hxxps://get-kmspico[.]com/download-kmspico-11/

Resubmissions

12/06/2023, 11:30

230612-nmbkrsbg73 8

12/06/2023, 11:20

230612-nfjykacc8v 1

Analysis

max time kernel
244s
max time network
238s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12/06/2023, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://get-kmspico.com/download-kmspico-11/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133310424374566187"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
4208	7zG.exe
3532	7zG.exe
1184	7zG.exe
4588	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2120	2052	chrome.exe	66
PID 2052 wrote to memory of 2120	2052	chrome.exe	66
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 4432	2052	chrome.exe	69
PID 2052 wrote to memory of 444	2052	chrome.exe	68
PID 2052 wrote to memory of 444	2052	chrome.exe	68
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70
PID 2052 wrote to memory of 4612	2052	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://get-kmspico.com/download-kmspico-11/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff97d739758,0x7ff97d739768,0x7ff97d739778
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4716 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4652 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5096 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5444 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5312 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5984 --field-trial-handle=1852,i,9085893995414441664,2443254885012294695,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:428

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap27816:76:7zEvent30240
1⤵
- Suspicious use of FindShellTrayWindow
PID:4208

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25697:96:7zEvent9386
1⤵
- Suspicious use of FindShellTrayWindow
PID:3532

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17051:96:7zEvent27091
1⤵
- Suspicious use of FindShellTrayWindow
PID:1184

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22429:96:7zEvent10274
1⤵
- Suspicious use of FindShellTrayWindow
PID:4588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
ca0e6ca9e335003810f256dac15a03a3

SHA1
9974c90bc475bf43428ec0de34bd5c049ebe02be

SHA256
9ae636cce73225438dd99bf60428170082a7666935950bd50681d0894f5879ac

SHA512
f9a225ce584b2d9dde309028dfe97194be99aec93e62c38b275c6f265c4fad19040b14eb7456d95d8e01a7bd9ecac351f640a40c5af5593e7cc70373d8f4420a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a14e688a27abd413ef88d05d246043ee

SHA1
989123285e9d003a142601e37305cca800fa0808

SHA256
f31e4302f07beb9812cd6e68ea336485b858410d63f8b1e45fef0c9180762d46

SHA512
60bb6ddfcb7e2892df6040ea9bfc00d182c5f67d4deab078a309bd50ce008168edf8da8f0c4e617f466cf9019c8c222a66f3d676317db5ed223d76097a7f2e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
29a88361058b15de89aca7eca7d247a2

SHA1
1d99d994ca918a5ec00fde87ff35feb6534b0ac0

SHA256
17f57aaac14f96e225c23c1714e939dfa9da48cc63a26c00ac2ad6987631b4dc

SHA512
e486740e8001db07fa91529dbb8a1e3c14d8c45ae9aab94a16419b2d3f8aae33d5a9107b3e4fe543b40df8929806cded5e52f74990b0d2bc6a207558dbd206b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96b8238a6e7ab9683a4ba41dabae5ddd

SHA1
d0fb7b0830bc45483a58f61c7fd19729df48689a

SHA256
8c7246f22ebd319c7a5fbd451e6cf3598e6279de1c15460a84bc0556c827d028

SHA512
810bea9eac08ac7ebd586252db369dd3e678cb7c9c969f2298908f7d151666de39c113207fe45d98cda8104c2a5304c5b4a04294d4e081abce50e317f6bac258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5bafac47fa2fc7c4d826f70327bee35c

SHA1
d65fd124f85f56379da7f03640db403f3716bda1

SHA256
82bdc7a90ba8e89aa681dd8410b35660781ba7a95bd795dcbd7729a0f00219aa

SHA512
478961ef61107e5cbbc50cea3dbeb066373a89bc4988dabb9360e4602f33cd764bea3ea2a6c1a5b81a1ab2217315e0774b1a4f11640098fcaece1faa9042ee5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ee1af7b23b0d2e4059bd10ba469fa23a

SHA1
172045b9c6ba06bc918670b7641be82e791f730c

SHA256
6479a86c618329b28561b1ce0c18d4237a1d8ddaf85f7dd5f4e46c22184c28a9

SHA512
6b17935f4f2a6e08cb792454cd7e4192966e6e820e4ee762559c5e6a16e2be6b9fbc6fc078fabd3b7273912f0e3d46dc23fad0bb0f07ae13cbfb453aebb6dd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
744708afa0cada4925e841c9f47d271e

SHA1
04f960c8a8c7b76e2d2aa23fbb6742f416ba2cc0

SHA256
35bf84620e46bc5b880e39922ca117bd876cd53275ba564a35cb166df1894abb

SHA512
628e8382718ba20a250ff5b8a647cd2ec0aced0872de3e88e2ee4d1d185af7d852de9a1a480900fae46aa6f47810e03d4f491e0c311c1e7ca0e9ca79d14a5c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f734c9e600aecd1b9d4b7b72feb361d1

SHA1
5527a15fc47e2258608e5add3cafd8b4be8017ef

SHA256
3b8e58d1f06fb45bafc36000ab54df3773fc184488dc247e0ae99f690b3627e1

SHA512
d32c8761b2555498d03f3a5aa8b0b73c6844ef0df2a7c4e772f44f85e0da9e772f18caa2d797cd3cc3057613da7f4153a097e0542c341ffc00363a9e578aa53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
2920fd49581add9fd19219ac6f550ade

SHA1
836e0f9c0526fb59f111bf81d06ba77ed7809a7a

SHA256
4124f99db64e4d056a53183edd9adcd69d1175de54c72da88e19542b9f819979

SHA512
890d8cc14755da3b6c2d826d199bd0dbd7e61431ee1c944b2221daa95f1e194a31ed7dca4c9f953d9c70c1ffa79e2a70ed54faed2ab7326a31560e701fd6b642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
366551140afe892c3afb2f8515d80f15

SHA1
d7881a41028adb5f5f5ae31db168f6cc73638bd0

SHA256
e4deaa2bd5ac5b663bfb6503df2dea55758fef6dea1ef8a89988e31d79ccc59e

SHA512
dda0230384da7798d5029142eb827499266b60e3d664c893fc78b4be9650107d33fa900d38167361f0a3879b66bd1b6b399a4febb8f813afdec39325955836d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
4f5bb7a034f74c9189c829730ffa9d49

SHA1
5f71ec33dd3e8afd233a1276d15dde7cfc7e47e8

SHA256
7237c74c72a62958c7e5374eea586e38d362323e572d3d3a5e6adb6020ef4f89

SHA512
b2ad124e0ae648ccdf9ffc53de9bce7b1ada05567ef2164e4a3588f872c565227476f0caf854c769df239c26494b4288cb3a87f94ed3db8ac5bf9caac673abc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581345.TMP

Filesize
94KB

MD5
3ee7cc052f9f9294ceb0b1c90ea0c2d7

SHA1
9de2edd80bd160afad6c36eb8587a53f539b8ae8

SHA256
531ed400f9dadb1fb1a9b2865b670681b2625000c70386bc58e09a42e5d9e74b

SHA512
fbce46df9f9a647a592e2d10bacf6ce2fb16ab8dd361e206bdca1b2b6e7c8f38b321ce2af8d50ad203193be1d7d5b6eb965568792cedcf784cbae7d02927ed2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\KMSpico Activator.zip

Filesize
3.0MB

MD5
ecdc9506192dfe923fc87903577cbc09

SHA1
9a7cb23d94e9e01bec1660ad73353f93f9a5e30d

SHA256
01ffdfb445c9118b37d9a9d8175e8dfae35db35052bf2ef14edce5c695609a34

SHA512
f3f99f42c90c1b81df9bc85f96d28fe81d61341a26d33fe697a312e493a2564f60816426434f692e47e1280b42a2ffa9a3c96a39298b855e69853626ba982f2e

Download Submit
C:\Users\Admin\Downloads\kmspico.zip

Filesize
3.0MB

MD5
d062105833edfcd3e84cb403e3ac72f2

SHA1
556f017f769612c9b6fd363c5c7e10dae666eff8

SHA256
6b8848cf0f73aeb6dfbf5299688d3623b047e4a36a0faa5fa236224c8f8aee5e

SHA512
3151d0d9712e3594f5c7b184452e255e00f50a476ea58a46c89c4cd85fac4aa3328548b334d10cda19f2155dbea97e992aaf471f2820dbe48d9e9fe8f9d050e2

Download Submit