hxxps://krnl[.]place/

Analysis

max time kernel
1333s
max time network
1688s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://krnl.place/

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2888	Krnl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e1e81ecbc95de49994f369c3e71718400000000020000000000106600000001000020000000686bce28458a5cbf554ba222c4a64d8f25997b253fab5c7ef4132ddc20b07179000000000e800000000200002000000067e035aff315833acd15fd9a771e752ae07b4c24cfcb3e6b0aa8823ec55a50a090000000ca4b05d1d941096e7fdaae7b97a2a00e4638d878ba807583c7b1e4d18dde63818a36886e4c2f37b0287b1622e74e19f4c53397c94a6f41fadd22a70d99857bc07fce52c57be789b476e0fb9b09f4a7e4c488dbe31125c5e85935be722e10ce8d59cbe1470e7058fd0dd74c49683a3b57e730d611850ca0cb9f719232c3c27269e2c5f20c68d3e8c69ac43d0bddc1bdfc400000004a3e1310faa5c30c40fa6989f14495b0f3f7db777fc2d6115140e2bcb24457c24170c10bde530a5665b3740d70c43559ea54439f12805ab2e690fe0ea4c733a6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1BDC3A1-75B3-11EE-B1ED-FEC84BD7E4F9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404674355"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90041a79c009da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e1e81ecbc95de49994f369c3e71718400000000020000000000106600000001000020000000a77c0bf5920fd91f41f466e4b5b8d47a80871e0d0f5221c8d1a259788833f73f000000000e80000000020000200000000c178b307e643ff0e3ccf6bb773ea905905d9c837a18a7cd1a2cdea172a9f40720000000f1998bccfd20a018c72d3f0161621846a9555c8cb59ea23e786f5c2124f553ac40000000225c9246ab9d285bdc17bedea3ba494aac3ba2682d371947bcdf25938e37d4f87ef29638b7294ae906a4d9c666be9f72f7b7945c40c4f032790c2f76bf0d2bf8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2888	Krnl.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2932	iexplore.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2932	iexplore.exe
2932	iexplore.exe
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2608	2884	chrome.exe	28
PID 2884 wrote to memory of 2608	2884	chrome.exe	28
PID 2884 wrote to memory of 2608	2884	chrome.exe	28
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2708	2884	chrome.exe	30
PID 2884 wrote to memory of 2804	2884	chrome.exe	31
PID 2884 wrote to memory of 2804	2884	chrome.exe	31
PID 2884 wrote to memory of 2804	2884	chrome.exe	31
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32
PID 2884 wrote to memory of 2692	2884	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://krnl.place/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65e9758,0x7fef65e9768,0x7fef65e9778
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:2
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=864 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3376 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3364 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3344 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3328 --field-trial-handle=1320,i,9423196929454197768,1788323389491258094,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Users\Admin\Downloads\Krnl.exe
  "C:\Users\Admin\Downloads\Krnl.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe" https://apps.microsoft.com/store/detail/roblox/9NBLGGGZM6WM
    3⤵
    PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2512

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2528
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://apps.microsoft.com/store/detail/roblox/9NBLGGGZM6WM
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2932
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d7aec1f788b2dedbe9adc10c0a0dd49

SHA1
4a1b5fd5ee18ba2bc3586cd787719337df9e3fc9

SHA256
5f38be1aa4bf69b04664cb2ca1e95e7e06d7361ef3644217b508f3776f94d883

SHA512
85b77e97f623ecec1ee8707acae3e8fd69d94dad24a5c373cbcd20b40bdfee7894d2706661a63f5dfb63b8b60c70bfd34fafbce0455c3c0bf230951d7a84348e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a95f7bea88413b27746e675267d4ffa

SHA1
384bf8b5de822a62d8b1866a3d1ee3a9e3931693

SHA256
f70441f2752fb34a95cfb92cd204f1c799eeb9eadec8c35dc88cb36ea45c1e8e

SHA512
9eb75faee329d52eeaedd0e4370b5225c6ccfd0140aeb8c842820b1bdbfab217514872d10da6dba48eb4efeee06ba64c8a0a4ebaab028d0d16e8fb97cf3925f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b52f0630138b7c85670a7433c6feb30

SHA1
def535722c807d440bea0e3fecc207e1217a86d6

SHA256
f7566264db4bb9e509f0581de55eaf8da7ba0fe8549604f0692860d10371c864

SHA512
963272c57919c11a11f73e4a0963b9a917f24dc3537e0a1dae0d48072b9956c3438bcebabbe68a2f77e9096e5b00d352eb454b003c0d11d9eb7ebd9ac5c47f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1a5a2d1d56396f51855d0ca3be1974a

SHA1
d4bfa5c44bf21d84b1290c7ffab96a3a9671b712

SHA256
b6ec3b3b9045c6613bba9b17167a804c8c04adb6932eedf8f2443029dba8dcf0

SHA512
277f78b02a31c7456038cab9357c292801bdfb5166f9cdcbfc79d85fc6357af3321153733bb06cee80eaa89b101cc4dc42345c565b4052830202ba7cd24356b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54b5761c52551e89a14fb78b39dad381

SHA1
c5c654a41ee377c28ce5cd26fbe1b28937d78fca

SHA256
8fee4a64cdd9c3aded2df3588a616ff5e44740c1def4c6dfe8bc43aee5395850

SHA512
17a1ae106ee55e49638372137dc42a6c6e93331a78789be66d7490c6d460400c6ea62bf181c6cae544c8c0e1e1c9fb00bdd0c17dd3e7476a472747f0059822c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fa3fae326d2a0494727b4bfd9dabf1d

SHA1
ac0533422264a3b8936222733d9648767669e98d

SHA256
f92ed0da29bea6844665278895557fd15bfb54c0085f4dde59aec821e6cb9286

SHA512
76d6c38492c0c16e9b7df0107252b198b61e5200692a47ac4715be1b075281260f13fae8e737193fc9f829f220c703768b4512a15076848cb81c4e4cd14b7da3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40ec6ac2174b2a1b1ccae0540a0e81d8

SHA1
417d56296a2cdd9534a2b878fb1d49b603848612

SHA256
dfcfe44465a9d99e7170467fc7b9defe3ec107bd744e16c36e7a85b29d2c6c4e

SHA512
2c84f00e72914e164ac256b00431635a8c76aa0d64e4fcfaa08434712c19b3daef44a70ea486f54a9e8615f7a88bbda0a7a75408b4ff6f44fecfe9bd627930e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c33119b2895198a6111eeb09e426b95

SHA1
c7ee036b904cbb48add3c8f59a22e89b080dc449

SHA256
7c9027f33d58a437ce5e262a39252aa90eb66ff5f1a3996c2fef56a4c9393691

SHA512
6292846052e10ab51fafc4dd76aefc5589f6ed3424793062c8a76fe22b0bd2b4c65fba9b0c8fe1d593bfdc1e1dd747f6139b43be2f7a59daff328f7e07cfe297

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca04d386e4bfa62cc5c80919690e4cba

SHA1
8f4ecab0eb1c58ffb66af7b0d4042d651cdb3762

SHA256
c2cacf5d10e3a774cb029ec5c4796b4e3c3bcb5a17f3f3ac92cb0ff1edb565d1

SHA512
4692a937bf49b2af54e40bcf70078a3b753da840e2da5c88a62261b21acbab7ef59df51d80365dff7d2b9c47f853832eae980413162be73a50dcb8faf940e044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47b03cf5bd031f8c8e86eca024b7aa79

SHA1
6c5066597a52b84d4163b821e91a83f36f0092f0

SHA256
9acfa227beaf106f5642a563bbe43073c4e0bd55b9a7f964b422515e5231b452

SHA512
d9c82d46ec9522bb8a16226435d89760b6443a6628f169a0b9cfee7061fd1d4de35b33d1a4b7992e7c5d135c792b5ff242336dad583accbd611309348b202b71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95cff11e1c7465ecbb0e7a538b7d2397

SHA1
d112db659a49f3b473e5f6c9680235d11aee26b1

SHA256
d6a3b6cbfe14c08ecc10bc536997f7b01e2c947b4e7c25ffef595188f323ef7f

SHA512
9b7c51adbea88dd4d4fe1dc68fca981394ce94db94309a920373b9e2a6c1c81e5af2757e80179c9301f7be70c716e679163d2c7c787d1996233a2a7d16165b50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a0e05fcb3b1cc2766a8a92a7af4bd85

SHA1
22624b37f66eafff38a470c4cc93dad8666a8aa9

SHA256
8cc3bdacf5a5999020a9b891cf5097335f4ce752923706f57e817c128b849b25

SHA512
9469334d4f79c5c1dfc8bd60f2cf5134d974f392a3ba42f4daf7126d0e742b2de7f4d56b94e755f8ad9bf449029bade812234fd6152e4f950f1ca9cf8e149eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29e01fefa1c448ea9c0b7f072378e5b2

SHA1
4a6e7ddb2f1a6f5c1b82f93c28907a8d93a15b50

SHA256
09626f3665aaa4b8234e969f60e4db7d401dfc3596d9891a8ed3a9feeed83c49

SHA512
904646f74605dcc744fc134fe2a5fd0dfd66968521697945095892fec8605234e593164fdb1bd47c2ab46bb8d5c8d5ab82ce7370ceb325b1fbb9e74ab316d6f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86c6c330f1890f65b6541c6d0921f58b

SHA1
9ea2efb00d39c61f86fa600ae0be658329ed7b7d

SHA256
efebf8a50fe7a114c7320ff1d8c43d3338062a886ab66410412718e5983f6ac5

SHA512
cab099b13a629a384437e4f789c1137e4dbc3daefc28dd0b1546702dce3ab0f0afd14b6f8671ae97f92384b4d7272cbed126a299e405f3b8b7629b1b8bc80493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26aea9e916c82f105b987a9d6f052111

SHA1
6a3d7b6dc7b986b0768abcc26e9b792982f3fedc

SHA256
b8e1e11f6be85ebe2c2de51bed11fb7ef75df47eed1fdeb78ac5841c38de59c4

SHA512
68981c48a36f37a9b14281db95721a6ddc807993580f78837de778253f6dba165ad9987ef8a01a714bfeef2f0ed3df9bd4ff103a487f1e27cae5a3b244730f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
412b98137df5a374410342caed1c458a

SHA1
884ef6af9806e53d64bdd5dd8ca086e8f52bea5f

SHA256
00f70b920b0fd8b3a9fa2893f8831bb2ff614d8901fcf052ef4f07129cbadfc4

SHA512
e96e4ef09b35fd6eb6de327c09683d73a329e8535211dd88e98b61d5bcd73733b18a3beca1e9b6d1608b51285c9c35d3879c339d90bc95004b00a8dcb829ae31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7841135eda9bbd5877895afdaf1c933d

SHA1
637effc094b5e727ba1efd63c3ef3c418009bc58

SHA256
bc614cefa02f6404d5ef1f5fd2bebbe8cf51c13bfb5832e60df5da7a761d84e9

SHA512
31896ff51c77479469b921b1cfa838e9043e33f11353f18c52a977e5e9fab5610b3bd8e9a051457c81ba99b553530461c13d6411ddc497ec81b840d6c273657d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99f875bb6cf15174c9cd157c829ad944

SHA1
1f994539cd80118b6af5e6fbe5648ac2a9b66be9

SHA256
1d415d8dc98d94f2faf6896938cc99e4f49ebca2d9857aa55d41830eaa1ebf4a

SHA512
3d44c53499a3c9cf853a326b5c90bd2e66ef38e412f69185a1047899ac7a6dae49e6ccbdafa590953308a1c2b137c27dbcf60e07149455f78b7a245aa8212791

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd7d45534b330c12edfbaee087715187

SHA1
3847a8297931326fe5dd1e98cb254c5ad221e506

SHA256
5c1fc5596d47ed8b59c0fedc47f21f0cbc19e2eb36409e4bfd9d831bcc6c1fa9

SHA512
37e07799d081da742e1f0db587e9e1b181440eedbca5a26161e60ddd418b11a7debd7e6987c1f19206ae0d7fc6bbc6af8a0ad6ee33542a699a044f92a46e0a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0de81e3327f705f79ca6e228f9e4d7e2

SHA1
eff011a6a5b567e5950b7b733896cd466e629f27

SHA256
3677f514522544460776dff16a41d19701794f95f759d381f0d1f1ef4ff98890

SHA512
63762d49d29d503177992f79df5a54d54fb8c7b35dd62f9073d5ebe55950de4503204ec50a3cb8cb62377a661209c83e7eefb6881e02777483c4995b2d0e29c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63ef6ed5077a31095c081cf43984f06c

SHA1
9f1623b6f3b5fcdd12656a0854d8a27aa3f8a6a7

SHA256
0bf4a8437fe0f3457815703c5e107a576739ffa2f100af0f90906cd636514513

SHA512
2c8ac1c9aa08a72c6776067535e2712a7e8dad48da0361ecba4ef81c3744ae69b5b576996220193a4c8b0b785211b62b826eb68cba255509f7d2e680ae7e0904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11ba51d04b93da75cfa4fa7c6be9b3cb

SHA1
43144bfc08eb2e67d1e9418f20b447931b2f66b5

SHA256
0574b2ec36ba9a5283f8ddccb38bed1aaa1a6bcfc674e744c4df0a8c7503cd44

SHA512
7fb4f9f8f9afb7d52e762c97a41277db3f647657dd650b5aca580d4178273e3ff205abef648be0d163ee5456cbfbf3b590de7dfa33217db25cae2bff8d66c4bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c89ff1705fa6a3ae6ac340d894d9b45

SHA1
34b4a7bbb7f82a527e13961eb7ef526f93821834

SHA256
21c6a6e5e39e4630392a29ed3e8d1a916ad7eb76a1ab35a887485c43f4a80646

SHA512
b84d3928ebebd7c37814f04f1e5bd17c7337ef223ced6e5b9815bcafc3e9ddc18f3e4d0ca6bec28f668001aa5cc3804c27941482918d66f6561e2d5a5c3372b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6f6e742229252b800c7062278350862

SHA1
539543214b6a623758a2344f5d13273dce1049cd

SHA256
e47aac1d0626c0201f421449c51744f4f45c64ee63bbdca42b4999dda4ed0546

SHA512
fde49f5ff720afb2b936413de63442d849e4ee69f34884a09157a968ddc3766c59bf35000001261848652bb16c5d411cc7fb90c08eb1a7ee24d9d8f6fdf66fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19af4075bfbb4fd03ae59642e2a8b064

SHA1
9fb944073c9e8a95ced359ca50797507a7887ff3

SHA256
ecbf3196adb59b1db8a24db91004f8c79cf686887f91e12bb5effbafb77e17c1

SHA512
64ba4687c6fa317a2122dc312e2711ce9c7e9e55dd32f2178c954a3598c0c1235288bbd634c06a2f32a14b2231bd5d1bbf401102b52113fe84d895285f509327

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
860639897c4b5ee4278312a391b553c6

SHA1
d81a04467ca89373a90dc021f946a2a8fa7f1cde

SHA256
c6580deac6465f36df4be46c9a2834772d0bbb74b16298783b565a3d6a401da5

SHA512
8d0c4dcda79e5f320f12559cee6b059cdff43677ed35659947d0e6ef52866770eafed03e35b326fb9a76b32aff980cb85c2e8e486192c40a0936b3580ab17214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
340fcdae2b1760e62d64bf3fd1a156cf

SHA1
8f877feb87f92ab1b30456df81f057b16a923bd2

SHA256
053d62c705a33efb2bfbbffbfa12eef070abaafbadd753dbb274d19d69a48511

SHA512
cb3fa257a466a7f0497db815c8e0ad61f6a89bff535cedcbc86dfff535040c9651f24f92f7a1e5030b0543370816f7cfecdf0714fe40e166cda5b104daba2d3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c7222af84dd611728396af70732a696

SHA1
2358430bd55bcf3ab093baf3190c683043df1f74

SHA256
806983802cc8168529e6397779f7bd62a133f61c20e62f2aa59f0e0d70124362

SHA512
7f1c2a91bcdfc36ce4a0fd46accd77f0f726d2c8c57bdce84c56f367d65b359e08ec798f63aaff99680e65f819154640ae44492ad3f57c064349558c4449dce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26e072eddc0c17a3762fd4934e773de6

SHA1
3e61521eff0d316668bb435a621198015f7cd6fa

SHA256
3351ac9f8ef5b39e2a31271c182e258ba9953f7bb0c34e77ee7fc35013f904d6

SHA512
15b8d2ace33ad5c83c0bf7e91de242ffb8472295846f02518edc850641f0f790770305aabba7fa6e764d4ebdc1545c453882aa0360e4fb2ba2d024ad1c6a8c2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36beda9df566237d9c65b3e1f7d61a78

SHA1
25c98d23010846d3a71c9fe790a69b4cc9d823b1

SHA256
1531fb2788b160056313aa64efb4653ce7e647bdae25345ea21db4be8a6f9689

SHA512
aa78bef60d60b3238f15bf2dffbb081a9ec2f20b861ee3148395a4dbba34c4fcc1f8346f541fb46318651241f24a8d7f8a0da95e3247e70cfcd7b586e260f360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf42a585a3f871b7aea92fc57efe158

SHA1
10bbaf3b2dec9dd75ff10e1208821b01482b73bb

SHA256
a02b0b35cea6aa63d364e89a7c8b5333e62b9f6172cb772f35cbfc12054be538

SHA512
50fa350ae2a6c9b86b300d5ff7da63afea18de1e0a0f826c103028f4098b98e43f38f73e08665ae5c776c719aa90b0793bc863c3a67e600a201fc55ad85fd6dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fc72a131ca143086b019e52360e83c3

SHA1
720c7051204e87a8b80101d823d1d83b477b92d7

SHA256
9cfbd67531fcc70b0cbc54242e541bed01e7a69d037a90f2b792088300fa4595

SHA512
1ea7740743ee439a74127cc6eb5be808c0711764c14b3b121324fcd69d423c3096fcfa53a953ec29ae8b338f66c36499f387a02bb94f3cb2b3f742d78938f20d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a886cfc60bf26f173917aa8e358d667e

SHA1
877be9b3d095d4849601e83183446ad75fb38169

SHA256
e2ad433b62cd50295adcfbc82e51d4ee7707fabb68ae29eeb67af86702820378

SHA512
f70203cda1d2359802264a7326ff70b4b2c4c82d63ea632c3302825c9aecddd70aa292b3b0d640564ab302e08d23e3696c605b2d84ca564686add79189573dc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3c48192f-fc44-4c10-aec7-10c2ce201635.tmp

Filesize
5KB

MD5
c55c80bcdd1284f735e83c895e79356e

SHA1
02bbe68d46a528a870cc5ca7f7095769ab14f513

SHA256
8b4cba955ad9dda1a51de0efb33f99df4c172aa87655d6bd3b38c73b5b877364

SHA512
8446f692d4125289fbe4823039d9f9730bff3156b624b8b0fa6fe4d577fd065e431eafa48af5d160f78d80bdeafaf414861c3dd688351679f451d6f57253d073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7d5c8d1f14b353c9545f3c308216a24a

SHA1
ce75dc4cb9e2995c38cd2e662e9298462ae70b7b

SHA256
4587eed8d48583f7c85eef20d61ca463eca1fa1c4031ba8c516d18c0199d11aa

SHA512
88726333d32b40e7385729be9f85940c2ed108cf4c7dd2414ff4feab953995d86ab6a75cd085edc9853ebaff014ff60f8de758be072fceb6d0583fa67bd144ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8da001b4c2099b068904a854a30fba9f

SHA1
9117af1abedcfe2bb7d2233125167d3349d5f3e0

SHA256
b0dc9ea485636eb51e74b1ae526d6a0f92209efc386bbc022d496cc55def6cda

SHA512
3fc5e4e523fffb7a5d7912de83f4bf1ca133adb7dc7b86706e0e3d2cc00feafcd400faa4a1739f7c29696103c14333728c71163a084e0ccbfb1f2d9911f86f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ff01949a466e632c1f96ade524e9a186

SHA1
b174298a7018aee2446cb693483836bf5959f6fe

SHA256
304c5afbff640d82128167b39942eeb7c8832b05961f049ffc50182f76ef4859

SHA512
5ba7e4636b02a57e82198456a3a0def5ed2829313262b840ec1966453140eca4afb854e2e73ecdd046478ed121bd46f6f177e6f3c5c2f68ab0c699fd35f94875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f1f0eb379aaecf24b6d7258409836128

SHA1
2bcdc8b63c57bd16339b145d91a42500f37f6561

SHA256
e217cedcccec255b9e44b7a53693b3842206c6eeec89e203d05048333a3ac079

SHA512
ce2ba771bd7d02a559ea6ae639f233cb0aeb862e1f8de860bc63383671cab8fc6a756bab7930e6746770b1c2e7688132e512643fd0d785d3b5e9dca10ed29946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CD4.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D63.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\Downloads\Krnl.exe

Filesize
1.8MB

MD5
e9cdcd3816bbd105ca2f309af36bc16d

SHA1
fc3fdd5e7fa88defdf76b8307b0fa2be48a45db4

SHA256
c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896

SHA512
c8aa7fa445539017aaf09936f308c9743c1d1cfcf00ebc98ede98212e22acf8ea7d8738a9d11b759910af866b1d0786e4850bdd12a9fc7002d2d9d4cef5c3867

Download Submit
C:\Users\Admin\Downloads\Krnl.exe

Filesize
1.8MB

MD5
e9cdcd3816bbd105ca2f309af36bc16d

SHA1
fc3fdd5e7fa88defdf76b8307b0fa2be48a45db4

SHA256
c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896

SHA512
c8aa7fa445539017aaf09936f308c9743c1d1cfcf00ebc98ede98212e22acf8ea7d8738a9d11b759910af866b1d0786e4850bdd12a9fc7002d2d9d4cef5c3867

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 332162.crdownload

Filesize
1.8MB

MD5
e9cdcd3816bbd105ca2f309af36bc16d

SHA1
fc3fdd5e7fa88defdf76b8307b0fa2be48a45db4

SHA256
c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896

SHA512
c8aa7fa445539017aaf09936f308c9743c1d1cfcf00ebc98ede98212e22acf8ea7d8738a9d11b759910af866b1d0786e4850bdd12a9fc7002d2d9d4cef5c3867

Download Submit
memory/2888-290-0x00000000012D0000-0x00000000014A8000-memory.dmp

Filesize
1.8MB

Download
memory/2888-289-0x0000000073F70000-0x000000007465E000-memory.dmp

Filesize
6.9MB

Download
memory/2888-298-0x0000000004FD0000-0x0000000005010000-memory.dmp

Filesize
256KB

Download
memory/2888-299-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2888-326-0x0000000073F70000-0x000000007465E000-memory.dmp

Filesize
6.9MB

Download
memory/2888-300-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2888-301-0x0000000004FD0000-0x0000000005010000-memory.dmp

Filesize
256KB

Download
memory/2888-302-0x0000000004FD0000-0x0000000005010000-memory.dmp

Filesize
256KB

Download
memory/2888-779-0x0000000000200000-0x000000000020A000-memory.dmp

Filesize
40KB

Download
memory/2888-767-0x0000000004FD0000-0x0000000005010000-memory.dmp

Filesize
256KB

Download
memory/2888-303-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download