Malware Analysis Report

2025-08-06 00:52

Sample ID 230430-zmne4scg9w
Target https://krnl.vip
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://krnl.vip was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer Phishing Filter

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 20:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 20:50

Reported

2023-04-30 20:53

Platform

win10v2004-20230220-en

Max time kernel

156s

Max time network

172s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://krnl.vip

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 575ec7859e45d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31030198" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31030198" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000005542734b9f2b65e4b69103a27924cab5cc3b6b0601dcfceba1fba4d2461f82b5000000000e80000000020000200000008556123dce961d3106f39ce76e29c6f773c4b22ff13c74b094758ce616b0e13c20000000e9d252d5dda15daa72092f6e4e19c346094af64e09826d8875e7bf0de1ad2957400000004f2a3ee78f41333245289a54b727b1656cc2f6f1cd6e358e925bdbdf13bec41d4e2c9da61b1954e3f59be9eac4aa8984b97f7c477e713f7013adbf1e1d63b80a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "389660012" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\RepId C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1088693671" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{1561E879-B043-4162-A4FE-11C244C68C6F}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1104337368" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d07f984bb67bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1088693671" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31030198" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000002be216ca9465cda20ec2638a14afa0b9ae63400477305e76215c3ef0183217a2000000000e8000000002000020000000788f2a67fd53da7252c4447f90a8333caebec5711a1d16fe85bb33791b53912120000000b019dca762e3932c4b7e1f7ca79d2736c1e9d0fa47e0c01ea6f4eb035575010240000000a0eff0bba08b3ba30360c8da728e86d0dfc60bc23fe4ddc3383d7198fd5acf8502802a537ea22aed419051ebb1b40bd6e56928bb2ca217dc1f8f9f941c081433 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00e0850b67bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6BB84E18-E7A9-11ED-B7D7-4E89871AD1F5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4328 wrote to memory of 4220 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4328 wrote to memory of 4220 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4328 wrote to memory of 4220 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4328 wrote to memory of 4596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe
PID 4328 wrote to memory of 4596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe
PID 4328 wrote to memory of 4596 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe
PID 4596 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 4596 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 4596 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 4596 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 4596 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 4596 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
PID 4596 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 4596 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 4596 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
PID 1388 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
PID 1388 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://krnl.vip

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4328 CREDAT:17410 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1824,i,12977902727735907246,13975972568313235730,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1824,i,12977902727735907246,13975972568313235730,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1360 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe

"C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe"

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2180 --field-trial-handle=2404,i,11511548665326810002,9323701834443745542,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=1388

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3164 --field-trial-handle=2404,i,11511548665326810002,9323701834443745542,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1388 /prefetch:1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=2404,i,11511548665326810002,9323701834443745542,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=1388 /prefetch:1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=3056 --field-trial-handle=2404,i,11511548665326810002,9323701834443745542,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=1388

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2628 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=2732 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5340 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1636 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5656 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5264 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5928 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5536 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5268 --field-trial-handle=1848,i,16916659975732003527,18052308688866213150,131072 /prefetch:1

Network

Country Destination Domain Proto
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 8.8.8.8:53 krnl.vip udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 172.67.136.103:443 krnl.vip tcp
US 172.67.136.103:443 krnl.vip tcp
US 8.8.8.8:53 103.136.67.172.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 104.21.46.75:443 krnl.vip tcp
US 8.8.8.8:53 75.46.21.104.in-addr.arpa udp
US 20.189.173.15:443 tcp
US 8.8.8.8:53 crls.pki.goog udp
NL 142.250.179.206:80 crls.pki.goog tcp
US 40.125.122.151:443 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
NL 173.223.113.131:80 tcp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 k-storage.com udp
US 188.114.96.0:443 k-storage.com tcp
US 188.114.96.0:443 k-storage.com tcp
US 8.8.8.8:53 200.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 150.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 crls.ssl.com udp
US 18.65.39.44:80 crls.ssl.com tcp
US 8.8.8.8:53 165.184.237.34.in-addr.arpa udp
US 8.8.8.8:53 44.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.krnl.place udp
US 66.228.51.170:443 cdn.krnl.place tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 188.114.96.0:443 k-storage.com tcp
US 8.8.8.8:53 170.51.228.66.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
IN 128.116.104.3:443 www.roblox.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 205.185.216.42:443 css.rbxcdn.com tcp
US 205.185.216.42:443 css.rbxcdn.com tcp
US 205.185.216.42:443 css.rbxcdn.com tcp
US 205.185.216.42:443 css.rbxcdn.com tcp
US 205.185.216.42:443 css.rbxcdn.com tcp
US 205.185.216.42:443 css.rbxcdn.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
NL 23.72.252.177:443 static.rbxcdn.com tcp
NL 23.72.252.154:443 js.rbxcdn.com tcp
NL 23.72.252.154:443 js.rbxcdn.com tcp
NL 23.72.252.154:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 128.116.114.3:443 roblox.com tcp
US 104.18.42.229:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 42.216.185.205.in-addr.arpa udp
US 8.8.8.8:53 177.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 154.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 229.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.114.116.128.in-addr.arpa udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 t2.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
DE 23.32.238.91:443 tr.rbxcdn.com tcp
NL 23.72.252.139:443 t2.rbxcdn.com tcp
US 205.185.216.42:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
NL 23.72.252.130:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 apis.roblox.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
IN 128.116.104.4:443 apis.roblox.com tcp
IN 128.116.104.4:443 apis.roblox.com tcp
US 8.8.8.8:53 91.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 139.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 130.252.72.23.in-addr.arpa udp
NL 23.72.252.177:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 4.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
IN 128.116.104.3:443 auth.roblox.com tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 142.251.36.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\js[1].js

MD5 5369770253199df7effd8e13baf748fe
SHA1 165f195fe2424f459290a2ec27905b7596f768a8
SHA256 bb720408e6ce78b3b83b3fbe722c9836b8134e2f8a932df6827d538c4002aaea
SHA512 013eb8a4176b9ee1d6fff43cb19ae83147b3a0a2a583d6882ba12b4562f709244f73b9d1f437a0046aed8b00b1e1e1c28823a46f62a1a8a0f2fdaa8daa7fc4f5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\wp-emoji-release.min[1].js

MD5 4cc444663c1e69cb8ac7b909e7192bca
SHA1 d00ddc5b9526193fa99bc3995a6d05f995452ea1
SHA256 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
SHA512 ae37d08d11aa4337650cbec0d0f1205a5505cb3e82373873e82cba093019521cd2b93cfe2dbe4840ce098717287e1f732e9330c90063b122f1c6358664f1b8ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\style.min[1].css

MD5 47cdb0e81ea341ad27a1a0b0ba6b02d8
SHA1 6195a67b0b7f7919f07309e2c8ce71f3d4729d03
SHA256 aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
SHA512 1b2523fcd9a315b111730717c88ef597081bca94601d9b5b7594d693b61293de6c1fe9d91e322daced1bcc611f78fb375d9f7caef603418d4a19769054248caf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\classic-themes.min[1].css

MD5 1a0804b1a9d09705657f91fe7cad4c5a
SHA1 feeece6f0b3e0bcf090547c475329a2772f6b26b
SHA256 dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
SHA512 9bc7a9fe6cb51765537f21a79f015d1de49aa8b1de2613e072c5e108d88ca1877df320c80842ee7c512bfcd29b9166bdc3c73919b267dd8a20c1962275fa1738

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\content.min[1].css

MD5 1743f193e1ac7284108f23debc6cc89f
SHA1 defa3ae599f083f55352d9146772e497bb63fdc9
SHA256 6819e416761ad3319c68fbf6ddb662fcb50a010a734bf6ead4be2aa49ba830b1
SHA512 6c4c4a221b2ba4d810052417908dd603c79c8aa5f07479fc0246d3de1664cb70c143a84bed026c6eb9847573e514750922dd6af42f1bf99b6aa8454597f7f961

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\header.min[1].css

MD5 3295ac4546403a8ef95aea44a3f7dd0f
SHA1 dfd490e5d9296b8346486d0091393a183d437229
SHA256 5405ca68d94de128d658b9e172d95e4341a4e454a6039920e89722fac899830e
SHA512 a33284becee554c5719b8bbc0e9ac63912e5148d726ffae070e57260b24a4fbaf7cc90794cde730dd47ad8094181e69c31faa1467e3286d0ef94772f88305209

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\global.min[1].css

MD5 bbd6c0eecd30519ea831c263547682aa
SHA1 a0b71f402f4902b6754fca09527a339231172c43
SHA256 3f5a33801c2430f432473ae8c2dbb94d907f8453627ef4e9b70354b25f7f7cad
SHA512 84e70b1a7e14f5003255b9e7ccaa374b46a8d1e2d75bcc32706d6712740bf8c382d9dfd8888281bf5cc94e3c0447ab1e46abb11b835344cee6f86e25e5180521

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\footer.min[1].css

MD5 ac66026814f09e694941b283567b2af8
SHA1 d76a7ab8e560b700a1a4d53424873e1f22c65e72
SHA256 41107b3cd820a6c6a8f93fed73dca66867b14a64769ec41fccb2a214a354e3f0
SHA512 92f36948b13cf5325d12e9eab15876c8b8279670b343ca3efa43d9d2456eac8771a0b7de9ce968e3e1adf42fa94c5becd91838d5548bd4bc4b75bf08f291d5ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\elementor-icons.min[1].css

MD5 966ac3c225180fb6968732b2cf00f4a2
SHA1 9042e009174379c53ea750182b04bba8fa2787db
SHA256 e65916f9a5c70cdb24ccd28a538a48afb387063bb1f89a69492b7170aa5e1285
SHA512 b1a61078224147b4d04c02add4c97dee29cb7f3a0760c9e1c2f8b0d82a18df1aba46d58195f7d0f9c8d6acadcf92e30486cf905c2eabfa33150cbaa2f29356fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\frontend.min[1].css

MD5 43c4585891e6a1ee7cfbab96fb6a0885
SHA1 2426de7801ce9601e0c28d479b6f2454f497923e
SHA256 11ca6cc6a929051c01731c15f67b268f5d28d763ff070dce80cf9eda9f5dabd4
SHA512 7b8fd8b3439b075b3c7eaff0c8dcbb3f4861da274a64e143950f4464b7000917ad77ec97d70a96ccaefdce815cc96eb22d7a27862b17e1729ea37bc50f39b150

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\post-10[1].css

MD5 3886edceb54fd78a728441570aba8ba0
SHA1 80c956f36310ad1ac423a7c05286e8dad0aca470
SHA256 95d3ea8cdaad5d7ff6de385f60fa20b80674d8cd793f5563ac34d092caf9c46b
SHA512 3effaabc4173cc99da4c164e846a008c1d4ca0ecd90c4295ac5cf3c3a7e82fd354e28e68d44bf9584c75283df6e718c42b7133a8d6d45f51cf6ad4f9ff03c8f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\css[1].css

MD5 1385dce5df3e805cc3c6b0996f058a29
SHA1 8ddd0e9e998d9614fa7065fb5857ef47558f2c52
SHA256 6a8753c47eb0dfcc05e81c46be624fb4e57b336062e539f8ff220b24713b1b56
SHA512 9934af0a3dcb6d07b91922fcc198a449f99a78e2bff3712627d1963d28fc6a6c36f544dd77b5fe028929a788ab03c27cc85c6fda4c1cc8f9557a1309aefacf9c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\global[1].css

MD5 5187b6f359b64674789c78f50e1379cd
SHA1 a4a95a0ad71da7ed6a879479b1aa2126324d5fd5
SHA256 0ee98cae1cecc06433bf5f5ee25340a0109f7b1337f7b071055dbc042888d1aa
SHA512 e9326a2f98d51d3108305ea7aaaca3112a86d4a11506fe806ff1c56053fe6f933a2acda4b757bbca8e5e5f155215bd5a19fa39b73d7bb629c8759fa34dc2138e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\main[1].css

MD5 070e43ef81683a7ddcc394f80eccb517
SHA1 eab7d0b845ac022d50d8edcea39d37ed21e80911
SHA256 b87040cdbc5afa44d950a48c8f44efb2d4dff3cbc7215c0494d04ba4f09b3fac
SHA512 bd37fa653d441eaf6e50e6afa95311a1a793a237e57168b6998d91d334b59b22ec95f534ae7d38d3f21f9a995c0fe50848a8bc5c577e33a53c696be99df89d57

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\swiper.min[1].css

MD5 bcad7781b3e74db2565b8424c45232cd
SHA1 41b0d94434ef667897c06e1184b703064ffceda1
SHA256 d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
SHA512 8bf688ad357079c992136d62ad437795165f22ea1f23919611fcb756d1975d34fe2272819cfcb6b16aa79980997149f253c20334f8ab7bf133e3c91b3f9e98b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\jquery.min[1].js

MD5 0e850a69bc7fd0acc2e92ce6eee87959
SHA1 8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c
SHA256 afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
SHA512 0f8a4fb2ea15a93290778a55c701208c9245193d8c910f47f26bb245b0a3f6d6d91427a1857f98c3632bc3feec5c0b83517b46c1fa1817bc3bb33b5ccb9a11e3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\webpack.runtime.min[1].js

MD5 47cdaf401bd578f57ccf15761ad159d9
SHA1 0f0847fe3002537d6ded13f781dc5dac4ce38e61
SHA256 c7e9892e66464b9c939f81878a76b28761697e4a9b9252ce7c43fedcb95c94e6
SHA512 f9d9f2ead337c8492524893ce33bd5f41c0ac2c683056e89976ffb6d1a095a68a8e43976dec825730cf93bce157302d1f53aae14ab0bcd62af684d453505e659

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\navigation.min[1].js

MD5 9c96026681fc8e0fb4915573b0b57a9f
SHA1 922815dd45238db2b8cac6e9593f172e55309e7a
SHA256 8f9d3680de0b0cae7c0000945d283a0e829b9077c514990dbc214ddcc8067c2b
SHA512 dbb1957121317c19a8f136feaba093e8d6df40534d0c7f1079afda5c2eb16e8595593a50411a60c9387f8bcf1444be236f567d991c0375da36042131536bcc1c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\analytics[1].js

MD5 4507839525a19180914799b08fb5fa5b
SHA1 738d7e47e47a102e67d09efa63408d21aaf02245
SHA256 e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
SHA512 124bb24b26ede426ac7ef14db40ff894ddea6eb9c7a5bf408fd83b116bd55ec86b51b6839d5eec7ec0f481aab940795006005b4534dff6cc0f3a6560f7cf9bea

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\jquery-migrate.min[1].js

MD5 5cfa2b481de6e87c2190a0e3538515d8
SHA1 0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68
SHA256 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
SHA512 51c4c1dbaf330ea0f6852659cb0fe53434f6ed64460d6039921dd8e82f7a0663eebfb7377dc7e12827d77ff31a5afee964eea91da8c75fa942acf6d596ef430f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\waypoints.min[1].js

MD5 3819c3569da71daec283a75483735f7e
SHA1 ecd40a5cc6f0b76200c454ca880210dc301cfab8
SHA256 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
SHA512 2710655dff46653daeb3a6e3f6d36f885e51d5b375738ee353aca40c6f66ae1a7dece57039d58747012ed9ea2822191143c06f270123b8cc580f6a41b8e8aef4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\frontend.min[1].js

MD5 70ddedcaf3707f7f4c178d4762f3426f
SHA1 d295d91b2bb3d42bd5f775acca03a66c2eee6d43
SHA256 1fa18b1ec5d3e9b4c089118323819e51e6674e4756fbcd1de4e86ef58a3dba31
SHA512 7f52c847d4f5364bbc15ec167471328b2e7c2dfcd5ca758bff3cb5fa2b7cd9709fa378eafda94059f56d01c94f9192f4c01b08a7c9ffb010054e44b505f6883c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\core.min[1].js

MD5 c4e68a0f3463c0bd3c39eab38815e881
SHA1 0ce58644e9f3c5063a11453ff287c5ec096465a7
SHA256 ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
SHA512 e871f258f625a5c8e8ec3848242352fd75dcb0f0b580333fce07625a6a2f53e83f22e4dd7492f2d12a880709d540de0bcdd9b335d853fe9cccfc0efccf718bce

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\frontend-modules.min[1].js

MD5 37639c535f028dd7c6c62c4c2f255fd8
SHA1 b82b2bca5e737ac719e8a5713f450d493b504cfd
SHA256 987b2e5ba1d940ccf76e74235a3339ce993b29a81c7a67599157c3a5640be710
SHA512 46c5d031515700c1f4dd316c4b455d4fb31b4bb2b26134957f3cc215bd4ea3254bae5cd7bd169d3af85dc9dee71704101e1416e6495d329ebfc610b31ac02bfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b19681e21b3e22c4015bc3a35dcbbcad
SHA1 20a70469d00f10ce0a296256bd5b801c457dd0ba
SHA256 23bc26a050708e482eb6c27f3f0ac18480fc427dce39697ae551fa0b9030b9ad
SHA512 c476bfb5cd5fd7271f82cf6eb82ff2660172ebce9b23abe48cc3eacbe1ce4cc8eaf39f1be82918c815d298b5782c05a43426f08eaf093ee5c56c1328e0735ceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\cropped-krnlicon-32x32[1].png

MD5 ba85bb80abc20fe5e5e3852e1585c25d
SHA1 d3c59cae8c25ce88533f7bf528e1aa30782c0ced
SHA256 1c9b8b2c18ebfe849deefbfc466620588270b7dda70e72dc198775f61a6c3780
SHA512 45e666143efa36a0d02f3bf53219a20d0f0300222d9e68ddd21ab4e6fb3ece6a8e45c77e951af87482641f8f138c48038a93a4521546cb458038ff6cf7346993

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat

MD5 4109872db09fbc17dfc071f22ba6bf2c
SHA1 5354dfb6b71d67c503403374820e28075127ddfa
SHA256 7c27c41544e1def684cf451ff8e85f17d682c7f3a3590ca0ec837ddcf3a49f27
SHA512 9754ef507b990d27682a25f05303de62a94dc007c7dd4c63f0a4c22be531648b07708d2dbdf30ac73aa23c1c88d60b59cbfcf34c9673dad2166ad83772ba7b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 7d0934ee44799a15ec670e37d5bd517d
SHA1 ac31654ca45c7a4ac905d232f70c508e4b1331b4
SHA256 d00de2df8431f6a54b63ade784550d63e45f0078443bcb648f3896419ccf64d6
SHA512 0d1b2ae10c1f4c7d348f6dc7d31efae5542fface89be190ff101c8d767c98020bb00330cda3a169b5509cc84f59c3fbc9bfe2db6d1e0f192497e9dcb52da0261

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 cd275ffecaf5554a5a39b3e17cdb90ce
SHA1 2611975e733801291ecc45bedc9647dde6051748
SHA256 483f01db05d75b355ce1d3d6dc32989cd0a3e6f8ad3a31853d28d898939f5f3e
SHA512 0c28fc0122cf9958a626d3924a2d728afb2150548f006d6128590808054200f54657f335acde54a9a48039fa2046f207aa417ad0d45a2245c2e07b00f4f5b6d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\krnl_beta[1].exe

MD5 3701dc535fb395d6a1fb557a3aeec5e9
SHA1 ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256 ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512 20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe.82sch1e.partial

MD5 3701dc535fb395d6a1fb557a3aeec5e9
SHA1 ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256 ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512 20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\krnl_beta.exe

MD5 3701dc535fb395d6a1fb557a3aeec5e9
SHA1 ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256 ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512 20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

memory/4596-408-0x0000000000C20000-0x0000000000DFA000-memory.dmp

memory/4596-409-0x0000000005910000-0x0000000005920000-memory.dmp

memory/4596-410-0x0000000008680000-0x0000000008688000-memory.dmp

memory/4596-411-0x0000000005910000-0x0000000005920000-memory.dmp

memory/4596-412-0x0000000008DD0000-0x0000000008E08000-memory.dmp

memory/4596-414-0x0000000008DB0000-0x0000000008DBE000-memory.dmp

memory/4596-415-0x0000000005910000-0x0000000005920000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config

MD5 0bb5f927eb6b86ee26165f0c2d6f56cf
SHA1 b66a8523d0e17750a18d2b9cb0fed82f9dfe0f1e
SHA256 20bcd1bfffd1ad5947985457f34fd892caf443683cd7f8dec368be44b7a5fc6d
SHA512 6ad66ff2f2e50ee37d80c7735b00b45611291a763bc19153925f42db5db2cacf7ed9de5ecf3728a38fd2b1ab2088cf9d8effc87066c17a60b0280288fcd6355e

memory/4596-433-0x0000000005910000-0x0000000005920000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

MD5 982475050787051658abd42e890a2469
SHA1 d955e35355e33a9837d00e78c824f6e5792b47f3
SHA256 4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c
SHA512 c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

memory/4596-439-0x0000000008FC0000-0x0000000008FCA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

MD5 982475050787051658abd42e890a2469
SHA1 d955e35355e33a9837d00e78c824f6e5792b47f3
SHA256 4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c
SHA512 c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

memory/4596-440-0x0000000005910000-0x0000000005920000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z

MD5 cb244bb2cbed782853d39042fd705b4b
SHA1 f9a69f8f2b87134579ca8c50b91a67bd596553fe
SHA256 d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015
SHA512 3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 83bf6e6df86686e6051197915e17d035
SHA1 dc8ced390cdaf27c3529f908e5a2a92eac54b3fe
SHA256 dc7cd8148055a5fac8805b2bd29eb3f65616fd7d80fd9a9835d262e105a33a0f
SHA512 0b6b9a2267bcba900cc3f938079e8cbf35942a1cb8c0a0b8397085fbcc3910ef620f892529e4576187896beb68197faff885c7207ac5cbbd7fed21e54ad43a2d

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

MD5 ec79cabd55a14379e4d676bb17d9e3df
SHA1 15626d505da35bfdb33aea5c8f7831f616cabdba
SHA256 44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d
SHA512 00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z

MD5 e7e69e3bb82e50d10e17fceb8851f1e3
SHA1 ac38d2c834b5ef30feb0b23272ee289779caf14c
SHA256 1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd
SHA512 ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

MD5 39ed86952a1e7926924a18802c0b75e4
SHA1 e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3
SHA256 b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126
SHA512 fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

MD5 39ed86952a1e7926924a18802c0b75e4
SHA1 e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3
SHA256 b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126
SHA512 fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config

MD5 909df77c711b4133a8f8560483ec2bb3
SHA1 8df8505ec0a0dd670b4044c641e772f6ded485a1
SHA256 c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c
SHA512 0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

memory/1388-837-0x0000000000800000-0x000000000091E000-memory.dmp

memory/1388-838-0x0000000005120000-0x0000000005130000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

MD5 6a9e3555a11850420e0e1d7cbaa0ada4
SHA1 17597a85caf29df6556fef012dd1fe5205ef2cb2
SHA256 a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac
SHA512 41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

MD5 6a9e3555a11850420e0e1d7cbaa0ada4
SHA1 17597a85caf29df6556fef012dd1fe5205ef2cb2
SHA256 a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac
SHA512 41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

MD5 6a9e3555a11850420e0e1d7cbaa0ada4
SHA1 17597a85caf29df6556fef012dd1fe5205ef2cb2
SHA256 a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac
SHA512 41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

memory/1388-842-0x00000000051D0000-0x00000000051F0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

MD5 f371f39e9346dca0bfdb7d638b44895d
SHA1 742f950afc94fd6e0501f9678ba210883fd5b25c
SHA256 3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327
SHA512 753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

memory/1388-846-0x00000000059D0000-0x0000000005AD4000-memory.dmp

memory/1388-847-0x0000000005120000-0x0000000005130000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

MD5 100f91507881f85a3b482d3e1644d037
SHA1 4319e1f626318997693e06c6a217fbf2acdf77b2
SHA256 7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550
SHA512 993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

MD5 100f91507881f85a3b482d3e1644d037
SHA1 4319e1f626318997693e06c6a217fbf2acdf77b2
SHA256 7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550
SHA512 993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

MD5 100f91507881f85a3b482d3e1644d037
SHA1 4319e1f626318997693e06c6a217fbf2acdf77b2
SHA256 7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550
SHA512 993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

memory/1388-851-0x00000000059C0000-0x00000000059D0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

MD5 a7fd4a62e39e518d26c93c72a2574123
SHA1 d466eb6792cc8a22237d34e49b29b1fef88a9256
SHA256 8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85
SHA512 96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

MD5 7bc0244dba1d340e27eaca9dd8ff08e2
SHA1 3b6941df7c9635bce18cb5ae9275c1c51405827c
SHA256 43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e
SHA512 3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

MD5 7bc0244dba1d340e27eaca9dd8ff08e2
SHA1 3b6941df7c9635bce18cb5ae9275c1c51405827c
SHA256 43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e
SHA512 3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

MD5 1b2a029f73fe1554d9801ec7b7e1ecfe
SHA1 01f487f96a5528e28ca8ca75da60a58072025358
SHA256 d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912
SHA512 a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

MD5 1b2a029f73fe1554d9801ec7b7e1ecfe
SHA1 01f487f96a5528e28ca8ca75da60a58072025358
SHA256 d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912
SHA512 a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat

MD5 d866d68e4a3eae8cdbfd5fc7a9967d20
SHA1 42a5033597e4be36ccfa16d19890049ba0e25a56
SHA256 c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
SHA512 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak

MD5 0d362e859bc788a9f0918d9e79aea521
SHA1 33abea51f76bde3e37f71b7e94f01647bb4dcbd5
SHA256 782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28
SHA512 37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak

MD5 e05272140da2c52a9ebef1700e7c565f
SHA1 e1dc01309fca499af605f83136d35e6d51fcd300
SHA256 123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3
SHA512 476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak

MD5 34516ad6ff9278dea1fa89839156cbe5
SHA1 c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5
SHA256 91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426
SHA512 6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak

MD5 99b4fdf70abc76d31e44186e09a053a6
SHA1 fb4192460341de2a04127f1e7fdf5c41b12ca392
SHA256 87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa
SHA512 d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

MD5 5f7e54710987e30dfca1e90c2063402d
SHA1 3917a469d1516efe34f275b5f31a83227cd14694
SHA256 2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af
SHA512 b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png

MD5 971fcb67b3ed9746cfd5c12032c8f54a
SHA1 378d56a2909c9b4dacc1a679664de7a3b9b48109
SHA256 94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc
SHA512 3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

MD5 5f7e54710987e30dfca1e90c2063402d
SHA1 3917a469d1516efe34f275b5f31a83227cd14694
SHA256 2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af
SHA512 b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

memory/1788-870-0x00000000007A0000-0x00000000007A8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\script.lua

MD5 ef0dfaca318853907f49290a828e73f9
SHA1 e4c200f30ed72a6b384c712ba1304fa2dbe72a73
SHA256 80c4123264cd0e6ae4d5308b8c451ef89cd35ab3bbe214f034a34d243abeb8c5
SHA512 b5fec7a5b7c446f6ed8802740b8afbe948ed24c5d677a8748819988e4501e94deead3e7c933e33e19dbce0e10260dc43ac7710435c3864576b38fd27bc35503b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\script.lua

MD5 6473198fb2bc362815ad8321c437fe28
SHA1 baa832e136a2d644a466d49fa02af5d20aa77314
SHA256 0b6b0bbe86d18aec7e1127bd6e8ea14b66aaf9283348e7ede6d0c8a09c7ea6e5
SHA512 306188fd1e9c48392340d2773d582ba126453c5cb053396f84d12f78db63537ff8b3ffc1600177025edea977edb2fb72e68ee194097f28c1ea1fdadee5d71f00

C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\card.config

MD5 cdf58d0e1b6b0dd3f523e7817a0ea0b5
SHA1 a87a1bfa5593ccb6ce553543526b06c7b39c3330
SHA256 a9292bc3beaf23e06a4cb67c4bd213737754f9b5c1538876da059b0ca71e03fe
SHA512 ae1b344d078af79886c7d2d0bc4c103d5873621b3d549362ee416fb6c43f5bfe5d9c43b5073b034bb1ee5b4413689a93dde12f9a8408e4051a39f0f089500784

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\card.config

MD5 656626d3691e02c2c2e83276a94add4f
SHA1 258635defa94ec462fbe0c1af91c7b59bef1d1e4
SHA256 0fcf591eb63af5717e253be0931f2e09747df34a27b3ba8d092faf0e55318920
SHA512 2878ceeff7c9d8225006bea6f280587d84d0be316aae41c9c859b632ae71043af52dd2ff1cf50a0804a0a5120da4a500a468170b710e6bb53cc18a391fdf514f

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\profile.png

MD5 5f7201b94d86517399ee2a8de627cbeb
SHA1 0028f36c47b6dd36e7e5a1b24ee41f965be3671c
SHA256 6acc361fca4ef73d7a0bdd39482f3d2938eab6d2d942db995666e0978c0f59a4
SHA512 8037df886217f45330630205090724fd2a1c5e66b6084c9ac746cb52e5d653f3d1816e1feb236df760bf72090b8a880ac6391daae5253ac99e9489551ffd1526

C:\Users\Admin\AppData\Roaming\Krnl\Community\Orca\preview.png

MD5 4178311492a7c89b085dd0f9e16059d1
SHA1 a8c09191f29ba3538bec9ae2ba14aa4eeb59b5ef
SHA256 7a6e75f8f2a3ed7ba1b3ddb2b34b56ff751053896f37c02d527ba496504563be
SHA512 770cc5a277455c4a6f6da2dcc0ab4951580cde25ba1524194967dc1dff8d5d0cc81c9131313f131fd83f7569b2e56bbd55673fad8ff5f1a847e1ddd7f750a4e3

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\script.lua

MD5 1cf55875084e2163bbdfbf66452b29e6
SHA1 f28c38a655dd68075ade6b915f683968e77bee97
SHA256 177d8cf42fee5c6012f6571b20e7e17e55df8564af59b9be5dddcdbd879b5c5d
SHA512 3e72263077a032688770f08e181d8786c1248bec31a5f69fdbbff2c127b49466909ecd68a5dd7e1061542bf1900a6f7a6ab498310a460c8fbfaeae81aa5f5db3

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\card.config

MD5 5e42cc2c2e0f1e430aa404314afa53e4
SHA1 794be48d0f018d9ef67a9dddb4dd4b6ba66d020e
SHA256 4f94d5d922df31f5611e97f785b3f7bae178268b0f0727e733590ddd6de13bc2
SHA512 e38a0e93a5f7b9d0f3f09d8408fd29450a88672382e828a5926239ce926782fab49692178ba4614e0683bf4ae50d4ebb6491e6bb6e85372972ef4b1b5435639d

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\profile.png

MD5 6cef901a51f67313821f9f7ccca5d38f
SHA1 6a612a1918e94c08b54af9e7e63356d41eff2d82
SHA256 1461d4e5cc1d955721e68d745c900c56c3c28490d86e00cab39f0bcaedc702d8
SHA512 818314e8bbb20fc0fc7ca7884a930063c8c906e8af39abe6c507b96ddeaf5515a9de0c0408bc2483eea067dcd1102bc63095cfd27a6a1af2f628a1bd26929522

C:\Users\Admin\AppData\Roaming\Krnl\Community\Infinite Yield\preview.png

MD5 7b0d11f82c6d558ddccda8a4563f6238
SHA1 615e90c3d799e58850efb189bc220a621dc56e96
SHA256 24f687838f65b20e4f826cc6ab709124a8a91c43789a0b71cb6fc8a58ce8273e
SHA512 5a8dce1fc5c9e2d47634b888bc51ca0ed73eef0f305993979f380e2597a3f5fa45facf0639a2a7d3410c40b29f2ce2b40fbb222660babf009382475cde1e676f

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\tags.config

MD5 b042ffedee19500bf6d971c456ec3655
SHA1 077c12ca4595d02a810a592f8cc85bc961676f4d
SHA256 83167cc46576dd7ff84b1f107e9024238395d2a6016f88b9cb911292d52ec2a9
SHA512 0010593f27183cc66acaeba66c0cc4bf82c8faa821c1f5ee75bc78552792068eaec6b120f17112a3df267784dbf8975d6fce2f394e5b616c7f719148e68e0d86

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\script.lua

MD5 c0baed80a080fcfbcbde7dc86d38b14e
SHA1 1d81bb414f6853c313b6eea6169a7b68001dca68
SHA256 0109c27defe896cf9cccf23e0dc8765d705e8660360c3eca2a2f30599b46d77b
SHA512 3397e3b5bf3591e8ae5ac4b41be05973c484279151d1239d1976ba1267441809e2addc04f74fb61f7ec6f82fa1c3b6f92acab90eb620095e11f55c9f3f2edb2c

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config

MD5 af55765f33160409360ffefd60211d32
SHA1 f16b23456ff82b6875e996c252c92eac375c5c54
SHA256 adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d
SHA512 1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png

MD5 516a58f5a912ea4cbef1098f8fd5ebc3
SHA1 217162ba93d4c94d7b9389694734e365a91905df
SHA256 c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461
SHA512 ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png

MD5 6c5d6e01657cf543c2211452ff43f52f
SHA1 7f4735960b3128f279aa42c4351ee50b32580788
SHA256 014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f
SHA512 f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua

MD5 1f74e0539c4f0816badd444b487dbda9
SHA1 07fc32012374195023f00353c12d800a5ed8d07b
SHA256 f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d
SHA512 d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config

MD5 a3d8125d741db04d38a0c2c56eb9521f
SHA1 69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3
SHA256 e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96
SHA512 014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png

MD5 be676e5468366d6f34839bab1a2be5dd
SHA1 14424fc881b910a406f364d1dffb22ee0dc28e04
SHA256 196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e
SHA512 3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png

MD5 1ea0fccbceecbcfbe9c57bf230241889
SHA1 4b538297c419731bed21e7f0f8c1f921c6c3f389
SHA256 79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd
SHA512 6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua

MD5 4417aa7a7b95b7e9d91ffa8e5983577c
SHA1 367b923829db8fecf2c638fb500f161d22631715
SHA256 eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6
SHA512 04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config

MD5 773229091774b2b77583da0f15a718ac
SHA1 fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3
SHA256 f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9
SHA512 7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png

MD5 fe0cf96f57839cdd21191af66c241b96
SHA1 fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562
SHA256 bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc
SHA512 5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\profile.png

MD5 20f7c123960c173546b91a9147be8a98
SHA1 d83534a97c5ff8e917bcd92f2e31d558e863796a
SHA256 d132445e583c7e8662fa48a83c35074d91557c34ea713d1812040c33ce8b89dc
SHA512 1f3b3897f21599f99f89846fb92783fad0c2018a4d20da12c9ae1789bc8b284987433c183582dfc5914f3d3b176ecf9f70de036f032b24e78054869ada87826b

C:\Users\Admin\AppData\Roaming\Krnl\Community\Secure Dex\preview.png

MD5 220cf576403c96a12e4831c4e1aff13a
SHA1 b6ff4cb1a6aec90ea01f3807a66ff1b0864d10bf
SHA256 1bc331bf9cfe7a2ec83fea1d9d67cfd2754239edc4dda5a17f99b420b75d6fd9
SHA512 103aab3a35694076ab14874c1f826a51bf8db59349f66765528d70484a4f5a4c6d751e2af3b5c4b832df68233ea33c5b08662d009fc9f2897c4414d61e0f4e41

memory/1388-895-0x0000000005120000-0x0000000005130000-memory.dmp

memory/1388-901-0x000000000DD50000-0x000000000DE50000-memory.dmp

memory/3580-902-0x0000000005440000-0x0000000005450000-memory.dmp

memory/1388-903-0x0000000005120000-0x0000000005130000-memory.dmp

memory/1788-904-0x0000000006DC0000-0x00000000071B4000-memory.dmp

memory/1388-905-0x0000000005120000-0x0000000005130000-memory.dmp

memory/1388-907-0x0000000005120000-0x0000000005130000-memory.dmp

memory/1388-908-0x000000000DD50000-0x000000000DE50000-memory.dmp

memory/3580-909-0x0000000005440000-0x0000000005450000-memory.dmp

memory/3392-910-0x00000000051C0000-0x00000000051D0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 519005befdbc6eedc73862996b59a9f7
SHA1 e9bad4dc75c55f583747dbc4abd80a95d5796528
SHA256 603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44
SHA512 b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1aee6a7c0bc016420c0db1e0b8b503d7
SHA1 aeff6057530a16d38bbb0b9ea264603b68325542
SHA256 4d46c19370025562497c9c8ddda315b84ac88623f5942863be0a9af2cca4d0a3
SHA512 6d466768c817e0de0e17337252ebbb62e10c5144ae3636217f5071a0d308b133b38cc4080170b233924ab513a2b04de5a32358a0dbea96d36986b2de5d7bc302

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 4db5ed265b89eca18f703bcb8a39ef2e
SHA1 9fbeaf0375e32ef2eb6a52677ce39cdbf7618670
SHA256 5b31205b36dc55af6f85ed761eaef9c18e0712bfe59997ab291c9ef98090948c
SHA512 828e3f3986a33c882dbd467c298c4adc0b29bd56d717468c27b5ca06b68d7e92e4e6e65f19a4be991a5eb18908d29b53853d23cc2596d47f83ae7a0d7cca450a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 e4b0d20f483b4c24ecffd4678479e3ae
SHA1 f0f3175f2c92922d123eac1e3a4c5bc8f6091b49
SHA256 ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a
SHA512 54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 740d5efbbe21e49b08e78a63a4f47b00
SHA1 b28bf093b8030c9f37c94f7b2c17e4451312a031
SHA256 65c20a747dc3cd63e7f2fc629aeb1258e4b2828e9b85eb85f70ce500c8f137b4
SHA512 005b8fa6cca8720bbbfd67b176f031d7dde7475503eaa9017a72d234724e146257ae16b7f9ba73a43a7bfd51f09b43fcd0e08db9654027686109689502840073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 c2681bc0c933bc8b05181356604b7d6c
SHA1 42fc31a19dc3a9a20b760bcc7e6072152465d6aa
SHA256 d214e5e1eaca61e9fd2fabe4c7ab79de36bf322138e3971a17f5f5fb9bbd5a67
SHA512 a82c8847126c8ed4795f21612745a5c5225cefcfb8696e74f7d7c773c558cadb68ad7dba4de8d9e1de55d6592e956c590d590e74076a60cc9339c5e66d7d20de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 07c9db325534c6ca53596f5031c81dce
SHA1 391f7e3c06683ed34c0e1c581d71d8f566524980
SHA256 59c1e0cc47656932b5a9371c73825c8486923a70155199c7b1bc3fce2858a235
SHA512 389cc8fb07c9bb639e9809800b085eebb098663513027cc76ac8790002fe40d7246e1e2a25431f750e27a2c5a84a4ca5e6b403aea756115de69fc48ccce27a3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 9b5ef1b7cf19dbdc075f6929ee5b0898
SHA1 51411b7d1982526e2e41081b41a2304170c76d20
SHA256 6848ca275152cb21d5f7f9ef6f617fb5ffb3b1cb6431723b905a2463aac6dec5
SHA512 0fa09f07ae2e213174663621546c8645082e95844d613e42c35e97edc839d3ff6dd5cf630a17c5827900fcd034a85ee20cca1fabf14fd1071730cdabb1085cf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 7b6f20dc3aeed86069e87bc52d676381
SHA1 a99a7e7f8cff8fb5517eba117cf536291fe512a2
SHA256 470818ad77973de0b0437639b63be86d476dea657c4654df24fd99d82842e1ee
SHA512 7158b68fc50f4ba83646b2e34c3d23a088cc3850a5549dada4282c28cfbb80f0cbb56ca09f5fd20b050060ae8a26900777d875af4fbd27c461513723b6e14384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 d4a9bb7e8de8f088750f8da0db9ddee2
SHA1 d66ee47dab71c9574724661c929edc45bee2f21a
SHA256 0e10069fab6bb3083dba1b56b844c6682e9092ddd9d7932f78aeb902c14a712c
SHA512 d351afa877d7abb9152631d5aa897718b9ad10a87bbada7852891a814ff95a6acc961f81641640ee061f7207df0742b5e5ed3d833fea0a1ffb5e0aa219686c70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 1ca9f333e2215d937f9878662e6f7988
SHA1 45600c5ac85fc3f84c5e0bc6a449b75c2baa3493
SHA256 e0cfdbf5f6b8f2916cb60896f4b4dce66d3349b54c6d0ac212d84d0ff6e3bfc4
SHA512 4012009d6f770d917c3eb8a54435a9c5d02f8ba7d792a90e970119a64194a56210e9365d38d274ffb9bfe2a3fbbe235061901d1fd6c27ec010ae0dbd30f2a05a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 35ce7e7a6b67453488eefb7d51d1995a
SHA1 439e762440fb2a9a917dacd023499146670bd9e6
SHA256 dc9f1caf895b7cd6358d43d689cf8d17ee1c5a9b52e9dc3bfa61fe69f472e709
SHA512 f9bdd8f482d38568d84ee1d09d4f1d3d123ea09bd79bb85ff9961a520fd0bd8d3403e9a5fb8ab19f342d10e2b4a38e2a20e501ed07732ad297471a1d7ef3e19f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 0e057524bdbc36de5063efb92c47fcd3
SHA1 ddcb5a7f336cbefd51ae00f5e46c613d83aa3a2e
SHA256 41f1c5be9e637cdc83b271ff2d441e541ff6531529d8ab97ec25167989bcfde8
SHA512 79b7165fb1ba74faaaea920466b93f5d8e15bd00635b22cfa0f9b757f3103bfb1d8ab6748ca68421f0b793cbd2f48305820c46fb7f774cf726723321b78dba00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 d8d8ea44731ca55ba31ee98deddc4453
SHA1 c8aaf50fc5030e43f48f8b9a1ae30bd89e8c0b15
SHA256 01044260aa5ef9e4767d4359b7e9e636570b97a1e10206b06caf94f8d92d560f
SHA512 8baaca41dba3b4c21f9a0fda0ee6b666788bc0639c33ab19601c3db831a3e65214a2077e8bbec82a4c695210763d03ffceb1dcfeae8174bdd841c0bd3ab8d535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 6b27c64e081e8e4deab9e60381038d90
SHA1 e6ec07a80568e47ea2a49e4a63607d9967ebc324
SHA256 23b62bc1b7170f70e618dedf4697f268fcf0cdb5c83f6041c25d49d6bd72a2f1
SHA512 fde7dac20eb6f7ae703b224a6a1a5415dad5e696f471601ccfc2086019087cf7896fd5eceed6089e0b4ee3a6cd369a78617ab7cde6015d9682ebebec40ecca34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 7fd069146ea79b16633bc8b45f90482a
SHA1 98dfafac54f6f5db51e3baea698208833ed1b642
SHA256 a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7
SHA512 c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 9416371b9618c4ddc6c04ed4ac5b18dc
SHA1 a98d84631fc732eb0187cba3d6673b42bc1a5911
SHA256 5ea6d2c931999db595bb1b1b51aacf0f9ce008762fc5c4bdbd07278e881504aa
SHA512 ac93d4acd658d229caea28631740996595c542e487234b33a4ab85bb04b5a14a2e44ea9d152f362518294e07253581a6e7205945f024cc87bfd5dfaf4f887754

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 efd99f6b50b61e6bc88ab81db271f5dc
SHA1 13a91d8c6aae48306779d950cd3da773bac54a04
SHA256 3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9
SHA512 3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 0a0ddfb05a4ba9eb584bde69886d80d3
SHA1 65769a7f025e7cd004a6b8fb4b185f297ab2006e
SHA256 c3d5f8e609d7a02e1030b48e6f2bc8370f884566fb4436af0046b6759e818daa
SHA512 0b704331d2da398521155c7ced17b0ba7aff8ab54434b1c29d0464895fb9e02863f4c2cae0f94501f40de6fc21ae30fcef9106d1a987f84f173fd1eac6afcadb