a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61

Analysis

max time kernel
149s
max time network
160s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KRNLWRD/Bunifu_UI_v1.5.3.dll
Size

236KB
MD5

2ecb51ab00c5f340380ecf849291dbcf
SHA1

1a4dffbce2a4ce65495ed79eab42a4da3b660931
SHA256

f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
SHA512

e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
SSDEEP

6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1576	krnl.exe
2084	krnl.exe
2280	krnl.exe

Loads dropped DLL 15 IoCs

pid	Process
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
1580	1576	WerFault.exe	65
1632	2084	WerFault.exe	69
356	2280	WerFault.exe	72
2284	2500	WerFault.exe	84
2948	1084	WerFault.exe	86

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe
Token: SeShutdownPrivilege	2852	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
892	7zG.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2748	2852	chrome.exe	29
PID 2852 wrote to memory of 2748	2852	chrome.exe	29
PID 2852 wrote to memory of 2748	2852	chrome.exe	29
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2720	2852	chrome.exe	31
PID 2852 wrote to memory of 2664	2852	chrome.exe	32
PID 2852 wrote to memory of 2664	2852	chrome.exe	32
PID 2852 wrote to memory of 2664	2852	chrome.exe	32
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33
PID 2852 wrote to memory of 2356	2852	chrome.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\KRNLWRD\Bunifu_UI_v1.5.3.dll,#1
1⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1124 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4020 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3824 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2420 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2996 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2528 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4040 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3808 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1916 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3888 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4052 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:904
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\KRNLWRD.rar
  2⤵
  - Modifies registry class
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3888 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3684 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4344 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1820 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1068 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1356,i,7033930634794902403,10946391672134860007,131072 /prefetch:8
  2⤵
  PID:944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2560

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2948

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KRNLWRD\" -spe -an -ai#7zMap9268:76:7zEvent30132
1⤵
- Suspicious use of FindShellTrayWindow
PID:892

C:\Users\Admin\Downloads\KRNLWRD\krnl.exe
"C:\Users\Admin\Downloads\KRNLWRD\krnl.exe"
1⤵
- Executes dropped EXE
PID:1576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 572
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1580

C:\Users\Admin\Downloads\KRNLWRD\krnl.exe
"C:\Users\Admin\Downloads\KRNLWRD\krnl.exe"
1⤵
- Executes dropped EXE
PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 576
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1632

C:\Users\Admin\Downloads\KRNLWRD\krnl.exe
"C:\Users\Admin\Downloads\KRNLWRD\krnl.exe"
1⤵
- Executes dropped EXE
PID:2280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 576
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:356

C:\Users\Admin\Desktop\Fluxus V7.exe
"C:\Users\Admin\Desktop\Fluxus V7.exe"
1⤵
PID:2500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 1148
  2⤵
  - Program crash
  PID:2284

C:\Users\Admin\Downloads\KRNLWRD\krnl.exe
"C:\Users\Admin\Downloads\KRNLWRD\krnl.exe"
1⤵
PID:1084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 576
  2⤵
  - Program crash
  PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5972c6cffe0a1dfea4b58df353a4f222

SHA1
9a09f724651d96c1362ecde09d0cc0daf5048041

SHA256
f92179dd8122cd66c29e4b6bd61d91a2cc78d1b2056a9f501b222094f66f5a44

SHA512
82df79b19390fa064426369a317409e60960b99f35269ba558206a2325bbcf71e6ed1e08250ed0ffced6fc50cfac4720acdfb6160e5b4d5f9b9e4590d18f7d6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ad2cbdd73d950cb44e03021c409f6a1

SHA1
0371af93e95a4d52f8b768983cb8e9ca76086874

SHA256
35b5fb6904a4f67e475eef6ceee8c5bfa058593f23cb82cd1ab8b57b4276df5f

SHA512
769ddd2c44ad21c6a22ac6e44215fb2adaee3a717e4e8fbbd74b622808be270d584de00b1119a1edfeeec58a80706e78f99cd2e1e97f7925fa2383e535ac1a0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd0886d0fda8342b998f6fbc77ce52cc

SHA1
d3651d4098b524948338a6443feffd6d07652be9

SHA256
ea3d39b52aa1523785f59fc55bb09a65bffe3fbcf34a8acd531605fa6ddb3dbe

SHA512
658c88bde0736781a4637784dbdd2bd133fb737caf374c52c6cd1a37158e07f858d771ed4b0124c1cb79ea3a586b7c8d3299a8f08b5113a4faa5a6ed36e37836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b289fe2bd42755bb191ca02136bbca12

SHA1
7a914dc6f06b77c62d66117bd4cd62153f89c349

SHA256
833caf19d936cc60ec2e377f3acca20de1625d5e76d2715f4257a67afc3ff66d

SHA512
82f8b5bad95c0adac1bcc2404e0e8a52a508583ddcb7c01cf9c1717ecab02acbbe233e4e770d02b0513e6130296d234947bc7a43663ad0fcf5fd355dfdcf1cc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7f99f5117c3f45b12e8287128378c62e

SHA1
87d67d1656580f5cd727fdd19d98a59bd0e80643

SHA256
68e529665af130c730d26f81bb6d505562ff677f91dbeb5916856c13326afd61

SHA512
29dfe7f98b0f406959797203865c26deea259e4a438def2d25dce2c58ad2c5ab88b3dcd3086750ac45d9d4949ba1f94e0de19df2f7cc550261144b17b10c8e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1f92ed77-5db7-404c-9cf3-b65c713453fb.tmp

Filesize
6KB

MD5
340e486c8bf50c39a15f4ab69d0b890e

SHA1
fd40edf9bc16c7116ae9c79d134868bc01fa3917

SHA256
c2088510743651658b268793708334bc99d634d07b22240ba39c0e313a95a89c

SHA512
52212e5cf2394aa89286915e31da5221ba92b093a002961f43185c522c11687350bcf5db7e427b417855c23ae2ada0ed3828f341df692d5cbb4dbd55388d9daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
51KB

MD5
de4e18099a920faafff9674398236b19

SHA1
d5e423cdfff370ff7134b33ef4b5bc006ad72ac7

SHA256
341908aa771a8f224dbd5ff1677cfa76f7d91dcfd1d7e9f969877aad98b0dbb2

SHA512
c8176779d9447f2a3236156b4738e42406260501865fbc292b519e0445130b6048ab7c504f83853838a72637345a6ae3ab98ba493aa0cf1ea1c3a7f64d760715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
31KB

MD5
aefb3fc053415b67b90802bf3d8393b7

SHA1
f53b53a9f784b637763c80b62e84553e725a3f9e

SHA256
58838d851e04417031ab2ffedc4b4b01546d8294f0445dfcc2b3d21d4905e82d

SHA512
fb5e53979299a0bb2d828b3cb8a9021d7c5d6460512bbcc0fac12f112a551b02cc044cfffad38b1ab67d5ee4838e842de422bf6b27e6eb02f6c402e0ad95b377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
139KB

MD5
f165ab439175c42e46be28557975af74

SHA1
08634c46d859122eb43e137bc9ce9ab0422d4b64

SHA256
c53478f73cc48fe294b3b470c529721eed2d9f382ab49642d4a90d0dff2a18f4

SHA512
a628c3d021dd35c1186b734e9ca9653a0d46506c787073e879b577cca35486a469ebfe3428c35773aaa9a6ac427216dd8955de6ca52a0fabfce5e0801ef9b176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
101KB

MD5
8cd74442e291242eb9895a6e2629a291

SHA1
4067f09ef30d16d74f927f51fc8e7845a7bd718c

SHA256
8fa27a8367a33dfd6172e4240a523c6a7c66c53e6f7ab1bf8e88f698c70b957e

SHA512
f5e1209763fd256cae55734409f329f3790ce0e800aac87a5a2f2b19d92e56c3bb0a161b3382d1edc85a1223fc885a1fbe09ce9b68c29d8dc0b595953700719f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
69KB

MD5
a4c1a267eb6659cd13e929ee5f39e039

SHA1
fb5ec36524576db67d67396a1b629b518d7baff3

SHA256
26cf16f8f9803a5714dd2a21d106eccf3c6b67c9644afaf6ba8cd17a439335a3

SHA512
20dc1e4856ad61a78d099b0814a7614f7044ac29d176c84d9499298136f33d44613d940479a4578f98e0a472ff2b018c2d9054bf81ae915fbff2d0ddec6f9393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
19KB

MD5
956451cd35b915b06b0853da565afc94

SHA1
2678c99be92aaa73a5a9d1ef9f709f0eeeeecf66

SHA256
7338eb74bf7bc793d1be5e419d6d04d31a625e579640c67b753fbddf24b1df02

SHA512
391557d1e6433e2665537ed23325158203ac657fa0dcec3448d380263453bcff4b6946b07eb7cfb4fb84f4f8800f287c4058e605d6fcef096fd57ae97bb28592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
64KB

MD5
475b50689dfe5ac600b3de04ace088ea

SHA1
fbb328c285b985d98e436e1a2025dc2ef814f08d

SHA256
bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1

SHA512
55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\02db3e743aa4408b_0

Filesize
52KB

MD5
2850e247719be43f604e6be9f9981ddc

SHA1
071b602c6d81769774827edd90b04acf6c4bc3b9

SHA256
295b08468f2de0dc432110f10f7fc1dab12aad714af4bcd8fd9bbd0bb4b55284

SHA512
2a4cd2e942f0d62118492c04e4810e65af19e2597c2e891151737f70fbfd2a590cd6a280cab4ffd7b952fb5a9aede3f2454b5afef752eafe8228c41b04792d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\669b34435f82603f_0

Filesize
297B

MD5
91dff0823b4ea70555709d89076f5d19

SHA1
e46d0e2e37f27ed21637fa12b5e7c34afde27d2b

SHA256
d76da13514ead18abe95fbeb08fdd77066ea1ee9456e4071a5414711b2dd5a2e

SHA512
ff838994a4b2a1d36331e5cd24abef9c5642f26615d587c09011dafc3bdf5ecc7ff4b98fbfeaf9fcf095fc6f91f5c50369acaac9b1adece07bc6fe56bdfcfa35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\96c87ccc79fcc6c1_0

Filesize
292B

MD5
7ede45353ca127d16606b120b2b7864a

SHA1
c0ba2131fc120df5847e31e50d85e28d7cf694e0

SHA256
1ee23d892b9c56590d60713f02788f5ab86d4331d1c242a37046c1d4f0138dc6

SHA512
c910a275e5fb387e32c5c5d0d9e784e392218b03d0b6d3b773e9ad140a461eef0be6d60b382bc09aac2e2af6709680b658cfcadf77b700edca9fd49fca50fac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a19e12eb660e4818_0

Filesize
3KB

MD5
3f9e6557a0a96d025edb75326bcd7e4c

SHA1
0536ef892f9f2cba763b4ef52c6c435fa17e0648

SHA256
96a046f0ec10212af1e4f8b057083b2ec804fc83b534fc47f7193b6709afe5ef

SHA512
1b9b43af2c4af44971883d91d8c480f39b8ea0c7662d790499ae4d227abd0568ef73c1956fbc79005c6521b81659de094363511355946e019777188cde075599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7e55e5b9aa07dc2_0

Filesize
32KB

MD5
014aef383cbb6e4d03bef5c096a8f89b

SHA1
f3081a98521d546f5fb5b2f327016982787aef8d

SHA256
6f666bc4007a4d03e46071cf4dc6483cd90898e3da9f38ae1d37c1dbb32b9314

SHA512
7b97b73f676eafa824c0ca16bed45cccd5b15c627b56bac4b37678b69c6f54a9ff8ff97e6f0e7f4dbff2d161dee88bfe0c6919598e713a76880d5ba0502491be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
71f34c8dcd12af9827a2f026544a4bd8

SHA1
6c4510a676beb74351030fe9986caa2f3f194ea7

SHA256
28c2fdca9d0369dc9e06f9403c134634d580108b5bb2bf89d245aa127a19ae8b

SHA512
022783dbc1cd37bf06e1b0b4a4d6a73b181376811c585531cd1c035231134af7cd5e3a9bb6af6e4a9a273eb727683ab0d3bee2390e28bc02f5aa05756851c3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
33c5a224c107b38cf372ae8c7f4b8cba

SHA1
33ba6e6b029ea33c5870d61a2a0d7aa9966fdba1

SHA256
56261074cd3a25f7c827eea0e53381435a09468e498f028d0d128255eec24ca6

SHA512
2b1525a1bb5477fb51ab9bd5480cbf5f7f474056e408201d69a98ee0f6d2e8243133cd1679e871094b47b7c9695a7a47ae185aadd9f845856f6820c3af877a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3217faf8d64d7b96a729ad2052bc276a

SHA1
9cf952a5f9bb1225c9e1b3e71c1198c2f8e04aca

SHA256
cfdbefc408ee87c74e0aaef3afbcfe34892171ec3f1d189d945f6206a1d64111

SHA512
813b2aaca99fc9294e47a6197185661cc869053bad88e17c735de3a29f6e9ac1c82cbd7b785f32603ed1b1c4e273b5ed524ef852d95a69f9c493c295cb901070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6b1613357f1ae3980fdf0aa2575d774

SHA1
e95cdd6c58204004b1a78edfee7e5a7a3fb21cb2

SHA256
7b662e030b8d7260e08986ee11c54ba9dac1bccc209cd6ba8c8cd1e51852e9eb

SHA512
8795921bdae247ade3433061f31feb69af33eb23c15bb92a7a96274956a08866ca9b1067cea145d8552e5e51746a8886c321ae69e27d867736468fdef20bde9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf780edf.TMP

Filesize
1KB

MD5
fae30b93b9538e186e3f86dd6cb45edb

SHA1
762486e12bf309d8270e5b10b1ff7f692ed1dac7

SHA256
a5002b4791d1827f794429afebe3f259030e26ed8e1e1a2ba1aaa54a7ccf7af1

SHA512
baec77e385f5d6396a5ab2640b8af793bc02e5b45c9695c3511911ee980c78938a71ade2e3990338c407e8efcfb7c5659ca44b685ca37770acef037c972881e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9de2a12705865980eabe67337c1608a6

SHA1
d139f6775949ebabb00d3acad66b1cd838b6cf4f

SHA256
00d304b34de7d572bfafafdac9e7393fb628324f62ec9f31c0a6a5ffb3ffae20

SHA512
9734dfda9ab0e2268ee736915c14b43c3df13279e206af556d63107abe3b3cfeefb8aa30ccb2e560fb5a311de70eaf01da761a99dedc0087b82a38600b23960a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
61262089ebf2a5e81994514b3bba777c

SHA1
25129db61465dbb38b142fde6ba167a1d3bbf395

SHA256
4a80a83cf8adef5695a6b9cad4d97cb7cdbcbd43c7aaf574bf370f0c8315ee04

SHA512
8f3445cf39906b17dffe618a5d7cb0c9da337ccfd1e983cda8c8e0b4e1b0d00c8306136dd91cb6c775a915f632de9d890864b6dd40f148fa5723d69bd59202c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae9bc39155e0e076d9af873276f98e00

SHA1
3b54b27678f0a10f8fc0d1547f05e6ebaf3cb280

SHA256
6edcd8fbe799f229c156435050c58f3d8dd8073e6384f19798d0561ea95918b9

SHA512
fe62d3a03668e374860a7a8847018268e928f546eb62f285b7f9a34ad626927e6c4fc6ff5b74587d2e64d7000ad14b3a3b65257e94b36c51c58b34b6f38fb397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ec7cfe98278d03fa8b0279062095f46

SHA1
999159e81abb14ff3ef77ac4e3dfcde3227b0623

SHA256
08a2049e69821318e0ec6a6c6cc5ad3c641a71445c91ec2c721330f297912b2b

SHA512
3873ae1023e998f8b6d47a4c4ff70932df3da94f9eca7586ccbb326a927843d6a0831c4121d8aeee831c9c89054b64cf1e0e068e2544ec5ebe7fc2574593500b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf76c0ef.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
dab45e401c225b7da074544633b74618

SHA1
860072091cf2bb26662ddbf14480fbe290d72982

SHA256
9235cb7eb8ef9e0aa5ec782d06edd1437c71945236dc6b4669330b03e348fff9

SHA512
eb14c12d4e209fbc7e40412b63cc434aca9bb43df12e7a6f4eeee47500706b4a0a2fcf8b2784bbcc4c5109335e03e33640f491e821104d55e13b907f918c4ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
8eb8560bbb23c46bdb2f92846218095f

SHA1
b229eda62ac104a5fb7b3adc57310f526920f792

SHA256
a3a2a6b83ddcade5abc8b410f5d4e42dfd4675837dd11911ebab4934e74fa79f

SHA512
dc53b3f08c20ac8b8d8613f598364744c283012144211b293c327a64f190614dd70fc5dc12a9425f461b99bb9f81de14dca7ac3e2b7c6cadf7e5a04f9e5524db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
9a0de043bde324da4c15b6da6af088e7

SHA1
49062c3a62f2ef6bd5b0a2686425dd83d4e962df

SHA256
3b6f15aba2c8acd9f2eb95c182127db8bcc71df022b2015cc2b6745db9b70280

SHA512
97bf3221fe502bb67216a1d0b3cfe7ad1e51cca73de03d691bec1355ba5901da0c7b0276f7873162c1e09e0d7c735a41c80a2e8f6183b8e2b522d8cdfe5380aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
578369fd5179b18fe9ff8ce38ea778f7

SHA1
207e940f8fa07fba2ce7c7f303de1857fc59aea7

SHA256
5eb8cdecb4562205b248bbcdc3dea2a6a86cca5f040c457dbd755c8f92ca271d

SHA512
a2a11e8db799c78d276913ed02cffdba9b12affedcfdc25e7ec4f9b3734638598854db9c2fb4833542cf7b5ced2752f1bd227d281cb0db422ce559b432d8b183

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD0D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\Fluxus.zip

Filesize
2.3MB

MD5
120bce5f51303d34ea3635074d5d3ebf

SHA1
1bd5dc87c2788ffe578aec388cd048930613a2da

SHA256
28e904fd216f1fa26962fa9ca0be1bf2bdb1043b72fad7fd56824aa383d4a465

SHA512
f9c300ed468bb9c202658a819902a90cf4c89e9e9d56b56ea7280f0d293b83bd8ce11e28a71d0878ba4b069c3578b2595089dab8d84387299ac977acbe27237b

Download Submit
C:\Users\Admin\Downloads\KRNLWRD.rar

Filesize
6.8MB

MD5
0543fb19e06332230138146e743561d1

SHA1
eda5c083624948c1388ba73c33447c97ddea7f41

SHA256
a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61

SHA512
e7d934d87b730b484c578f3db648224cc192f292a1f9434a655719015da440b4d15458348a85c2f88d0b6808ae032a3f082f12d1b53fb0a7405425d95f7a358e

Download Submit
C:\Users\Admin\Downloads\KRNLWRD\krnl.exe

Filesize
1.2MB

MD5
fb3a52d1045b1a0298668f2d77680306

SHA1
e16d5085977f1b895b7b2a046570b2da474add86

SHA256
8869c44219364f911548cb18da0cc6413b3277d3a8a8df18d0a521b558830d6e

SHA512
e19ce4c86ef8bf2ab25b4da67bf83acef5a8e688abfd3f96e8dec8169ce410c833df7685b6fb0b7489cf90ca51c56cd7264e8b2a94865aea5e5dacd4c5b7f44f

Download Submit
memory/1084-1049-0x00000000003C0000-0x00000000004F6000-memory.dmp

Filesize
1.2MB

Download
memory/1576-587-0x0000000000160000-0x0000000000296000-memory.dmp

Filesize
1.2MB

Download
memory/2280-606-0x0000000000C60000-0x0000000000D96000-memory.dmp

Filesize
1.2MB

Download
memory/2500-1025-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/2500-1026-0x00000000004C0000-0x00000000004CA000-memory.dmp

Filesize
40KB

Download
memory/2500-1024-0x0000000000E30000-0x0000000001224000-memory.dmp

Filesize
4.0MB

Download