bd2f1e92b6f1a1783bdfa7142e84601b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\hy\messages.json

MD5 55de859ad778e0aa9d950ef505b29da9
SHA1 4479be637a50c9ee8a2f7690ad362a6a8ffc59b2
SHA256 0b16e3f8bd904a767284345ae86a0a9927c47afe89e05ea2b13ad80009bdf9e4
SHA512 edab2fcc14cabb6d116e9c2907b42cfbc34f1d9035f43e454f1f4d1f3774c100cbadf6b4c81b025810ed90fa91c22f1aefe83056e4543d92527e4fe81c7889a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\is\messages.json

MD5 1f565fb1c549b18af8bbfed8decd5d94
SHA1 b57f4bdae06ff3dfc1eb3e56b6f2f204d6f63638
SHA256 e16325d1a641ef7421f2bafcd6433d53543c89d498dd96419b03cba60b9c7d60
SHA512 a60b8e042a9bcdcc136b87948e9924a0b24d67c6ca9803904b876f162a0ad82b9619f1316be9ff107dd143b44f7e6f5df604abfe00818deb40a7d62917cda69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\es\messages.json

MD5 f61916a206ac0e971cdcb63b29e580e3
SHA1 994b8c985dc1e161655d6e553146fb84d0030619
SHA256 2008f4faab71ab8c76a5d8811ad40102c380b6b929ce0bce9c378a7cadfc05eb
SHA512 d9c63b2f99015355aca04d74a27fd6b81170750c4b4be7293390dc81ef4cd920ee9184b05c61dc8979b6c2783528949a4ae7180dbf460a2620dbb0d3fd7a05cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\af\messages.json

MD5 12403ebcce3ae8287a9e823c0256d205
SHA1 c82d43c501fae24bfe05db8b8f95ed1c9ac54037
SHA256 b40bde5b612cfff936370b32fb0c58cc205fc89937729504c6c0b527b60e2cba
SHA512 153401ecdb13086d2f65f9b9f20acb3cefe5e2aeff1c31ba021be35bf08ab0634812c33d1d34da270e5693a8048fc5e2085e30974f6a703f75ea1622a0ca0ffd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\am\messages.json

MD5 cc785a90811435bc9d87d1ba1966b9bf
SHA1 3d56356434cec87a1eea756ff376e08591bfbc14
SHA256 4e85b78853a4690f3079e0645c0debaaa5b3fa82b6ced27163ecbaddac5f8040
SHA512 27fcdb5e65bca356668ce033c9006df7e46dc25aba3f108691e47bf37894db0a351412042f3068c6a25b636a0a3761cbacf42829f3fb47b1a034b2cc3cb857ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ar\messages.json

MD5 3ec93ea8f8422fda079f8e5b3f386a73
SHA1 24640131ccfb21d9bc3373c0661da02d50350c15
SHA256 abd0919121956ab535e6a235de67764f46cfc944071fcf2302148f5fb0e8c65a
SHA512 f40e879f85bc9b8120a9b7357ed44c22c075bf065f45bea42bd5316af929cbd035d5d6c35734e454aef5b79d378e51a77a71fa23f9ebd0b3754159718fceb95c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\az\messages.json

MD5 9a798fd298008074e59ecc253e2f2933
SHA1 1e93da985e880f3d3350fc94f5ccc498efc8c813
SHA256 628145f4281fa825d75f1e332998904466abd050e8b0dc8bb9b6a20488d78a66
SHA512 9094480379f5ab711b3c32c55fd162290cb0031644ea09a145e2ef315da12f2e55369d824af218c3a7c37dd9a276aeec127d8b3627d3ab45a14b0191ed2bbe70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\be\messages.json

MD5 68884dfda320b85f9fc5244c2dd00568
SHA1 fd9c01e03320560cbbb91dc3d1917c96d792a549
SHA256 ddf16859a15f3eb3334d6241975ca3988ac3eafc3d96452ac3a4afd3644c8550
SHA512 7ff0fbd555b1f9a9a4e36b745cbfcad47b33024664f0d99e8c080be541420d1955d35d04b5e973c07725573e592cd0dd84fdbb867c63482baff6929ada27ccde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\bg\messages.json

MD5 2e6423f38e148ac5a5a041b1d5989cc0
SHA1 88966ffe39510c06cd9f710dfac8545672ffdceb
SHA256 ac4a8b5b7c0b0dd1c07910f30dcfbdf1bcb701cfcfd182b6153fd3911d566c0e
SHA512 891fcdc6f07337970518322c69c6026896dd3588f41f1e6c8a1d91204412cae01808f87f9f2dea1754458d70f51c3cef5f12a9e3fc011165a42b0844c75ec683

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\bn\messages.json

MD5 651375c6af22e2bcd228347a45e3c2c9
SHA1 109ac3a912326171d77869854d7300385f6e628c
SHA256 1dbf38e425c5c7fc39e8077a837df0443692463ba1fbe94e288ab5a93242c46e
SHA512 958aa7cf645fab991f2eca0937ba734861b373fb1c8bcc001599be57c65e0917f7833a971d93a7a6423c5f54a4839d3a4d5f100c26efa0d2a068516953989f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ca\messages.json

MD5 d177261ffe5f8ab4b3796d26835f8331
SHA1 4be708e2ffe0f018ac183003b74353ad646c1657
SHA256 d6e65238187a430ff29d4c10cf1c46b3f0fa4b91a5900a17c5dfd16e67ffc9bd
SHA512 e7d730304aed78c0f4a78dadbf835a22b3d8114fb41d67b2b26f4fe938b572763d3e127b7c1c81ebe7d538da976a7a1e7adc40f918f88afadea2201ae8ab47d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\cs\messages.json

MD5 ccb00c63e4814f7c46b06e4a142f2de9
SHA1 860936b2a500ce09498b07a457e0cca6b69c5c23
SHA256 21ae66ce537095408d21670585ad12599b0f575ff2cb3ee34e3a48f8cc71cfab
SHA512 35839dac6c985a6ca11c1bff5b8b5e59db501fcb91298e2c41cb0816b6101bf322445b249eaea0cef38f76d73a4e198f2b6e25eea8d8a94ea6007d386d4f1055

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\cy\messages.json

MD5 a86407c6f20818972b80b9384acfbbed
SHA1 d1531cd0701371e95d2a6bb5edcb79b949d65e7c
SHA256 a482663292a913b02a9cde4635c7c92270bf3c8726fd274475dc2c490019a7c9
SHA512 d9fbf675514a890e9656f83572208830c6d977e34d5744c298a012515bc7eb5a17726add0d9078501393babd65387c4f4d3ac0cc0f7c60c72e09f336dca88de7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\da\messages.json

MD5 b922f7fd0e8ccac31b411fc26542c5ba
SHA1 2d25e153983e311e44a3a348b7d97af9aad21a30
SHA256 48847d57c75af51a44cbf8f7ef1a4496c2007e58ed56d340724fda1604ff9195
SHA512 ad0954deeb17af04858dd5ec3d3b3da12dff7a666af4061deb6fd492992d95db3baf751ab6a59bec7ab22117103a93496e07632c2fc724623bb3acf2ca6093f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\de\messages.json

MD5 d116453277cc860d196887cec6432ffe
SHA1 0ae00288fde696795cc62fd36eabc507ab6f4ea4
SHA256 36ac525fa6e28f18572d71d75293970e0e1ead68f358c20da4fdc643eea2c1c5
SHA512 c788c3202a27ec220e3232ae25e3c855f3fdb8f124848f46a3d89510c564641a2dfea86d5014cea20d3d2d3c1405c96dbeb7ccad910d65c55a32fdca8a33fdd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\el\messages.json

MD5 9aba4337c670c6349ba38fddc27c2106
SHA1 1fc33be9ab4ad99216629bc89fbb30e7aa42b812
SHA256 37ca6ab271d6e7c9b00b846fdb969811c9ce7864a85b5714027050795ea24f00
SHA512 8564f93ad8485c06034a89421ce74a4e719bbac865e33a7ed0b87baa80b7f7e54b240266f2edb595df4e6816144428db8be18a4252cbdcc1e37b9ecc9f9d7897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\en_GB\messages.json

MD5 3734d498fb377cf5e4e2508b8131c0fa
SHA1 aa23e39bfe526b5e3379de04e00eacba89c55ade
SHA256 ab5cda04013dce0195e80af714fbf3a67675283768ffd062cf3cf16edb49f5d4
SHA512 56d9c792954214b0de56558983f7eb7805ac330af00e944e734340be41c68e5dd03eddb17a63bc2ab99bdd9be1f2e2da5be8ba7c43d938a67151082a9041c7ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\en_US\messages.json

MD5 578215fbb8c12cb7e6cd73fbd16ec994
SHA1 9471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512 e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\es_419\messages.json

MD5 535331f8fb98894877811b14994fea9d
SHA1 42475e6afb6a8ae41e2fc2b9949189ef9bbe09fb
SHA256 90a560ff82605db7eda26c90331650ff9e42c0b596cedb79b23598dec1b4988f
SHA512 2ce9c69e901ab5f766e6cfc1e592e1af5a07aa78d154ccbb7898519a12e6b42a21c5052a86783abe3e7a05043d4bd41b28960feddb30169ff7f7fe7208c8cfe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\et\messages.json

MD5 64204786e7a7c1ed9c241f1c59b81007
SHA1 586528e87cd670249a44fb9c54b1796e40cdb794
SHA256 cc31b877238da6c1d51d9a6155fde565727a1956572f466c387b7e41c4923a29
SHA512 44fcf93f3fb10a3db68d74f9453995995ab2d16863ec89779db451a4d90f19743b8f51095eec3ecef5bd0c5c60d1bf3dfb0d64df288dccfbe70c129ae350b2c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\eu\messages.json

MD5 29a1da4acb4c9d04f080bb101e204e93
SHA1 2d0e4587ddd4bac1c90e79a88af3bd2c140b53b1
SHA256 a41670d52423ba69c7a65e7e153e7b9994e8dd0370c584bda0714bd61c49c578
SHA512 b7b7a5a0aa8f6724b0fa15d65f25286d9c66873f03080cbaba037bdeea6aadc678ac4f083bc52c2db01beb1b41a755ed67bbddb9c0fe4e35a004537a3f7fc458

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\fa\messages.json

MD5 097f3ba8de41a0aaf436c783dcfe7ef3
SHA1 986b8cabd794e08c7ad41f0f35c93e4824ac84df
SHA256 7c4c09d19ac4da30cc0f7f521825f44c4dfbc19482a127fbfb2b74b3468f48f1
SHA512 8114ea7422e3b20ae3f08a3a64a6ffe1517a7579a3243919b8f789eb52c68d6f5a591f7b4d16cee4bd337ff4daf4057d81695732e5f7d9e761d04f859359fadb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\fi\messages.json

MD5 b38cbd6c2c5bfaa6ee252d573a0b12a1
SHA1 2e490d5a4942d2455c3e751f96bd9960f93c4b60
SHA256 2d752a5dbe80e34ea9a18c958b4c754f3bc10d63279484e4df5880b8fd1894d2
SHA512 6e65207f4d8212736059cc802c6a7104e71a9cc0935e07bd13d17ec46ea26d10bc87ad923cd84d78781e4f93231a11cb9ed8d3558877b6b0d52c07cb005f1c0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\fil\messages.json

MD5 fcea43d62605860fff41be26bad80169
SHA1 f25c2ce893d65666cc46ea267e3d1aa080a25f5b
SHA256 f51eeb7aaf5f2103c1043d520e5a4de0fa75e4dc375e23a2c2c4afd4d9293a72
SHA512 f66f113a26e5bcf54b9aafa69dae3c02c9c59bd5b9a05f829c92af208c06dc8ccc7a1875cbb7b7ce425899e4ba27bfe8ce2cdaf43a00a1b9f95149e855989ee0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\fr\messages.json

MD5 a58c0eebd5dc6bb5d91daf923bd3a2aa
SHA1 f169870eeed333363950d0bcd5a46d712231e2ae
SHA256 0518287950a8b010ffc8d52554eb82e5d93b6c3571823b7ceca898906c11abcc
SHA512 b04afd61de490bc838354e8dc6c22be5c7ac6e55386fff78489031acbe2dbf1eaa2652366f7a1e62ce87cfccb75576da3b2645fea1645b0eceb38b1fa3a409e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\fr_CA\messages.json

MD5 6cac04bdcc09034981b4ab567b00c296
SHA1 84f4d0e89e30ed7b7acd7644e4867ffdb346d2a5
SHA256 4caa46656ecc46a420aa98d3307731e84f5ac1a89111d2e808a228c436d83834
SHA512 160590b6ec3dcf48f3ea7a5baa11a8f6fa4131059469623e00ad273606b468b3a6e56d199e97daa0ecb6c526260ebae008570223f2822811f441d1c900dc33d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\gl\messages.json

MD5 cc31777e68b20f10a394162ee3cee03a
SHA1 969f7a9caf86ebaa82484fbf0837010ad3fd34d7
SHA256 9890710df0fbf1db41bce41fe2f62424a3bd39d755d29e829744ed3da0c2ce1d
SHA512 8215a6e50c6acf8045d97c0d4d422c0caacb7f09d136e73e34dba48903bb4c85a25d6875b56e192993f48a428d3a85ba041e0e61e4277b7d3a70f38d01f68aab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\gu\messages.json

MD5 bc7e1d09028b085b74cb4e04d8a90814
SHA1 e28b2919f000b41b41209e56b7bf3a4448456cfe
SHA256 fe8218df25db54e633927c4a1640b1a41b8e6cb3360fa386b5382f833b0b237c
SHA512 040a8267d67db05bbaa52f1fac3460f58d35c5b73aa76bbf17fa78acc6d3bfb796a870dd44638f9ac3967e35217578a20d6f0b975ceeeedbadfc9f65be7e72c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\hi\messages.json

MD5 98a7fc3e2e05afffc1cfe4a029f47476
SHA1 a17e077d6e6ba1d8a90c1f3faf25d37b0ff5a6ad
SHA256 d2d1afa224cda388ff1dc8fac24cda228d7ce09de5d375947d7207fa4a6c4f8d
SHA512 457e295c760abfd29fc6bbbb7fc7d4959287bca7fb0e3e99eb834087d17eed331def18138838d35c48c6ddc8a0134affff1a5a24033f9b5607b355d3d48fdf88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\hr\messages.json

MD5 25cdff9d60c5fc4740a48ef9804bf5c7
SHA1 4fadecc52fb43aec084df9ff86d2d465fbebcdc0
SHA256 73e6e246ceeab9875625cd4889fbf931f93b7b9deaa11288ae1a0f8a6e311e76
SHA512 ef00b08496427feb5a6b9fb3fe2e5404525be7c329d9dd2a417480637fd91885837d134a26980dcf9f61e463e6cb68f09a24402805807e656af16b116a75e02c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\hu\messages.json

MD5 8930a51e3ace3dd897c9e61a2aea1d02
SHA1 4108506500c68c054ba03310c49fa5b8ee246ea4
SHA256 958c0f664fca20855fa84293566b2ddb7f297185619143457d6479e6ac81d240
SHA512 126b80cd3428c0bc459eeaafcbe4b9fde2541a57f19f3ec7346baf449f36dc073a9cf015594a57203255941551b25f6faa6d2c73c57c44725f563883ff902606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\it\messages.json

MD5 0d82b734ef045d5fe7aa680b6a12e711
SHA1 bd04f181e4ee09f02cd53161dcabcef902423092
SHA256 f41862665b13c0b4c4f562ef1743684cce29d4bcf7fe3ea494208df253e33885
SHA512 01f305a280112482884485085494e871c66d40c0b03de710b4e5f49c6a478d541c2c1fda2ceaf4307900485946dee9d905851e98a2eb237642c80d464d1b3ada

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\iw\messages.json

MD5 26b1533c0852ee4661ec1a27bd87d6bf
SHA1 18234e3abaf702df9330552780c2f33b83a1188a
SHA256 bbb81c32f482ba3216c9b1189c70cef39ca8c2181af3538ffa07b4c6ad52f06a
SHA512 450bfaf0e8159a4fae309737ea69ca8dd91caafd27ef662087c4e7716b2dcad3172555898e75814d6f11487f4f254de8625ef0cfea8df0133fc49e18ec7fd5d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ja\messages.json

MD5 15ec1963fc113d4ad6e7e59ae5de7c0a
SHA1 4017fc6d8b302335469091b91d063b07c9e12109
SHA256 34ac08f3c4f2d42962a3395508818b48ca323d22f498738cc9f09e78cb197d73
SHA512 427251f471fa3b759ca1555e9600c10f755bc023701d058ff661bec605b6ab94cfb3456c1fea68d12b4d815ffbafabceb6c12311dd1199fc783ed6863af97c0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ka\messages.json

MD5 83f81d30913dc4344573d7a58bd20d85
SHA1 5ad0e91ea18045232a8f9df1627007fe506a70e0
SHA256 30898bbf51bdd58db397ff780f061e33431a38ef5cfc288b5177ecf76b399f26
SHA512 85f97f12ad4482b5d9a6166bb2ae3c4458a582cf575190c71c1d8e0fb87c58482f8c0efead56e3a70edd42bed945816db5e07732ad27b8ffc93f4093710dd58f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\kk\messages.json

MD5 2d94a58795f7b1e6e43c9656a147ad3c
SHA1 e377db505c6924b6bfc9d73dc7c02610062f674e
SHA256 548dc6c96e31a16ce355dc55c64833b08ef3fba8bf33149031b4a685959e3af4
SHA512 f51cc857e4cf2d4545c76a2dce7d837381ce59016e250319bf8d39718be79f9f6ee74ea5a56de0e8759e4e586d93430d51651fc902376d8a5698628e54a0f2d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\km\messages.json

MD5 b3699c20a94776a5c2f90aef6eb0dad9
SHA1 1f9b968b0679a20fa097624c9abfa2b96c8c0bea
SHA256 a6118f0a0de329e07c01f53cd6fb4fed43e54c5f53db4cd1c7f5b2b4d9fb10e6
SHA512 1e8d15b8bff1d289434a244172f9ed42b4bb6bcb6372c1f300b01acea5a88167e97fedaba0a7ae3beb5e24763d1b09046ae8e30745b80e2e2fe785c94df362f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\kn\messages.json

MD5 8e16966e815c3c274eeb8492b1ea6648
SHA1 7482ed9f1c9fd9f6f9ba91ab15921b19f64c9687
SHA256 418ff53fca505d54268413c796e4df80e947a09f399ab222a90b81e93113d5b5
SHA512 85b28202e874b1cf45b37ba05b87b3d8d6fe38e89c6011c4240cf6b563ea6da60181d712cce20d07c364f4a266a4ec90c4934cc8b7bb2013cb3b22d755796e38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ko\messages.json

MD5 f3e59eeeb007144ea26306c20e04c292
SHA1 83e7bdfa1f18f4c7534208493c3ff6b1f2f57d90
SHA256 c52d9b955d229373725a6e713334bbb31ea72efa9b5cf4fbd76a566417b12cac
SHA512 7808cb5ff041b002cbd78171ec5a0b4dba3e017e21f7e8039084c2790f395b839bee04ad6c942eed47ccb53e90f6de818a725d1450bf81ba2990154afd3763af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\lo\messages.json

MD5 e20d6c27840b406555e2f5091b118fc5
SHA1 0dcecc1a58ceb4936e255a64a2830956bfa6ec14
SHA256 89082fb05229826bc222f5d22c158235f025f0e6df67ff135a18bd899e13bb8f
SHA512 ad53fc0b153005f47f9f4344df6c4804049fac94932d895fd02eebe75222cfe77eedd9cd3fdc4c88376d18c5972055b00190507aa896488499d64e884f84f093

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\lt\messages.json

MD5 970544ab4622701ffdf66dc556847652
SHA1 14bee2b77ee74c5e38ebd1db09e8d8104cf75317
SHA256 5dfcbd4dfeaec3abe973a78277d3bd02cd77ae635d5c8cd1f816446c61808f59
SHA512 cc12d00c10b970189e90d47390eeb142359a8d6f3a9174c2ef3ae0118f09c88ab9b689d9773028834839a7dfaf3aac6747bc1dcb23794a9f067281e20b8dc6ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\lv\messages.json

MD5 a568a58817375590007d1b8abcaebf82
SHA1 b0f51fe6927bb4975fc6eda7d8a631bf0c1ab597
SHA256 0621de9161748f45d53052ed8a430962139d7f19074c7ffe7223ecb06b0b87db
SHA512 fcfbadec9f73975301ab404db6b09d31457fac7ccad2fa5be348e1cad6800f87cb5b56de50880c55bbadb3c40423351a6b5c2d03f6a327d898e35f517b1c628c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ml\messages.json

MD5 a342d579532474f5b77b2dfadc690eaa
SHA1 ec5c287519ac7de608a8b155a2c91e5d6a21c23f
SHA256 d974d4fda9c8ee85bdbb43634497b41007801fcaa579d0c4e5bc347063d25975
SHA512 0be5c0243a3ce378afa14d033d4049e38f0c5a1e4d30d45edd784efbb95d445f6c4f29e4cc2e28134ea4b04ecee9632ee8682810d9dbe9d5dd186671a508eaa4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\mn\messages.json

MD5 83e7a14b7fc60d4c66bf313c8a2bef0b
SHA1 1ccf1d79cded5d65439266db58480089cc110b18
SHA256 613d8751f6cc9d3fa319f4b7ea8b2bd3bed37fd077482ca825929dd7c12a69a8
SHA512 3742e24ffc4b5283e6ee496813c1bdc6835630d006e8647d427c3de8b8e7bf814201adf9a27bfab3abd130b6fec64ebb102ac0eb8dedfe7b63d82d3e1233305d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\mr\messages.json

MD5 3b98c4ed8874a160c3789fead5553cfa
SHA1 5550d0ec548335293d962aaa96b6443dd8abb9f6
SHA256 adeb082a9c754dfd5a9d47340a3ddcc19bf9c7efa6e629a2f1796305f1c9a66f
SHA512 5139b6c6df9459c7b5cdc08a98348891499408cd75b46519ba3ac29e99aaafcc5911a1dee6c3a57e3413dbd0fae72d7cbc676027248dce6364377982b5ce4151

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ms\messages.json

MD5 dda32b1db8a11b1f48fb0169e999da91
SHA1 9902fbe38ac5dff4b56ff01d621d30bb58c32d55
SHA256 0135a4da8e41564af36f711b05ed0c9146e6192812b8120a5eb4cc3e6b108c36
SHA512 a88798f264b1c9f8d08e2222ccd1cb21b07f4ef79a9cdccdab42e5741ff4cbeb463caa707afac5bf14cc03ddbf54f55102b67266c0ba75d84b59c101ad95c626

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\my\messages.json

MD5 342335a22f1886b8bc92008597326b24
SHA1 2cb04f892e430dcd7705c02bf0a8619354515513
SHA256 243befbd6b67a21433dcc97dc1a728896d3a070dc20055eb04d644e1bb955fe7
SHA512 cd344d060e30242e5a4705547e807ce3ce2231ee983bb9a8ad22b3e7598a7ec87399094b04a80245ad51d039370f09d74fe54c0b0738583884a73f0c7e888ad8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\pl\messages.json

MD5 b8d55e4e3b9619784aeca61ba15c9c0f
SHA1 b4a9c9885fbeb78635957296fddd12579fefa033
SHA256 e00ff20437599a5c184ca0c79546cb6500171a95e5f24b9b5535e89a89d3ec3d
SHA512 266589116eee223056391c65808255edae10eb6dc5c26655d96f8178a41e283b06360ab8e08ac3857d172023c4f616ef073d0bea770a3b3dd3ee74f5ffb2296b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\pt_BR\messages.json

MD5 608551f7026e6ba8c0cf85d9ac11f8e3
SHA1 87b017b2d4da17e322af6384f82b57b807628617
SHA256 a73eea087164620fa2260d3910d3fbe302ed85f454edb1493a4f287d42fc882f
SHA512 82f52f8591db3c0469cc16d7cbfdbf9116f6d5b5d2ad02a3d8fa39ce1378c64c0ea80ab8509519027f71a89eb8bbf38a8702d9ad26c8e6e0f499bf7da18bf747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\pt_PT\messages.json

MD5 0963f2f3641a62a78b02825f6fa3941c
SHA1 7e6972beab3d18e49857079a24fb9336bc4d2d48
SHA256 e93b8e7fb86d2f7dfae57416bb1fb6ee0eea25629b972a5922940f0023c85f90
SHA512 22dd42d967124da5a2209dd05fb6ad3f5d0d2687ea956a22ba1e31c56ec09deb53f0711cd5b24d672405358502e9d1c502659bb36ced66caf83923b021ca0286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ro\messages.json

MD5 bed8332ab788098d276b448ec2b33351
SHA1 6084124a2b32f386967da980cbe79dd86742859e
SHA256 085787999d78fadff9600c9dc5e3ff4fb4eb9be06d6bb19df2eef8c284be7b20
SHA512 22596584d10707cc1c8179ed3abe46ef2c314cf9c3d0685921475944b8855aab660590f8fa1cfdce7976b4bb3bd9abbbf053f61f1249a325fd0094e1c95692ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ru\messages.json

MD5 51d34fe303d0c90ee409a2397fca437d
SHA1 b4b9a7b19c62d0aa95d1f10640a5fba628ccca12
SHA256 be733625acd03158103d62bc0eef272ca3f265ac30c87a6a03467481a177dae3
SHA512 e8670ded44dc6ee30e5f41c8b2040cf8a463cd9a60fc31fa70eb1d4c9ac1a3558369792b5b86fa761a21f5266d5a35e5c2c39297f367daa84159585c19ec492a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\si\messages.json

MD5 b8a4fd612534a171a9a03c1984bb4bdd
SHA1 f513f7300827fe352e8ecb5bd4bb1729f3a0e22a
SHA256 54241ebe651a8344235cc47afd274c080abaebc8c3a25afb95d8373b6a5670a2
SHA512 c03e35bfde546aeb3245024ef721e7e606327581efe9eaf8c5b11989d9033bdb58437041a5cb6d567baa05466b6aaf054c47f976fd940eeedf69fdf80d79095b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\sk\messages.json

MD5 8e55817bf7a87052f11fe554a61c52d5
SHA1 9abdc0725fe27967f6f6be0df5d6c46e2957f455
SHA256 903060ec9e76040b46deb47bbb041d0b28a6816cb9b892d7342fc7dc6782f87c
SHA512 eff9ec7e72b272dde5f29123653bc056a4bc2c3c662ae3c448f8cb6a4d1865a0679b7e74c1b3189f3e262109ed6bc8f8d2bde14aefc8e87e0f785ae4837d01c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\sl\messages.json

MD5 bfaefeff32813df91c56b71b79ec2af4
SHA1 f8eda2b632610972b581724d6b2f9782ac37377b
SHA256 aab9cf9098294a46dc0f2fa468afff7ca7c323a1a0efa70c9db1e3a4da05d1d4
SHA512 971f2bbf5e9c84de3d31e5f2a4d1a00d891a2504f8af6d3f75fc19056bfd059a270c4c9836af35258aba586a1888133fb22b484f260c1cbc2d1d17bc3b4451aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\sr\messages.json

MD5 7f5f8933d2d078618496c67526a2b066
SHA1 b7050e3efa4d39548577cf47cb119fa0e246b7a4
SHA256 4e8b69e864f57cddd4dc4e4faf2c28d496874d06016bc22e8d39e0cb69552769
SHA512 0fbab56629368eef87deef2977ca51831beb7deae98e02504e564218425c751853c4fdeaa40f51ecfe75c633128b56ae105a6eb308fd5b4a2e983013197f5dba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\sv\messages.json

MD5 90d8fb448ce9c0b9ba3d07fb8de6d7ee
SHA1 d8688cac0245fd7b886d0deb51394f5df8ae7e84
SHA256 64b1e422b346ab77c5d1c77142685b3ff7661d498767d104b0c24cb36d0eb859
SHA512 6d58f49ee3ef0d3186ea036b868b2203fe936ce30dc8e246c32e90b58d9b18c624825419346b62af8f7d61767dbe9721957280aa3c524d3a5dfb1a3a76c00742

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\sw\messages.json

MD5 d0579209686889e079d87c23817eddd5
SHA1 c4f99e66a5891973315d7f2bc9c1daa524cb30dc
SHA256 0d20680b74af10ef8c754fcde259124a438dce3848305b0caf994d98e787d263
SHA512 d59911f91ed6c8ff78fd158389b4d326daf4c031b940c399569fe210f6985e23897e7f404b7014fc7b0acec086c01cc5f76354f7e5d3a1e0dedef788c23c2978

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\ta\messages.json

MD5 dcc0d1725aeaeaaf1690ef8053529601
SHA1 bb9d31859469760ac93e84b70b57909dcc02ea65
SHA256 6282bf9df12ad453858b0b531c8999d5fd6251eb855234546a1b30858462231a
SHA512 6243982d764026d342b3c47c706d822bb2b0caffa51f0591d8c878f981eef2a7fc68b76d012630b1c1eb394af90eb782e2b49329eb6538dd5608a7f0791fdcf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\te\messages.json

MD5 385e65ef723f1c4018eee6e4e56bc03f
SHA1 0cea195638a403fd99baef88a360bd746c21df42
SHA256 026c164bae27dbb36a564888a796aa3f188aad9e0c37176d48910395cf772cea
SHA512 e55167cb5638e04df3543d57c8027b86b9483bfcafa8e7c148eded66454aebf554b4c1cf3c33e93ec63d73e43800d6a6e7b9b1a1b0798b6bdb2f699d3989b052

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\th\messages.json

MD5 64077e3d186e585a8bea86ff415aa19d
SHA1 73a861ac810dabb4ce63ad052e6e1834f8ca0e65
SHA256 d147631b2334a25b8aa4519e4a30fb3a1a85b6a0396bc688c68dc124ec387d58
SHA512 56dd389eb9dd335a6214e206b3bf5d63562584394d1de1928b67d369e548477004146e6cb2ad19d291cb06564676e2b2ac078162356f6bc9278b04d29825ef0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3736_765268739\CRX_INSTALL\_locales\tr\messages.json

MD5 76b59aaacc7b469792694cf3855d3f4c
SHA1 7c04a2c1c808fa57057a4cceee66855251a3c231
SHA256 b9066a162bee00fd50dc48c71b32b69dffa362a01f84b45698b017a624f46824
SHA512 2e507ca6874de8028dc769f3d9dfd9e5494c268432ba41b51568d56f7426f8a5f2e5b111ddd04259eb8d9a036bb4e3333863a8fc65aab793bcef39edfe41403b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d03516ce785ba4395716a7c9d5550867
SHA1 fee7c3d7b70d9e5c764be369e00afb128f9bb950
SHA256 2a421d7768539f29bd4cc738ebd199a440bc2e1dac33b77566c620e678b77079
SHA512 0c23c38f3cc4c334bebfa587f311fddc25f360378c732b5ef3c2a04d776dc62889efce3c4ec190ba912520a1614183335ab76991804d26ff54f296f0f9103def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 908379ea1921dcb13e85d5aa4de90696
SHA1 05ced02286b34b57f2936d8414c72c36671f9a32
SHA256 010f59e28268a99f3a1e5141f1893de7053945c3b98f871ef0d8408e4349355c
SHA512 5481846ad5f214f678181ec2b684724b78ad17d3c9a2b4c544c463a9646f737eb49bb901d12ccd58f9d3b67f93994deab5e01881a5d51b2cdf32301e5aba58b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c60ac88fe97a946cadd1148489756118
SHA1 f156726bd9132f865ca0bcb0f9762253347358e0
SHA256 c6a57d836faffd079a626fd4fdc3ba3781c2851952142cc19009807afa16411b
SHA512 9f070ff000f3a19398df875cd0c7b2acd5d52deca2965ddfc6c79a10a4039d197026d625c28aab582a1cbbb1b4cba0280b82e699fb07cbe3f5bda62cd058ee04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7cd118a0fe9fbd9890243ebb195ae279
SHA1 ba2cd10c26da49a8e2b38a63c5b28ee3c86af548
SHA256 3766f1f41e067b30ead077edcbd52a2ca0a692952f30211ae501a03f2dcbe3f6
SHA512 e0414bc36fdd9956ae12fc30bbd1e2ece6689834dac0eb2f5dbe315bc2d81b3cea0cc45ea5d482fb0fc5f1ef5dc41ca5ad0f0467fc2f2f75f5f989c3b00f1cc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f37c7005670330cece91e576b95b4524
SHA1 cbbd1ab342552e2e1e1505033091914a1d2dd647
SHA256 c906157d70da8e227c24a7a4718c84fa218cdf64bb79a6145e76a71b7fcfc75a
SHA512 69dac10969731e4b98ef9b8d1ce05f8a6b3af723a733aba258d0967ac4c23313360d2b7e0a095dbbe4ea9cffc3f8eef6c7aa4f7217ab6a189cd6c22cf3dd081d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59ffa048185ae2c76c9d71e4a01f0ab5
SHA1 9b9be70949a41216bcc4086d74baafa2abe76f71
SHA256 2fa76b6cff28539fb20dd4f8c31e4dc41144efbffa374171c405fb8bf7acbf6e
SHA512 673c41a8686714b2fcc3ba93a72e679954b01467788e542cca3df01e1cd2923f1aa0806a64c160beb3862883772d97e9f71a3b3bb7d835fb82c1316f7281c7ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bfb74de0e7a9bbfa77846947795d5a60
SHA1 3ad05f558694b2cac76447741734975ee96581ca
SHA256 3f4547d3f9266ac4fcdb976e4b797d43f12dfe01649affa18ecf9f30c32cec35
SHA512 243bd16a4c49c98f3c4d4d5effb7fb53fc7628077538436cce92d9d5402032d385ed28cc09a311f2fecb6c1265dde21c7d69cbfd3459c8675425c0603700ab34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 72f840b0d2a4b4f4aeb26351f11292fe
SHA1 877532cf00ec5e2d2bacb123a652929a841a3685
SHA256 84d1de837028a4c2dff38cf206ffa25534d315a30096926cc012f7c502e319f1
SHA512 f65e84ea243de49c7b984418f4d7c7421df462e561b2a8478dd09bca485abec64b378f29ad9b1c06f49cb61d0d30585f0b6a09048701cfd1169d531fa36e4118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b6e87d3ab22ad0ed33f32f937f78a68
SHA1 c9841993964d14100170608a0cbf9d5850c89b91
SHA256 f3b6c6e6022676de56f6a83c01c7ba74c143866bdd8e709b7ad17f84de8fa8f0
SHA512 b83850ee9098dcf41a068991a453db611bbb4c58de0e100851373844216846130b3e5d16b8022a6acc0507c18ca7c866d72b28b54940f4104b813eda5b91ee11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b1d325d0130fa710d61d64977c94688b
SHA1 e0859c5d1df13c47331804da2c70071bdd348ff8
SHA256 c970bf08cd877f85c92a04e2b39664aba11afcf99ef07683da843372be3a7a9c
SHA512 14e8387edf597ff03ffcc9a5ab490a04f4beaec334d8517ff4e1e7e164f710c761601bff813a911e03f005d8fb46987c13394368fdcc8e16893f57cb53a6b1b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5805f6.TMP

MD5 a51c23a2a84fb06cdcaefe5f5932a060
SHA1 da4e8d725f1160cb777c24b3366f946e5b38c8cb
SHA256 635dba771443afa973599f18b0e17c6e08fc9545c63fdf1773890c01854f9942
SHA512 0b10c7bea17517435b6624c3bccb3c831bd79163a8e88d7e3164484d9d29cfbbdd6c8c09691c66a902ede6904d3509cce0c96411df06bbaba99245a52f03a272

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 629a52faa403f0c6e1d39aad1f0ce438
SHA1 fe757dee7163d8241358dd8262c793ec2ad496dd
SHA256 3a428b9f35fd334264a154cd7214d3343a0726d64a542e636518c6d72defa980
SHA512 d3e2a22a4b2d1b515aab71c64faad897b335374d4c90cf5d04ba6ed2b0c78152136cd5603921f5a22f9f1feb7781dee9f80ed4964d74de0ebb439c0ec33298d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae12c74ed0611e77235e88cfeb61df4f
SHA1 4863e3eb5383bcc74cbb0211dfcd5933bc7695c3
SHA256 02639842326e8471e481f88a62da89e89c7cc007e9397a082c0274351a5a3392
SHA512 377b8c579667cc39d36fc3a88e3af5435ce4731042c47e5cafa94fd2e21c36dfe6801765adcb74dbc415bf5226099c134040481409d639dcaca34efc894fad2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 170d0fb0798a0ae4b571cc34c8441dd2
SHA1 16250255fced8f4c8c1d18cd13783cb24d0306e1
SHA256 f088f1017f851727c119855296783486745536629382deb442ef535c12a2f244
SHA512 48a6a43e0c5c102f0a4cc2d2339240309ae0b966c36d603d75889bef047671245ec758d183c8f0fce0e41186f7c877c4babe52155118d47b32dd3d7a6f774ab4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb84eee4d349120383197290a21809db
SHA1 2672a60148a2232fa949f79371e73ad8835edfbf
SHA256 ea3188db568968efa16973833bf7a787b9adf504d941fe719ad80a00f1cdc156
SHA512 b83cdbc8eca1f31a31fa4620e0f6d73d0f1fb0eb57b82cdbbe936452109175c14f06e1b674ab248ff4fd8c3503deb316a2ca5b9fc5c05b56425bc62f229633a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9f56147d1a049b48f2927034f2ad5636
SHA1 179ff9cc6b7a39038cd95ab4f70433d8e03a14e6
SHA256 f034398d943074b5dd18986ecaeeaf280b79d472f6dc1b6d5a9550416a8f280e
SHA512 b9d47a7c77f78ce633e12b8d4b5390d6cf62d37825e7f39efab1bd01f811efc69cea57f80fa63531f0905960a9885169e4d1c138a3ca83f2da5ff1fea059bf05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6eb988edbf7ecd26a9ae37ffed50ee13
SHA1 6b765da2b57ab8b407e27b9ff2e350de0e830500
SHA256 3ba7bec05c317358951cfabeb1434c0ad127fd62e8058c150bb7adb046572319
SHA512 accbada241a4d8ce189087bef07fb71f3a33c576aa742e1da963ab485a88475e8716a7b27e171922bc53a64c64d11f1ebd2d9b7ad12f51ef413734d7cfe93f1f

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

MD5 623cd7b48f9b5f0bfd233ebb930cff82
SHA1 ec32d6a43eac16209aafae6cb3912c398e9b80c0
SHA256 e87df0e979ba5facdc9f7893bddb968ec0e1ae44c709a887982d31687e2389d0
SHA512 107cd6ef0de342b4fc10c3ab509a2bef3b4945da7d1108c36c64bd2f38eb540a8885068477fe9a97755d2c5f6e5d5e0f01b8e4bf1846a65285f1471fce604ca3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\BatchIncrement[1].json

MD5 bedbf7d7d69748886e9b48f45c75fbbe
SHA1 aa0789d89bfbd44ca1bffe83851af95b6afb012c
SHA256 b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61
SHA512 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

MD5 3bf891bf24d2216d1f799334d88a14ec
SHA1 0962cdfcac41c498ea9469df19c4f6e069be04af
SHA256 bea0ba994ac766b5956695f0520fb9dfb2c6a73f4e9fff349d29efd39163bf94
SHA512 7d6ba4776c4916729018cf3c486095e9f57d2e1b2954a576efb00931f1d8e3fa989e9a7e3a05a36bcd1bea5a30112abf5999e1ed0e90045ab64b9af6d2f2c48c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b9d5d32fb01e371b5a614b731f839a0
SHA1 32f41add10ed280faa2a57f206628c0480f13701
SHA256 fce74d874e160bc415829377e703d4e040287c51032cad9b6c7aa4a9aabc9359
SHA512 84fd736872784de5eb43a36915144065ff7fb29a765d7a8226b9bd3e7b5c1e2a28155063c531e6a0cdde741d96560c7ab9eaf70fd868d4a809088d395cebbdd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8978015940b17e9f2b74514bc760d000
SHA1 86bc212e2f36bba7d06b3a0b6b4a4c91a77d232e
SHA256 2d50057dd063354b43b781a326e0dff7048b9373b55a568189da83490410670f
SHA512 75f153f32c07aa9eee35d698cd337fb0be0883f3fccd67b1ff55d4c615a9da8696ff6e7ca44c4e5f1edbb4eecf5cc24f56d7b7afcb4019089def12a2cb7f2695

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 4807079dfc9969652a130551a8f5c0c2
SHA1 e213ac53327f391979dd5de36c6d27e8e784cb0a
SHA256 fdbf910c9ab39eea36480042d61f90bcd18b5c0a0a7710eefb4d0d3300be6da8
SHA512 aed120a677c7e4ea561b5fc95b44f0d17c098170909bd0b14ca83ba665d146e61be2079fed3927aa7b7c48e906c7f39337ea6a72ddd8527d80836b69ea68b6ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 edd1715599ffeb54816b276c8122afe3
SHA1 5ac289fa26c0ec6f8585aa427f52fc5dec3a1deb
SHA256 1632bf88c8cf3195d3dc9446168ed6a4764dd607baacb91d3fe2d7c9e514bf38
SHA512 2b173eb4f6ee51b97cc05c75b1ab912d9129be735a8c6b272dd50df268dc4a483afd6c61a1b49ca816415b4b0715b7d537530e856f01fd1bd5c5fa623110a643