hxxps://www[.]kmsauto[.]info/file/KMSAuto-Net[.]zip

Analysis

max time kernel
135s
max time network
128s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12/06/2023, 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.kmsauto.info/file/KMSAuto-Net.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133310439798453488"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
2968	7zG.exe
4028	7zG.exe
3700	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4192	4160	chrome.exe	66
PID 4160 wrote to memory of 4192	4160	chrome.exe	66
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 2832	4160	chrome.exe	69
PID 4160 wrote to memory of 3992	4160	chrome.exe	68
PID 4160 wrote to memory of 3992	4160	chrome.exe	68
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70
PID 4160 wrote to memory of 2340	4160	chrome.exe	70

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.kmsauto.info/file/KMSAuto-Net.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffc5589758,0x7fffc5589768,0x7fffc5589778
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:2
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4628 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2540 --field-trial-handle=1804,i,17976142867415328403,2544287116555006308,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1148

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_KMSAuto-Net.zip\Password for Archive - windows.txt
1⤵
PID:4232

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29920:84:7zEvent22075
1⤵
- Suspicious use of FindShellTrayWindow
PID:2968

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21543:140:7zEvent20323
1⤵
- Suspicious use of FindShellTrayWindow
PID:4028

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Password for Archive - windows.txt
1⤵
PID:1360

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3519:140:7zEvent26039
1⤵
- Suspicious use of FindShellTrayWindow
PID:3700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
762B

MD5
2b247ab95ce94ed40906e478e0364c08

SHA1
633662fa399cc1e2891923c96204339b5254c203

SHA256
ad8f7966e5a897523c913199d5f45e8ee571f2e4a64ab6412a8ad4dd5dca144d

SHA512
87e466098b9e0456483117dce85e9dbd404fa8fbec37f59e5f5e194b14b08f46b804af86cb8fad0e6f2ffd17b88595e90f2eaab9b28a91f4d839a670f58c0732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0ec8d87c375f14011d3f94e70d3ec460

SHA1
93d8cb288e4cca072553d7529fce3ae9ced92867

SHA256
bdae35796b7396a4705e608ca77bb758a23724f57f78cdf1a82e36420eb9f377

SHA512
0192ddb3bc0b401d7a9e7b76f58fd660135518a211446fcaf8362b0e3d0702d87c3441cbfe0e4aade8e69dec6b5257d5e5ae8d092155833816070888cdc0e29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
517ade245c1faedc7dc49848f504e3ac

SHA1
a7c9125fc878cf26bd0763103a5fa4398ca80db4

SHA256
fa3204ebe2cc4f3ea4c2a029f1d08aac5ef00a5be4595a652d9252d9176911ed

SHA512
0c24ea3729ab34a51708f870f40a90c3d191f3ae1cd6c7db5578d9dacb03cfc0a4c036fd587f09fa8241c12c7ec166068614913cd7feee0ff4061bfea1cf2060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6536a4b35c1ff8e3823b8a23bd7f057c

SHA1
24ad0f0b57ef496f35af67f84ee6e5f2c89654e6

SHA256
fb20343277ef7d5946a536c885500d96e5a58abdb4e391fc7a879a9db0e9a730

SHA512
43110a31c6897c8ddbef8b6d627c8639df10b2da65a19bf2f96dd4fbf2d094a7f5e949b1cc7e55d78b54e8f8937d04a326712ea1cc4439e6b65c7fb2f59698d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
d656e3d4fef247e53faba12f30104ed3

SHA1
0d48b2d15dc4a321459c412557511bdc850ca093

SHA256
1a0f33ecb999b749b74cc5cf6e646b6300b8fb41e728581015af04eafecd7469

SHA512
72b8e54bdd3ea1019f83b9906318afed72de08b20e269b0c5d2d0b08283928418f740d95687a642da9b6fc79f05af697b7d2d2c8ab3e2363fb5d38f230f7c9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
100567e681c7c57f5c5b640b57a5b316

SHA1
5f2f1d0f2696e5ac84bcfb89603840f035ef7776

SHA256
e2446620ab2ebac1e4744c97d77adcec98d1bb9c8274bbc27fe30eefb164ed68

SHA512
5dc9e0dc86d747001b73c7acac01edbf377f6b50e385883c203982c892e42fd646c0b7e893afe9d7f18adff171bc4faba2e1058a3177a90b9a1cfb2ba5a0a80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
46ad064036d1c0164d09b37111a94cfe

SHA1
56d27c510516a70038fc628ee8a5b9178099e3d4

SHA256
a338ef8d0aa2f6f9eecb251a3c80f117179b2788b0491729b295be5f82088805

SHA512
3e9953ddaf06c48807d3b0c3b9977b2d2cb7529e1cd66e337287261c0c61e52ae8860cb97ff360788447423bece986cba9c0b0a372eae269a811e5473bb06367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
e3ea923be5633382c8719b15c4690dd3

SHA1
9cf2c40fcb49c86f9030ef12348cd94e1880633e

SHA256
54b113cfaf9dee1fd05be0a1ce032e8e6b36ff10bf437d4010a39de06cb170b1

SHA512
c86abaf4b56bdb9c7016799ba0a21216ec718d40c26604d7bcae262d8eec7a1e64eda7f9cdcd6bffbf945c15b00475a59a13e11b7429d3a6a60c8613d4462639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
6c28e9fd4654d679b2b85ee95562bce8

SHA1
1a5602e287079f8b16e80c2caabfd8bccc2a8a2e

SHA256
0c99dd3643a1b388a5a8da0b7039f466fa5d1b50973b24044628810bafedae7f

SHA512
9dbc8d9e0219a8c0483dd26b926cf61ccdc92d14c0af55cb0d1fe29b1fd8a195e89c9b6ef66995bd57db1172633e2ff10a359e064c6b6ac5f8b801b67bd690b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56f283.TMP

Filesize
93KB

MD5
0adc5d8d324ac9371aea3f092dffd4d6

SHA1
a64869963cfcee7750b347a7ffa6885c79b908c9

SHA256
4d57ffc5c78af53ec2f101582ba4bcbd4ec2988254f93c28de91ab2c41d3e32e

SHA512
4bf7730ec92a7baa4aef6f05c39b6edbed3b2125aac4443c08fbde6aa039d77dbdea8b3c0b94793b04b1ff3fd19c887445ba3020d0aad59ceb91a479fa51529f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\KMSAuto Net 2016 1.4.9 Portable + 1.5.1.zip

Filesize
10.7MB

MD5
146c2759347e0d52625ccb4076e97ebb

SHA1
37a5e26c83cdd143c9265ab454196a4afc6ff79e

SHA256
322e6e04db88aadba5ef0c92ca471f2a11046c1884dde3d3fa05c35f3418ef36

SHA512
153e4f15a45d08c0dca2c47f209248b9e05b4318b30a74a5a0f62af4f57afa5a0eb8d236147bfa9a6ff5de324db167930fc25f0a50ab0702435da9d95271ac27

Download Submit
C:\Users\Admin\Downloads\KMSAuto-Net.zip

Filesize
10.7MB

MD5
386cb87e6430d914820d793db19d7d33

SHA1
160a3788d24787fbf1c7579ac2a5da2d0ae8e25b

SHA256
d4230cae5c3e1b11fca61a711e7f3886088f6728858108a6811670aa3616a57b

SHA512
e50a7610633384378d1e4d547554e791424fd19342c83ea2cc83348c1c0d7199a467bffe3880c2ea69dc2e783c61779e15c3c4490970d5def68d1df9d51a6011

Download Submit
C:\Users\Admin\Downloads\KMSAuto-Net.zip.crdownload

Filesize
10.7MB

MD5
386cb87e6430d914820d793db19d7d33

SHA1
160a3788d24787fbf1c7579ac2a5da2d0ae8e25b

SHA256
d4230cae5c3e1b11fca61a711e7f3886088f6728858108a6811670aa3616a57b

SHA512
e50a7610633384378d1e4d547554e791424fd19342c83ea2cc83348c1c0d7199a467bffe3880c2ea69dc2e783c61779e15c3c4490970d5def68d1df9d51a6011

Download Submit