hxxps://nicolascoolman[.]com/es/download/kmspico/?wpdmdl=6978&refresh=64b7f039782251689776185

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
20/07/2023, 14:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://nicolascoolman.com/es/download/kmspico/?wpdmdl=6978&refresh=64b7f039782251689776185

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343386056148024"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
3376	chrome.exe
3376	chrome.exe
5408	msedge.exe
5408	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
1052	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2472	4892	chrome.exe	83
PID 4892 wrote to memory of 2472	4892	chrome.exe	83
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4696	4892	chrome.exe	85
PID 4892 wrote to memory of 4744	4892	chrome.exe	86
PID 4892 wrote to memory of 4744	4892	chrome.exe	86
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87
PID 4892 wrote to memory of 2740	4892	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nicolascoolman.com/es/download/kmspico/?wpdmdl=6978&refresh=64b7f039782251689776185
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee2cf9758,0x7ffee2cf9768,0x7ffee2cf9778
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5132 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4716 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4720 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5560 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5948 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5900 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6864 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4516 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3944 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5700 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4496 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3356 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7648 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1620 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7288 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7016 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3340 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5220 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6924 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4396 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5988 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7484 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5340 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5156 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2968 --field-trial-handle=1872,i,12646112956575771281,16963430849577127387,131072 /prefetch:1
  2⤵
  PID:1160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault416cbb85h530fh4ce6hb77eh530ba404a0d2
1⤵
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffed23046f8,0x7ffed2304708,0x7ffed2304718
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8586466289222080780,3491276055504095896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8586466289222080780,3491276055504095896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8586466289222080780,3491276055504095896,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta6ef04e5h5b69h436fh9635h412a0fa774dd
1⤵
PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed23046f8,0x7ffed2304708,0x7ffed2304718
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1963737996412616137,17660585587181842990,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1963737996412616137,17660585587181842990,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1963737996412616137,17660585587181842990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:4888

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26879:88:7zEvent31123
1⤵
- Suspicious use of FindShellTrayWindow
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
31KB

MD5
22ada11f495b066aeccd4a1e5282e56e

SHA1
61d24ae5a0f2f25b7acfea82ec7aa93046d58b4f

SHA256
d4550888ad9304626c8e4d07f022834175600920393d8061237a3cad620900e3

SHA512
b2e671fab32be1d4eccfc5557d83ace1e41ed3bcc4ab85f63b792c011449966bbd09f755022dea402733cbadf504d70298d6ddd4e1ab78c8ed745b58e8f8a173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
21KB

MD5
903224619b9bb75d981b4e4bca753b07

SHA1
1f1317e0722c6861f7bd9a451cf7043edd3c5270

SHA256
94830d1d23d520a85ece684202dee3f83ebf26d725b0f373dacfe311b2cf5332

SHA512
ba2f87a4e11a371e333a0abcc631f98731c38683c5edc34f0303c2568a69c6f74f8611bd145e9eaca4f22805c50bcea121f6a35e423554b091d5d7b37047d701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
19KB

MD5
48776f043e04cc9f6fc5030251321242

SHA1
27e5149a0b1445ef67dd7a7bd8941e004bc201ad

SHA256
a9fae31ecbbf918d435096436f9c6496b5e3c5411b6eb54e8985ead591b8011f

SHA512
706d95a587f1bc68c0d9d82e5322095c9cc97afcfa2698f0c2c84932b3512acbc44a11de111124f338b2e63e15d465815a221a41cfab2fe0713e1d31d8891dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
76KB

MD5
ab35c35f13ad50698c726505e8593d52

SHA1
3d853c1bab7d2bc212efef5a55d0000d0e5b2848

SHA256
89feb064d5939adb87aaa58a50872ee4b01386459dc294e2406ee74a213df1c1

SHA512
1b0f41d8e7588e8bd2414bc8c5450cf678ec00b77cc44449b8a7defdbbaed70c734ea56b6154f9ba082dc8bca7d4f10cf8ff67ddb56a643fba55f4d01bfb2a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
38KB

MD5
2b7ec9fe5044c75348bc52964bf50b78

SHA1
039e784c53ba423877c5c845ffb044abbf4c110e

SHA256
71c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97

SHA512
92cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
123KB

MD5
bcec2bed6441d53bc2f93146e558d01e

SHA1
fdc863c78626e315e6af67b4e3b496de1f108d98

SHA256
310ef2a3f7a56b6fbe7bae6f7dbb94d32c628094c8c49c384a5bcfb6a4afaf27

SHA512
65ed7381bed099ae9f7520067d562b8404a459b268bfa64275c60d4c437e4dd13ffacfbf14f7cccdf0d0e20c0af30b7607b66016a8798de25741ee09d68691dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
55KB

MD5
ca229a996fac715d1762a0fe03e5a980

SHA1
a208d974470cca652bc7ff816a3cd9b074d6df4a

SHA256
251e8bf329c56d859d4b55f26e5144ea398fade33038f1057da9970e99e377d6

SHA512
688e2471145a0cd5ad5e378576c2de67e345994498843425db339638761ef55c80e9e4b168a965c9a01ac217669181b27b3e4f14d62a35eed4513d445faae908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
30KB

MD5
0bb046932a827d8d626914288f994e1e

SHA1
2f989f67a7c4e9274624e41dddcd63eb900e3e33

SHA256
d905804736ec3893f39b84f412f0911f6de3121146ea51acd431026d1839dff6

SHA512
02c69dc3963f00356258e03a0f622a3a22b013b1f63f6ee6c9f7ac7066fdb6910f9dfc47902aac5912dd7bc6a751e18fe49e79c5a40a5f7416743b85c19116a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
21KB

MD5
19e712d447c350e7723dece2388cd5c6

SHA1
444c043e21958ea94dc5c52f464cf835499f750b

SHA256
e4b0d529c3c561c5c9c11766a8a68c8ccfac9a7cff6894587dcddf10e3fcd097

SHA512
719125f1771240e125c5b9010f66a481393c9da2c04c2cd82a88f0573a0a4dc2a449a218c18c3897d1e94cc29d235acedfca224313e4a714312c6d4776dd4c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
79KB

MD5
ce9c5514037ece9d05e7d1f39ec4dae5

SHA1
41cdcc5d6928bdb3dea59f24a93e6c9a5c281d35

SHA256
59113f210d047feaec3554d9e554a141f371ca5a8d2fc8e93b8b9ef7013f8c6a

SHA512
9aec016d6c0bfa3ce4c2ff84a576aacee1118a045e02e42e97dc1ec4eece48f940baa4d99cefb8a5f1d18ca32a4b328e1d6e7887ff4ac704cc157fbf1c7f546a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
16KB

MD5
f629e53762cd2e13db44792de5b0070a

SHA1
744a8c9553bb5dff13c5df9e4e8a3c86c7fa7960

SHA256
892b008881e36c749c741c6ff42c3313fd27453fc4e7658707625f20775bbb58

SHA512
6cf4e3b224a059dc09f6f02515fb149df7a9974bd5ff624ee6f0547b84372c89a043e842268958f30f464b29377133e35d1c12232c50aea4f6f49a630adacf92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
74KB

MD5
aedf50f6fc0accd5fd25ccaf5dd2eff9

SHA1
23463a3bcc1e21f72113c1142920272917439017

SHA256
bb888aa70ecdd34ceb9b9117d6c613566ed08d8367ccf0f2a7a4aafe7d732a41

SHA512
a5c7f818d3d68664b9a4c4199d62dcba9575afd7b537cdc18c54736ad8fcbd429fd6e430ad5e7f5d5b29d5c48aa1c1063a42c34e4edb0c8178e20b022451a102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
3.5MB

MD5
124368f2f9eddba0603146b51d4fc112

SHA1
046c3d59132d200069d2f797cdc7014bc6e46f09

SHA256
144cf539a204e7f342192b088c3dc89d0a389ba1b5c3230cdd3800fabb4cd2a9

SHA512
77bd485b2ccdcab9e90717fa62ca2d70581cfd1b903157f3cb02598c5c33b648da77a66ab774e4000dabc720e59626c692ef140ff522ea776936056a2c0c24a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1787c2f2411f50f4_0

Filesize
297B

MD5
fdfb293dff59368d6ab030f25cb8b46f

SHA1
9252b8fc48efc26c82e91486c7af7b66026e3512

SHA256
3f7ee01b2fbcc4d46b1440f2e520e481bbf8d4929a5ec688f7bdf69d292eb470

SHA512
58a94f027d620fa0f5873078a9e8a7d73e414d7e3cae5ae3e607fd1d7226ff1b7fb82bce2b133b0fa785dbdf4995cbdfd5af79e54eef6d860a8cfbe1385763ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\819850590ba2269b_0

Filesize
38KB

MD5
0df9519dc11731b003f72b40b3bed313

SHA1
f10d23bb9572a3f6f4883abcc61613cff3c3f351

SHA256
20e03a7a49704f396f160d0a3d46f1ec7b9084a0664bdb16d32b9061a4786654

SHA512
9fd3cf9266de5128f046cead8e1000542a5917a77f9648dd6dbc1a0a6f8c46549943cb552ec50cc1894ffcb6a829cc077d424e5d82424836a75a355d5a379f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ea2981ac0402d56ce8d5366ebaee98a0

SHA1
b5d5a5dcaa9e681f77ad0a9c2e117bc2f951e11a

SHA256
af28144902b0425da957b6a3a91e5d36442d53a719dc4e9cba3f2e71ee3b9bbe

SHA512
ef2e86b647230159e9b84551f33fd1108ee88a307977f09ef99c9c85ec717eb0c3624715e40d785b0b89c229202edf1aac11e15910820c3d2be47ce687066e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
be1225acc80a8667824716aecc73ffd7

SHA1
fcc42f11cb6a896a22ebf1869948198732cb6ee2

SHA256
359f7dcef57c167077adc49d6c6d11f23f1d95706bab7480cb5438432e26ce58

SHA512
b68bc6f7d3f7580909de9e7852929cc12c58b60d1efab406bfd86993c4a6d2d7509accd2692592bf831201bd55753b26fa2085fab645dd180dac2f14e4af2cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
529cc922ed01346dae229576cfd98428

SHA1
0fd4ed05a0cb621a7804532954cbaf7643162440

SHA256
09910b6715fee4da9e24051497f9ed406f69587877ae1162530c5974f73c515b

SHA512
5a887ff728824681d486d54db42f78f35218f0ee050f920146f22e83dc4f9e23388bea8b9b05a1d74fd94473dd35c52004f23e5f6b5774b1e0665e2e2006e103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f7e0a8e03a5403f212920bda8961aa8a

SHA1
99a39c372833faab9ee1b2421f53a182b63bb012

SHA256
2ccc3f116df38057d6da738a50c33c34470a4cdbfe0cafc5a2af43d7c362e66e

SHA512
b53a7010e8fb2346dc06c7da4f7f3cc9235f740063ca986ffa91e931c080449b04c785cbf13cffd2c591737b70b49bf97da725292bac60d9d7d1f288cb74753d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\48b0cba9-36ae-4ea2-8473-6e2ed8364bad.tmp

Filesize
4KB

MD5
b9e1dd6b2c65d6a2d3b94c8af4a5b7f2

SHA1
8c7bd3db5bbccd9c8d3271779b046db18760cdbf

SHA256
84126ec00ce7f652bf7e6f453d17d0883ef9061a5978d7529d74d7c4df2c1a00

SHA512
cb743c568c44093e27e56015bd75002adf65950ccaa94306084d3024779cd36761950599015ad31d42d5697e38c851e9b5df09f41684bd0032838371db435530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\686ed538-c06b-4eb9-a5b0-68bfb05ee8b6.tmp

Filesize
3KB

MD5
fe571181464943b629117017efa7278d

SHA1
cd3a47a57f90a8ab678f984ed5b6699f9ede9424

SHA256
38c7e139c58567855f4297329dcadf7652c6b0c3c4cd5baa19aec5a5f976ec71

SHA512
10edc3574808be2f3e305736558ea459c596a27ce1cf2c2b4bfb54e3e334d9a5909392a4668b0ac1631138679d2b943759a9a77c8a5d3b7e63e03f43f5abc90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
0c5eecc4c281cc1f4ea1f129b1901f3a

SHA1
b53fd5277fa5bdbafbf6f78ec779b2879f00f1c3

SHA256
98b18ac19e8c8e6dea86572de87c772246f0650715b82b7ed9dba48553eab30a

SHA512
4db4288c35eb877ec759c38e7bcf315bfb28c27adae49c6c14b8bc06e75cf7a2ae45e62b8d80e6599e8151f58357aba06a4201155e87ff039b1b1ea20c4bc791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
7eeafcdd8dc17e75ad34bce9eda8e366

SHA1
87fe191a1ed79574e7b69275311b6f2d4a707f66

SHA256
aced88c022875f30a1bffa7345031bce6eaa22320c42d9e74cddb590b04678cb

SHA512
d41f32e19a60c2a1f9f2d59b76f1a882b820209ba78979f9161c7db3b3701c1c532de328c3b5170aac0cc3ecc23c9ddedc2f944147da513e5ad93837c3a71bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
dac9d2e39f58b9fe046ad77a617cfbac

SHA1
f71ea23f0141454719a22511ff9bc19c3b3a1bc4

SHA256
67433b25dd0f23635b5ffc1521dec4b8dfd8617702d5e0f33cc77dbe4f47e85d

SHA512
318098e16a50b47eeb81febe0d0bbc81f0300539c2c5c6be51a13408a2f020bed5b01a42dc76d707f2a00406f33d945874f50b928e6f6e203b97eb24d83c6a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9b145982a3a492e626fa4021b340d76d

SHA1
ce672e7ec9ab3cacab4f7eb920e3c77c90d59bcf

SHA256
4a86a59cc145197b5717f60ef650c5ad9a37f1c2c16d9084367fbeed36bf3606

SHA512
6cefcb0f6a8217b478ce398c615c68a45c0033d84e22d175e041c18884dd9def0122425b65cbd1c7cd83a54c137b81199d24b6b647d3b19b191a2886e13b5f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5422f4001deade6d5ae96e77b83f6fc8

SHA1
a98b9a3a35a382eee4f812ac397a731773a6f2da

SHA256
b05228683f4511a5883030735583088ac5c492d2f789fdb8313ceac49997f729

SHA512
7276eaf133b31d1c18d7c7c2669911fffc185ee0ab42c0d4202c5ae2fc6c92e1f9575d747288e7e5b85b9aa9c58bdfebf31f53723157735dd67e3935d1409f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c2bd8bf15c9db6f65d81857483d5e667

SHA1
7b4276f37803e63db8e6bde16d4f59bb9fff9f9e

SHA256
e58daf52e64e358a7d78d22c3ec7960ab926f92813126a0bd6798bc1d97dd40f

SHA512
011135ac050894bdeea1deaa082f3b2dc5552852e23a7f949660eb5b9beafc22eed49851c5b2232e03fc42ac463357ad11a1104da9fafc5548704bbee685f22a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a320b7295b31119de5fc3246928a9d1d

SHA1
179ea9263524b224879a811f62ac2ad86d682f87

SHA256
bc1b8f582be543a5d65ccd2c39c52bae4064b483d2e8942c6ef998440805ef22

SHA512
0a93af25ff56d02bb88f3ad885ab69b6e180aaf586fc15ccfe2bf6ae0becfd06994e5cddc3b837de6375080b0eeb4c412655ef6b3497a90e877f2cd25c003f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ee71bd141e8df8a163d442a7bf4f18ae

SHA1
83ecd078c22c9bf5242fba0c2e6b7bfb00dc9928

SHA256
abc4bb9fd9a1028924bb6c7c6b44af4b12b531cda5a44bbda2076000d2038aaf

SHA512
8366550b710e82e08b52ef901ff7a5769dd0d5d6d0c9b7dd4a3aad9360bfaaa5abeebca7d12a226a74a4dfc0859fb053fb0006be95efce49ec0bddcef7435d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf1082a6f878f6d7f00428bc0a5bab10

SHA1
8523cd9e20a4969dc0a0eb7f19dd2ce196e8ee3a

SHA256
4466f8c6c590852e6a69a157bdccbd9a151d009cc92b2d6c2d1096c9c430298a

SHA512
c4f99a7a8e264d5821eb4565a6be24359c195cc5f393f33b2cd1ddd81904b547df42c27881487d9fde11516886b7863f0bc47c34181c8f1b3403d4b64bd9eab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd2af6842f0b4b07fb4f2d827c1b4463

SHA1
4718900295b134e56d3df0a76f34156ef934a5cf

SHA256
0b11f22f272ce95d82358107ff6998486d76c0aa2e95d9864be163821f2dcdfb

SHA512
346692f6741cb83820834d2c333169153adbf5708dd860c8e02970ea1e3bf8aeae92ad0635c7f85612fe0073140dd635db9aca61c9809baa8037c31558e874aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7191b396271132a2f0ca63883351f300

SHA1
d6f3f409dccdd8613f1ef5c966d7c0c253e406c3

SHA256
62f7efdab6acad5ae700cc398dd5e774e37896bc3d453d108044a9738f1b1ec0

SHA512
73547e108f80b011ccc85e2e0868046ffb6ca94868bf4f1444097e223f51fe636cb39e43d766b65821fc6f8c837bb1b61a76e19bc0589e10dbd19b2665331773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
98471677d8f31f35af52092f8cc81f8a

SHA1
a04103e2e4246ba09506bef51c37f4e7ba154417

SHA256
275a795ef3c452f00e2608bfa3544f4ba6c60c716fea84b191bf76f5dc2cf0b3

SHA512
af5ebcb44b8e4d4b7e9fef756177f82934026d1e2d2e901675cd456d32c5eca161414508450ae3dadabd58ff1a1c40f074acd87c2656cab499c659d4e2ab9693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
99084aff0b758c88d09deeffd247d85b

SHA1
a8d7b423370bea55f290fa08b6c168f10bb998d2

SHA256
4a05f8c9a0cbeb73b5b07b41963a78c75d274ef7ec58cd7e897f814045b80b18

SHA512
f241450f04a8bdf07ce915a7453e24ad82e831cc14376c0890c9e64b8d92fc8ed58ede8ca2ac1e52ef38e49f7bb1d679f88f859a80747de287a2bf7645dd1836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
a536e5426cb7f8a5a786fad3cf27f28d

SHA1
b26dd89e1c122fe1692bc88f34c2123a73312a7f

SHA256
91514ecf9227bdbf9d4f4cba5992239e1bdf93db341e691c97c903e493755dc7

SHA512
95ceb23e1b618117a620040b5c54a5b7622e3b6beb79953e1f4dcd4147eb7af6f471b3e6b27089d6c2231d72db073e41c8261e7cc62d4938c65315e5f5f74862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a6da.TMP

Filesize
106KB

MD5
2d3047c687d3d1a7a73738014bf02ad7

SHA1
12e3cc752d554b5429ee02d5817b8744ede926f1

SHA256
b55ced002214df0dfda0e600e78694c876cc44bdb12929b19ceaf101e045a433

SHA512
170a06fc06e2fdbdf3d30c71cb5f0654783c1d5c2544e2801676b88ded1b07c9716a4fce59a13fdf28dca1049b729210ba4197555711dcf084e85bc16785c844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\78742c7d-368d-4ac8-a418-f5930a0e6d85.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
0eb9886a17c54c8177e2564ef61b5f1a

SHA1
9de1efcca3cfa327286aa543ad5a8aa2726f7fe3

SHA256
192519e3591cebf73674b5122e61f5e0d0d55eec42b500ab54866951eac4518c

SHA512
709b1ec3887d1e5f16c6d5074d88ddc8513837e2d1319106989a1c1f84fc9c70ba04dc2320ab26b0d2291984d79b3fa12e0b1bfd24daf40d4ca395715e1115f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5cf36436c3c03ca06bb055349be571cf

SHA1
e8fce37cbf67a8e96c68ced586ed1a481480da5d

SHA256
04a4fcce7d3ba0964fe611826a3ac5b30c25ddcd376632a89a1a70c3ee736d93

SHA512
8c93ade49baa74122eebd0dddec69537c955ab4f6098d74badbfdc29bc118578266f15e686e887f7ec95d398df285b7007ce37f2caffe8d9b1783303b944af74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5cf36436c3c03ca06bb055349be571cf

SHA1
e8fce37cbf67a8e96c68ced586ed1a481480da5d

SHA256
04a4fcce7d3ba0964fe611826a3ac5b30c25ddcd376632a89a1a70c3ee736d93

SHA512
8c93ade49baa74122eebd0dddec69537c955ab4f6098d74badbfdc29bc118578266f15e686e887f7ec95d398df285b7007ce37f2caffe8d9b1783303b944af74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
bf732298a895b9b48735fcb7b38f077b

SHA1
52d293cd35886da5990cd6a7c43812c262a93b27

SHA256
2e15eb9f32bba574f1549b9060997f9aa3a4facc1df3bc58f6cacce72ae02601

SHA512
576a1275f7e1338c8e463b4bd3ec9464b36240a11a8be64a0547780bb54aa0fcf5063e6b08864731fec9b3dcec6d46e9214cc16dac11ec4067daffa40862f01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e5f20f6b63bf5f7ff0faf31e99074eb4

SHA1
2905d3819b4021f4f346bb8d0d85764e6435ea92

SHA256
4b161da3bb6b3da6efe75a6bcb90e54d74767de2c2c4226bf6e7fb1be95a5862

SHA512
f413add34b4efbf337c00f028d4f8507bc26a04b323012f96e943410694665d49c2e0e211ca5473e770128607925e35df9f37673d5b34db01cb1294e3749c131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
1018cbbe5f50885bc0d0a32160cb4544

SHA1
5ef796b843b1834fb9ce6510530f3f9b1b600e3d

SHA256
beb2101d25911cac6c67eb214d4726d08a51c99c8b80a68e37bca1e6ddcd2cf6

SHA512
7ad5aca67d73e4bc2b440614bf69dec50a809ef947e17e29c4cdb2144fa1ca90f57dac41dde1c62c8b0823354bf847afaef33003570947d939f29477f2c0d54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
1018cbbe5f50885bc0d0a32160cb4544

SHA1
5ef796b843b1834fb9ce6510530f3f9b1b600e3d

SHA256
beb2101d25911cac6c67eb214d4726d08a51c99c8b80a68e37bca1e6ddcd2cf6

SHA512
7ad5aca67d73e4bc2b440614bf69dec50a809ef947e17e29c4cdb2144fa1ca90f57dac41dde1c62c8b0823354bf847afaef33003570947d939f29477f2c0d54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
52986beadbf354117495df3a91466445

SHA1
a195eb6dd9fce3178c57ad7ae9849c3accf383eb

SHA256
7428b72ca9a5c2860f6163205c6890b5126e182d1e36db15844b4ea154b5d95a

SHA512
319210cdad60451733af4be752beff8e80b64369ef0c64f96ffe6ba541495ddb91e656ea654ceac3dbc76668cfacc8d94cbfd66e15efff149ddf6c235d4c48dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\KMSpico_setup.zip

Filesize
3.5MB

MD5
124368f2f9eddba0603146b51d4fc112

SHA1
046c3d59132d200069d2f797cdc7014bc6e46f09

SHA256
144cf539a204e7f342192b088c3dc89d0a389ba1b5c3230cdd3800fabb4cd2a9

SHA512
77bd485b2ccdcab9e90717fa62ca2d70581cfd1b903157f3cb02598c5c33b648da77a66ab774e4000dabc720e59626c692ef140ff522ea776936056a2c0c24a6

Download Submit