lumma | hxxps://mega[.]nz/folder/SQ4BWbBB#fAN-0OThrJOUdQL-8mb7TA

Analysis

max time kernel
469s
max time network
471s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/SQ4BWbBB#fAN-0OThrJOUdQL-8mb7TA

Score

10^/10

lumma defense_evasion discovery execution persistence spyware stealer

Malware Config

Extracted

Family

lumma

https://revitmodh.run/pzaw

https://dsoursopsf.run/gsoiao

https://changeaie.top/geps

https://easyupgw.live/eosz

https://rliftally.top/xasj

https://upmodini.digital/gokk

https://salaccgfa.top/gsooz

https://zestmodp.top/zeda

https://ixcelmodo.run/nahd

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 3 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe	w.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe	w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe"	w.exe

Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 5 IoCs

pid	Process
3540	activate.exe
4076	ConsoleApplication2.exe
3996	UnRAR.exe
612	activate.exe
4508	w.exe

Loads dropped DLL 1 IoCs

pid	Process
4508	w.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2368	powershell.exe
4456	powershell.exe

Indicator Removal: Clear Persistence 1 TTPs 1 IoCs

remove IFEO.

defense_evasion

Clear Persistence

T1070.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe	w.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
176	pastebin.com
32	pastebin.com
146	pastebin.com

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\travel-facilitated-booking-kayak.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1271634999\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1271634999\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_450532499\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1985742687\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_695831225\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\extraction.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1111952441\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_695831225\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1038851610\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_450532499\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1111952441\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_695831225\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\classification.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1271634999\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1038851610\crl-set	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_758129800\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\travel-facilitated-booking-bing.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1271634999\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1111952441\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_695831225\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1985742687\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_758129800\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_758129800\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1985742687\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_758129800\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_695831225\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\automation.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1271634999\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1038851610\manifest.json	msedge.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SECOH-QAD.dll	w.exe
File created	C:\Windows\SECOH-QAD.exe	w.exe

Launches sc.exe 7 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5508	sc.exe
1896	sc.exe
5532	sc.exe
5696	sc.exe
3020	sc.exe
724	sc.exe
1208	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	activate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	activate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ConsoleApplication2.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Delays execution with timeout.exe 2 IoCs

defense_evasion

pid	Process
1988	timeout.exe
4940	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3833542908-3750648139-3436651901-1000\{7EFE55CA-3491-47D2-AE10-DAC5B08BF8D0}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000030000000200000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 56003100000000008a5a706b10004b4d537069636f00400009000400efbe8a5a4cb18a5a57b12e00000031e40100000003000000000000000000000000000000a03bca004b004d0053007000690063006f00000016000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000030000000200000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000ceff08c455aadb013e84d35365aadb013e84d35365aadb0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000030000000200000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "6"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
3540	activate.exe
2368	powershell.exe
2368	powershell.exe
2368	powershell.exe
4076	ConsoleApplication2.exe
4076	ConsoleApplication2.exe
5048	msedge.exe
5048	msedge.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
612	activate.exe
4456	powershell.exe
4456	powershell.exe
4456	powershell.exe
2032	msedge.exe
2032	msedge.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
5500	chrome.exe
5500	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4508	w.exe
6088	chrome.exe
5144	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2056	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2056	AUDIODG.EXE
Token: SeRestorePrivilege	4952	7zG.exe
Token: 35	4952	7zG.exe
Token: SeSecurityPrivilege	4952	7zG.exe
Token: SeSecurityPrivilege	4952	7zG.exe
Token: SeImpersonatePrivilege	3540	activate.exe
Token: SeImpersonatePrivilege	3540	activate.exe
Token: SeDebugPrivilege	2368	powershell.exe
Token: SeDebugPrivilege	4076	ConsoleApplication2.exe
Token: SeSystemtimePrivilege	4508	w.exe
Token: SeImpersonatePrivilege	612	activate.exe
Token: SeImpersonatePrivilege	612	activate.exe
Token: SeDebugPrivilege	4456	powershell.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeRestorePrivilege	1832	7zG.exe
Token: 35	1832	7zG.exe
Token: SeSecurityPrivilege	1832	7zG.exe
Token: SeSecurityPrivilege	1832	7zG.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
4952	7zG.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
1832	7zG.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
5144	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
6088	chrome.exe
6088	chrome.exe
6088	chrome.exe
6088	chrome.exe
6088	chrome.exe
6088	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5144	chrome.exe
5384	chrome.exe
5276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1004	1888	msedge.exe	82
PID 1888 wrote to memory of 1004	1888	msedge.exe	82
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 1460	1888	msedge.exe	84
PID 1888 wrote to memory of 1460	1888	msedge.exe	84
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2948	1888	msedge.exe	83
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85
PID 1888 wrote to memory of 2656	1888	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/SQ4BWbBB#fAN-0OThrJOUdQL-8mb7TA
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffebb0bf208,0x7ffebb0bf214,0x7ffebb0bf220
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2960,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=2772 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:3
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2212,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=3068 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3548,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3552,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4192,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4260,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:2
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3912,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1640,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3916,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6732,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6984,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6852,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=4636,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:4932
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\#Instruction.txt
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7484,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=7676 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6872,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,3151375891408882158,14366787612712402416,262144 --variations-seed-version --mojo-platform-channel-handle=3908 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffebb0bf208,0x7ffebb0bf214,0x7ffebb0bf220
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    PID:2172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:8
    3⤵
    PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4304,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4456,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4304,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4648,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:8
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4656,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:8
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4664,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8
    3⤵
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:8
    3⤵
    PID:1492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=784,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:8
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4808,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4192,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:8
    3⤵
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4108,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4152,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:8
    3⤵
    PID:3252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3224,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8
    3⤵
    PID:5580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:8
    3⤵
    PID:5960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3212,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:8
    3⤵
    PID:6124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4852,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,17034571147149958491,11007056613152564368,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
    3⤵
    PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x158 0x328
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3568

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\KMSpico\" -spe -an -ai#7zMap31981:72:7zEvent2690
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4952

C:\Users\Admin\Desktop\KMSpico\activate.exe
"C:\Users\Admin\Desktop\KMSpico\activate.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3540
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -exec bypass <!DOCTYPE html> <html lang="en"> <head> <meta name="viewport" content="width=device-width, initial-scale=0.75, maximum-scale=1.0, user-scalable=yes" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Pastebin.com - Not Found (#404)</title> </head> <body> <h1>Not Found (#404)</h1> <p>This page is no longer available. It has either expired, been removed by its creator, or removed by one of the Pastebin staff.</p> </body> </html>
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2368

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\KMSpico\ReadMe KMSpico Portable.txt
1⤵
PID:884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\KMSpico\Start KMSPico.bat" "
1⤵
PID:448
- C:\Windows\system32\reg.exe
  reg add HKEY_CURRENT_USER\Software\WinRAR\Viewer /v "ViewerUnpackAll" /t "REG_SZ" /d "*.exe *.msi *.htm *.html *.part*.rar *.bat" /f
  2⤵
  PID:1924
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:3796
- C:\Users\Admin\Desktop\KMSpico\Uninstall\ConsoleApplication2.exe
  ConsoleApplication2.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4076
- C:\Windows\system32\timeout.exe
  timeout /t 4
  2⤵
  - Delays execution with timeout.exe
  PID:4940
- C:\Users\Admin\Desktop\KMSpico\Uninstall\UnRAR.exe
  unrar x -o+ -pdialog "dialog.rar"
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 4
  2⤵
  - Delays execution with timeout.exe
  PID:1988
- C:\Users\Admin\Desktop\KMSpico\Uninstall\activate.exe
  activate.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:612
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -exec bypass <!DOCTYPE html> <html lang="en"> <head> <meta name="viewport" content="width=device-width, initial-scale=0.75, maximum-scale=1.0, user-scalable=yes" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Pastebin.com - Not Found (#404)</title> </head> <body> <h1>Not Found (#404)</h1> <p>This page is no longer available. It has either expired, been removed by its creator, or removed by one of the Pastebin staff.</p> </body> </html>
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4456
- C:\Users\Admin\Desktop\KMSpico\Uninstall\w.exe
  w.exe
  2⤵
  - Event Triggered Execution: Image File Execution Options Injection
  - Executes dropped EXE
  - Loads dropped DLL
  - Indicator Removal: Clear Persistence
  - Drops file in Windows directory
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:4508
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" create "WinDivert1.1" type= kernel DisplayName= "WinDivert1.1" binPath= "C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys"
    3⤵
    - Launches sc.exe
    PID:5532
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" create "WinDivert1.1" type= kernel DisplayName= "WinDivert1.1" binPath= "C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys"
    3⤵
    - Launches sc.exe
    PID:5696
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" create "WinDivert1.1" type= kernel DisplayName= "WinDivert1.1" binPath= "C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys"
    3⤵
    - Launches sc.exe
    PID:3020
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" create "WinDivert1.1" type= kernel DisplayName= "WinDivert1.1" binPath= "C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys"
    3⤵
    - Launches sc.exe
    PID:724
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" create "WinDivert1.1" type= kernel DisplayName= "WinDivert1.1" binPath= "C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys"
    3⤵
    - Launches sc.exe
    PID:1208
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" create "WinDivert1.1" type= kernel DisplayName= "WinDivert1.1" binPath= "C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys"
    3⤵
    - Launches sc.exe
    PID:5508
- - C:\Windows\System32\route.exe
    "C:\Windows\System32\route.exe" delete -4 10.66.68.96 0.0.0.0 IF 1
    3⤵
    PID:3424
- - C:\Windows\System32\sc.exe
    "C:\Windows\System32\sc.exe" delete "WinDivert1.1"
    3⤵
    - Launches sc.exe
    PID:1896

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\KMSpico\Start KMSPico.bat
1⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeaa03dcf8,0x7ffeaa03dd04,0x7ffeaa03dd10
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2284,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2400,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3544,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4516 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4792,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5796,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5824,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4572,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3676,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3412,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4840,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3232,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3236,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4044 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4800,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3352,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3008,i,17395143633955454813,13139816950695914457,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1572 /prefetch:8
  2⤵
  PID:5796

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4468

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap31605:64:7zEvent17291 -tzip -sae -- "C:\Users\Admin\Desktop\KMSpico.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1832

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Defense Evasion

Impair Defenses

T1562

Indicator Removal

T1070

Clear Persistence

T1070.009

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1038851610\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1111952441\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1111952441\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1271634999\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_1985742687\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_562275689\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_695831225\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_704511592\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5048_758129800\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
05d85e12c122d8ae8635a7c8a2493f27

SHA1
508e8e7b79b4a67b48b0993db7da064391748ddd

SHA256
b0fc77d164f2bbc6a19a034acb12c1b3cb01fafb657233d0ce8d606769f9c344

SHA512
174785dce5349c1e60895824be792e2c37af15b568102f6700dd9c405b51b94df13b9993fa1bf266eabcc5545f03ade2f4b6ad85654d56c3077b18f2d50ff524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
1a716f4cca0cbe43b7ed30adf1c7287b

SHA1
2fd1f95db84c54b02a539f223a514d9bbcf8aa82

SHA256
8891a75c041dc78ffcf9e913ec8e2e4938f0a89ae4139562abe459140fe823de

SHA512
099b38c94086c974f62c05ca146ac6bac2e3dd0e34eae16cc621be7e15c9869323a68801d44c2dba606e35644a66999821c73cb5c8074594fbdf4390b31aee85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
fd1bf1b0224e414734560b8f999b479e

SHA1
28fd5c506bf489c6467cd28c1bf636e4578a2e49

SHA256
d37a563a00ab320e8aa1de633c330f69448d616606191ab4beca9dfa61597216

SHA512
6b741f28a13366f1b0184693fd096e6a5a687480429c818fadec6bb13f8ac19442438cbb24269ec91aab74a80bc814a8c68418457a183811626ca461e4714c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8c693b915db7077237cb9fde9c96392a

SHA1
378c3f38e27770196f27291b0ddb02e760dc821d

SHA256
2e87417398d06b93f36b5b6451dd2ebaa79c775a804d39d49c85181d0620cf87

SHA512
38922176d889bef8ee35e0bf40842cfa265ac3edec9d984318e549d14755437fee76821d56caaf1e945a24d3b4b9318d7685d5b09a024f950402a134256fbdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a54bb1ca58aad6f1d27b18f5268a5c95

SHA1
aa38fa707fd293322503d8b347e030cc172ba03f

SHA256
2d27f28327bff92ead27545349f6c5e39715a6dc16c915c4414f307ea5d67922

SHA512
99c7ff9772b6755d8e92be26fb8cac465990177d6dab59acc2a0e9bb6467ff82cbf5b962ea9989449abfea030f9fdd73f31ec296f6d2063a6c22c49fef35bc8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d443a5e92c84dbcc2394751c7525ceb0

SHA1
a507f5d8a425ee807c94b7c42080ae69090bad8e

SHA256
d2d8d3273e2a40030b2c80cc4cdc50ee6205e65e0c1ebb5759299e654914247c

SHA512
a3f8adecc62e660070aa96e4dfc0b13a4c43233fcb37d003764a72a5d7a701abe253be6ffcadf505b3757ded17d9880559b66769ad401f8694d11e9adaad61c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
040d7fc310b5e5b3afd3430efcb3aa1f

SHA1
22a7507341fe3d354e2200b1121026bffcce2ab1

SHA256
512053b48150df7dc2cefea90567472d4f48d958d0e12451b14de1b6c8d9a9e3

SHA512
ef9b3a8aaa93b0c4a67a534ed53923efaa08963e1245f6d1cc52076b49a20f956c8a7384071afbcd85ae39cab44577e176e2b9678474ecb2709dfad665fc856d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9c9339bd34a09ad714f94ee9f813e9d

SHA1
ae8b2cb8fb9c0fd697913cf7c14913913707d90f

SHA256
a0bfc0260a7dd11df41ccc18dbf9ec3a07b74a214f393489d61c54ab0e05acac

SHA512
510d3e914f52fddf17e0e9322946148d00f3111d3695e496ac0d28fa2e2e056bc5966bed6430b872b6102f7e3ce16f2b944cfeb1ae9ac78472c8bbe64cd3b018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80c9fdb6966af594893d8e28b99b8a54

SHA1
4787eadb5cf988eb6b9baae6e5ddbae336de1abe

SHA256
52eae10f1f99af3be4c149134ae7fedcba7fe84f732c5037f2cd63d0436afd70

SHA512
ae4a3358923f56235a5ca32309a63cf31b25df6bcf388400fb6e54277e28d96fb0ae8a77c600bcf750a583830d67064c9509c7a9ef0a80de1d54f196244b709b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1e3ad912bc8a27c37b92dfb7f0f3e90

SHA1
110187e98fad59664320f362f153ca1833248757

SHA256
3764c55add95109c5efedd1ccbf005d777ef79518c715092bef50fcfc25515a7

SHA512
ff6c0bbd5f89614e992420180510b0004bc39fff0222c3c8830f5b641f73fc51533e11da1f57d8fd89837019bc90119fc5692dfd5d72412c5e8940c56487de03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdf914fea4b82f389222dd0cbc08a835

SHA1
0e6b4790c9d1000a10c3f237e07aea9c473b64e8

SHA256
404439f717d54f333de07397d3df6c3820138f310a42285594e909d45aad5839

SHA512
6996bb9c2b33884389670f54da37c5510913f4aee959e607d5f1a70d712ea90330d7bd3db96eecb4a4741d216337e4da1338c556c164497875a87198d6b5122b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7ba027b073653a42142cdd2b5d5ac1cd

SHA1
c75da5ec027bd124e5495b793312119191fba2bb

SHA256
b7d17470a2bd971b7fa7b68e17fab8298dbecbd91b1e92dc2fba3a2410592ebf

SHA512
7cad60eea2236d3e865f62669c7553a41a7c61522cd2ddde2bcc984457aa1734513761470f4daf25f63837cb9e98a0b84ace1fa08167bd05893e2713fd3b6f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
146KB

MD5
cf95715e89272da558e8826e74063c38

SHA1
51d2e5eb11932e89d96ed6776bf9aed098e48dac

SHA256
c37a221c2c9c177c4466949be344eee4007719c593b8ccb20da985900f60fb99

SHA512
1c8ca5a4043e97c53986f08a3a56529cc2a7c21cdb18a2c46326403861a646649efc192c1c34bf5e79c94202557a32b72594c3c2725d3c673fbaf807fcb26556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c1aa5a449249f6913a8da5d2c609f54f

SHA1
e19350d54b5a0ff1e45a78a9c13cbbdf0b88a427

SHA256
da88e6feba30f1cbe45c14ff46d6c28799457849edf97b1f1e9abb9908eb549e

SHA512
b1412cfb6cd1ac8cddb5fa33d0e71e4566408e901dc083f205b15c89e8c2028ec0930b12bce830860fac196c009d936792b2539e923452e17bdfb0f216d27b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1d3c0adb49db76cde9d17c8434f56057

SHA1
5f67ace95af1996fe664bf61a0e3e2be44e1eb6f

SHA256
e433840f83b70280cfef27fd9a5eab397bde51cd95cece7af66ecc0d5c43d8db

SHA512
08977fe1438e125906693f57b783bd7b42c24804a0a9f3b41713da501ffa9ce5026d723be5389d60c2cc396221c42a2e1b1d22142c05d2f25a01bc08ade5feaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b17f9.TMP

Filesize
48B

MD5
36d39ff081c1a943db3ac9e6784b02c4

SHA1
601cb80b873d1c7c10b3a370fffa2cb1972a6bbf

SHA256
e9ccc7f993ff4933744bc48b113b0a224418793c3a927a930cbbc1050dfe11d7

SHA512
7f1cdaaa5403ca01b9edb9db73133c6b8f5e132a816a11f6fa367c827d46a422dc5340dca5d940ea5c29b5f3a1ad04faa2b22b26b7f30884ac01b3d12961021e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
4110f9c68887278099f3d4b098861eac

SHA1
7cc5d8da44ce4c1a55d89818e7d8cd95f35a810d

SHA256
fb84a4c994ca40c6f10775231e927f72deb61999c9b6edaf7a2fbdc97f0cb014

SHA512
1190485735ab5e7b74fcc3249cb699c1f635a9561173f84d2a3e3982401f594466c2b06911bcd28ddb7fe354733c16622265cbe2c6d9fe156a858d7017823b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
73705c40de97ff2395ebce2b8bf87c15

SHA1
00082f6e2d1a541e943558cb9fde5e5eab2e8aff

SHA256
ab4a549b3d6336d920fc414655e14ee455b5f5e84f5b7fcadd280c0e5c191003

SHA512
5fd259d7e3b6c256b511f5e3d13369603b784cb76498cc96c5e0e078797f694af6281d07cff08eff6d6767c5ae790e5518b518e2c8b69ea01e1ad2c88f6b54ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
817dfbfa127527fd6acf4155117597c4

SHA1
bfd877e897c1e5d88367a1907259272022c5d11d

SHA256
cfec2a8cf2902f04e6b52fd584626bb6e9612e842a8cea7c9fea363ebbd9d2e0

SHA512
2410d3075a64b7e86cfed5d82712771dd8c0ca766f0d87c869d4a74fb467d6e3eee92beb36664c11d0dc684ddc6bede98a9fe844428a0f50d174d529f5e7a8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
411ffe0938a2cfd4846b420d07c700d1

SHA1
90e8f37f5e42096c810a0a4d81c75c90b1286b66

SHA256
3bdcb973c35f64bdf59a7ac5135b30c1ae298257678351df64c967cb800a5910

SHA512
ca60bdcd953bf63fb759e9f1ee57b989cb1b0667429ae8bc3b6cf1a48cb751a7dd25e03cade6203f098613045005fc9f052f892fe1b1e518111e16f977627297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\194f97fd-23e6-414e-b1b5-fe620947b665.tmp

Filesize
47KB

MD5
d2b3796a01780f65fa79cf980c9989b6

SHA1
f831fd08c0cd87cd6c13e7c1834b5a62c8152ecf

SHA256
7d7624fbcfb7a51098877213e3a308377b37ff3b28327d865148552606fad3bb

SHA512
56e24f9f67e4b82a7d165d830be8d1af9caa52a80d7c0c6f14ff7b33dfaf2d767a69b1a2f73a795829dd6dbdde1082207d837d1c186a5fa0cc793e5fb3b2c4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
ecf3d3ce7a6234c2d34575b2c87fbbcc

SHA1
0b4d36e769bc0776811a85e98b115e2e37b048cb

SHA256
2752908c6b9e4cd7b4aaeeb704f19b04343096ed6981d6687a914aefdd6368ba

SHA512
d6793abe58526937b58bf7494f93c195730d1757c16b0c50fab53098fd56ad6d050f04b804d07c132041e4ea18a8aa1c1f302049691250ab9ea82c2a35e34a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d9785e91e611c063a66ed926a2b4e8df

SHA1
a26cc634c8e2faa4079541779b2cbccbbfbfb7c1

SHA256
8d86adb417adc05b1a8d52677af389732a1379ae4ea5d922a935c7a9855eeba8

SHA512
505a6a04c5b5f560fc70a91bc9d9519197209c55380c608421291ac0a241b99d48e6bae3e8d254964078ce9da085c1725fa1343171c8ede338a9de1f03fcf242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
16d866444174f56021f3b8a32126a79f

SHA1
487ecf8312a06dc849d90418de2cbf7e42d8dee6

SHA256
4f6b9aa5ccb03e16a99c1bc90d963e5e105f812ece646764e00b0ee593d56c8c

SHA512
83251093985709749995d32ae849764f26352048d270e9246ffa1e1fa56eb647df327a5557a068b7e99b8a690a75e4381eea59ee2851c52d1d428d28fe9a8c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0722bdc07c7e0af9e20da5d491d811c1

SHA1
17a074413aa7ce1bfdc3ba6f6bad547ae3546541

SHA256
23623472219b27f1ed929c76d51f9d76d90ad02c4bf8d37d4da9404d61dfe2ff

SHA512
7fd5b8edcec6191f45b5ef076782154a40a0321cf47d434376ce483c622d6f3d5fa3b24288646b28b340c757e4348da7cb410ed70629b16f8f3397c0f5491dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
575d08e53ef9f723a4b827954bb316a4

SHA1
a1e62d897e5c15ec41d674ba28387f6477f1f383

SHA256
5601a1004cb39e5269c21daa0bdeecebe25b9d2dabbd02e508d3f5b64faea27c

SHA512
f963fb99c0019839dc0948bb6510d1529e97f31e2baf97d786a19e51e31d4a242569fd86dcc1d7e6bb2e72b8ecd02c456bac5f22b10968ea57d4a952d2f35f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f8c2bf613130c1c439f6b6148ff516d9

SHA1
76f778123d03709758197e53a34ce44de0d81113

SHA256
c24e15cf6f737910117037bc00f8174587cfbbf2138fa969489d95df4d5b3842

SHA512
bd58b7aee93f9b23db429164972847d61a31eef5dbf671f8a7eb1eb327cd21b3c28dd94590317e47654a937d69dd3813df996ab17d2acc7941cf9a5e713ec826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b967d5760ec2591ec18ccc1be192058f

SHA1
3f48199114b69b1b6a99d3ab0ea657faa3714514

SHA256
05b40f45cad7068270a54ed276b5eb25f36dbdf4d7f559c4c356263a7a04a1a9

SHA512
32dcfbffb279e27fcc0a58b9a9ceb1a8e66d1d50c9b28d5742e2572c969adfeb7f855abf780be31333e910115e09f29b74f7b6481fbf4e91f78af822ab69d1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
b035d64b75220579229df4343074cd98

SHA1
004cd8bc78394a9213c38a669dfec8b26331c12b

SHA256
f28bc051fcd24ebd0734348c0ba591e98d708a90cc87d023630bc95ff78935ad

SHA512
cddfcbc532cd6afc8408f576276c5f31b870ef2b5c65fd3275bf28d5525dd0b9ae71119d71be744be424819a88cc00409f530b57f724e1f26605dccd04c5122f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
1e6fae2fd86ed264e8888884c037ce11

SHA1
a360eb4e8a6fc7e8bcd9bddf8142aec58eb05507

SHA256
67dac7eb5544c7fa60ec601ba2ac8d194c7248fb7576c36c4dba5a7ab465d44b

SHA512
61d6e5a68c03d1c7d765f837f46bcd38a95b13e93fafad55d1bf930d2d9bf0fde59894ff44ba0a739f48f941e33e8ee7a98c1c3f5c1b82f1d2e649ff6c528eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
112KB

MD5
b5213e99bd617eb20e135eaf894cefdf

SHA1
711aae35a063cc65a8ce16c97d8c766b5e5cbf2b

SHA256
04fabb767f8189b73c778f03970ef440655ea4e000af392e64769c0221626f74

SHA512
77f3868ce8157643a3ee0914fd6c4e0c509bf49f744dbb5137882b02450f7511940efba7042378bbbd01aacd0e0bb2a759d8bcfb731dfeb98eabcaaec0e245f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
93KB

MD5
f5c4338074f077046b82d789cb732220

SHA1
252d2e8211fb2f7801b88e8d29b891299b679947

SHA256
1361696afb2eff8146cfdc3fa9da8325a30cdce61ae33e7defc7fd2b7175d366

SHA512
64f751224a4967ef7427e6a1b8c5d4148ef10b14e562988b7d9fa3e9a3646033ba506e8fd569860bc806215200ea2a13c9aa2263a21faecba41e0dd738cb1a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
82KB

MD5
44a9c002fe071591c9b4f5e12d6d03f0

SHA1
11ebb90ba83dfea4138bf3e900441d8c3412e5bb

SHA256
7dc57b2df871c944e79816c289f9b0ffa7999418724089a81f28a11eb3f549f1

SHA512
5a2475d8aaa36e1b14e267c83bba1322a91747d543c38e18aaed25eae3b95710e8b2a0dec6f68d6ad0f00646f9f158a83c7ce315bc3a331dd6119d787f1aecc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
104KB

MD5
3822954de1ec9a48c0db87780dbb1166

SHA1
a8e382a2840f7a0c99d02f2b05b851b30b2d7587

SHA256
fe910bc51a7ed25e0e216d0dcbc159badbb7217239230928d17d87c4310c31b4

SHA512
0183cdc3eb75567153736a2e9ae5687825fab8a050535f655ed3202843b4e859f8d761070e1c7a66bd6576ba72357697fe185842d38b58aef7e4ac85f0adddfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
91KB

MD5
4e4ac22bf060098c6f7f3649430f7132

SHA1
c53e12f8a61351836a5b2eb5f4f15bc82410bea9

SHA256
b296112252b3877dc5b6123717faf4bc3577ac6cef0e599f544b78e308729b1b

SHA512
9a461e95b4b28bb429adef3d31032f03c7c89a0d3ee424a9db6e2220cfa131c26491b0db6e27a7908683d7ab64e60f7f11b4313a376ec7b3e479a77378bf9e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
113KB

MD5
ed0413447156a48b0e6e0e45d28af1d7

SHA1
d9bc5fb0651525fe3b8be3de328e354e63676b61

SHA256
884d9d0be9ae2c0a81d6899c7b0e84d84337f2a047283a87a7a58d7791d413e7

SHA512
1300ab8a5cf04ccef1fbb3b4e7b5ecaf1e104f846c2ba31543d15a21ba48b90e165e86e8f6ba044c60e858629cdeaa7beac78a18e766b6aa2dafd5f991b26174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
106KB

MD5
99ad492a4ec9b9c30c832f342dc3cc3f

SHA1
630dc5365e9ba4c55d634817c4c9f87bc9328241

SHA256
7f568c13910623a153749f691f385992d93275022e49ddb5c5d54e9bc2cd295e

SHA512
1a5da8ddb5401baa103c3999f6d0c33914b270cee752acaa2ea401eb159945ef61b7184552713ae37ca6974a05bd1d5793ed99d676f3b7253c569372267b8aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
109KB

MD5
e99181a1a6986b54b1d41267efaf76f1

SHA1
0a5d9a8e9d26347e973f848d9a86762ba1ba8587

SHA256
2bfc579444e71f8c4320eba53d0d7bacf8a2332cba7983ecdc847487b80d876b

SHA512
1a1bef46bb4583e741d323a08fa774edda60092d98ba8974dbe16c0f029c73645deb42369a5301d0ab1391f2b6bd71129cdbd73968fabfd5cc6af9ba7ec57f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
80KB

MD5
5be0a8d3bd87e57f6dd553fbd9043b76

SHA1
078e15e3e1f12f0f6707ae8992e6b53eea05c546

SHA256
919a415598f8e6de9a44b895c3b017f674f3651ff99ec63e2a75687d3dc69ef6

SHA512
22c895e497eae54cd37ee424ea3574f29976f2079d8d81c9584119ef3ed5a22c19da1ca9a69e73485483732a67205105b403bdce8ffd81b9858461770a0b049f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
102KB

MD5
560784d74d250c807cd826e00f36fe48

SHA1
337b7c6c8c4aef2a537468a5d99ea2ddab4adaa9

SHA256
f6f8f06d00628ab0b54610ba90d8f2e09d70dd5b080d4a351326cf6466be7c0e

SHA512
7139ef550574d804e0ae5fb04a860c6d23b9f061697cb2fc1658d5818808d67a49fb167d13055f2256a90be33c52a520f11b7bfca618e6d9842a6a464fd55824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
32KB

MD5
cd3ed9974c93d293cc7c430f5ccc158b

SHA1
3b26e9f3abf731640f383e699b53c66b738b48c6

SHA256
6e375844cb9fec4cba5580005e89014698555b74756c994952cab40e5bea3c53

SHA512
d46e471cbca4d1336486e374ba4850e7f37a28945fb3d203f9d8474139f201efec54362f612006278c57b9c054ae1aae4ae038f7cd52cbc52cab23d02ff1ec12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
97KB

MD5
263b5557334eb275c6b0e9864b173d01

SHA1
aa92ef0051f7bb0738b960d05a74bf86eda78909

SHA256
efc4f6aee704b914e1ca20783452455e61cea1cedf009ec0f9f74ff9dd09fffe

SHA512
fcf83333931d222b2d9fb09a13bf959ad16a1b56103d8be08a9f945ea32c156a68a560f367f8cb5febfacef0712095101907e1cab6cd84a586b82ab7d7ea935b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
116KB

MD5
9aa0d7967e407805d89e6b5b7fe2eae9

SHA1
a9f19de064bb51a0c3523e17755d705d645ec008

SHA256
6f948232c163cc2b8d3c858b0a411c41a55f912b72e74f0b87433c4b3243b4dd

SHA512
a338099c0ef989814f057796520644859d6f32c16930bb4afd98394bf7901281b893fe737c11842d02f87394a549492933fa5b601d487ee6f701611f7709eda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
32KB

MD5
ab28b125527f320b4d0932fcea0e86b4

SHA1
dc14a9b1f4b1104fad932c967f2123d005263328

SHA256
9fb7aafeda5886a20287bb35afff9ae51bd5dabcc07b8da555e1a6ca58fddc04

SHA512
36677671415e3c5eff64c3a81ae11714c32095c1141db69a36949cab7df7bb91687aa912446028008f05687d0bf45b33127dd9dff72d59f231fcf2c47faea931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
103KB

MD5
038875ff91e37ed43aa64a08ca0bc16c

SHA1
173c7259de50c80323211082221f501305c3094a

SHA256
bb040b520308a664d00cdfbae65c63db33cad8800429fc6bcacbebbcf4e11d30

SHA512
43d2a4097f576c2e319ecbb93e6bad5b5af9d9fbead785f6146d9bcaaeb07e9dabe2b82153da01432ff2e067d30407738b10e38b605f535e2a889704b06a7dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
94KB

MD5
2c2b8d4ce6bd0af1317f6718ac0b6860

SHA1
a66f595399490d1157589ff17723301d8a2d0f23

SHA256
62ec4c2c400a9270b1fa2e4c216e60bcf45e177c6d5fb572a58b5f16008bc8aa

SHA512
d053462c05b6dd44253f1f08e64b4264df396475688292c598e997724c304a3fd10c42a6ebadadab3fd3b5488014cef7c889424e8632b26e38bbfbc0d74419db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
24KB

MD5
f9d97bbf8529ef80d828b8bf73632c8c

SHA1
41667e3ab143a12cd15c333813b193224b888df4

SHA256
3aa1dcdaa93d0bbeb556a51d7acead71e2ad9dd1528eb9618ae85be8264f0cee

SHA512
686228d114b6ceb4beabdac4a7e2dc663be034cd032ff5a352c1f68b7f1ba7aaa9e3048e8efafddaf423e0268805cdbd28b7aa616a139a6fb8292b07fa254423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
112KB

MD5
24b261e83927c15caebddadc11764772

SHA1
c914b7e7b4d434a935067c4b2027caa147791e49

SHA256
0622ae7bf7b18b80bd89f9e86f4df3d56ce35cb48253ecbdcb25e1e3f0507b9b

SHA512
cec91d7bd9195e1a09d1a4c87f0ba6220f0d5bcdd5078896b87f14ee4bf51ac99179e248b099441f6ab18cff707fb1d01b584735cb820348ec572a157517dc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
97KB

MD5
af53f6286ac2c1dc0f538f36e7fb59f1

SHA1
5e8a2a0482d2273f52e4be1c7df83f954734fb1b

SHA256
7e681ebe04a6f5fc6d28e08b5ed6a0c8784e44e3d40834daf839090fb5182ce6

SHA512
22a6cec04ef8fb587debbfb9f492d855cdd89ed8f56c726687f27ddb250581eb735aa3d2288d336a16b380bfca2b98fe9092c72ed497ec13f5826859a98312a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
100KB

MD5
0745300dfc57c14ce5c83a6b29bde4a9

SHA1
9225460653d84ab2f7524c268c8e6a950af3b252

SHA256
37afcff4234282351bd40bdb17002ad3c6993060a518f9787e4545bed6db8c26

SHA512
909d0ab73d341057f17a8f916fc5451ff8a00629a58fdd44f54ab9ea590a530e4f962898e426f89c53cff6ac8c1fa5239ccd02471bb296ccb3449ebe874b6789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c180cdd7f3b6b1f44740eb85c2fcefd9

SHA1
50c5415945e67cd8bd9351dcc81d3b27e6b0eaf1

SHA256
1a22c6b2fb8f8dde27d8f08d6919a5ba31369c648a05ce055ebe9941adc5a8f4

SHA512
21592018018428912384819da1367a23c457e5c70b473e4a3021fd9748831f5c0887be7c04a0f61937a457c915d908cec661f2f12b439662d7306d7dc061895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a884.TMP

Filesize
3KB

MD5
d74187beb13db56bbeecf3e5d857cd22

SHA1
4c3c834e2e6c33909a03f5c5343a0cc5f831fd5c

SHA256
aeeb328c796011e7d6e8a85c8cdc1d3a566e289d6c15bea68989dc283610218b

SHA512
e2556fb7be1e818a7bf4ae358cc30f806bf72fd5a381dcb1e24cc21ba7bcdcade158e267d8e7a0fff23fa84a73854ae8dbdf2ef09199e58e9757e944b4e4e298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
82363cab5e77e6a75f6f8531d1bfa367

SHA1
e9a8195cc593edf3f6564acb36cf6cc91c656e35

SHA256
528b49d933c60f7b694788d45e845cbebce3e03669dbcba972a6752f6e1c115c

SHA512
49b01f7e68070c6a6a934bfaee194bca4fbe413e0838c1120bd54519b65a08fc1745fd82d9756449eb06310847d541d3f421e5a6795a77f8e6a72990b09d584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4a2c3d229b59184e5bf19af83152205e

SHA1
10d88e322067090205e34d97901b119bfb846e67

SHA256
20cccf8152ca462f4c63288de9fe4674ee4e295b5a3ad9352c5d3791c2f69e42

SHA512
dc48bf0445ac72628808781ac8e41f9fee8fb916a749ee09b30b7dcdd60064a6a8241e008773dcbe8ad14905f68ed3c7379402a67df20621c153bb5db1cb5932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
345fd89ad871bd8211c997d87ff75fd0

SHA1
f744816d4bf85409b05a02b03a5dd93a07a15416

SHA256
31c13d2ae83696554795c5fb14bb92de635091721cd076b5c90033f91ab617f8

SHA512
04c6f06057982d38ba9e4a541bc32720a9518208236ef6e9662c9b3e9e2d6d6a8e3146f8e8e60c91589ab43511fcdd10135666e35743f3d6c1f405028cc6b6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
861b6d55a3e08188ccd893c08c58b902

SHA1
7821d794136c167a2d205661f075306420ed1e50

SHA256
00bb36d8e8b0b8ae23cb9230cbeb3f704dea5baf5bfa3903952dca821b76e89d

SHA512
ab48e2fcfea8ec5e5daeeb1174c45bb6f616b3519f9bc9703c1b38e31913fd8e8a3c61943aa5c1f582d9e213391a736e57ccaad45a4b185157b00210d4e802cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\b2cde729-6e9c-4f6b-b3b5-0bbea9ee83db.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
535cd275376dffa9ae3927d95dfef8b9

SHA1
64c6f36c6048b83c460649484469e466fbdb591a

SHA256
77294cbd191894b569125c56c8d79a625acc69b1674d7d51537d4b01adeb5f09

SHA512
67bded592a9c11536ca68bf708947b53932710d2a81f31407f59565911ff35ffbb833c6bcbbc3e78553ebdb6e37ea8013d93e0f944d8da4c3592a4b42eb872c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
abbee223baab38cc84b639b85652eece

SHA1
76c8308b329a956fc5c26cc5d978d1401b69d8b7

SHA256
2989a47dac317e2349043df58a08ea4b264f0fd2af88a65c59053deb72a3b0c3

SHA512
94c12cd75b45389c9c4e514b2cbf4e2f548d3a965773763dedaadb999fef9dfa7127ec38ebe41e4af934f13c515ce9bc713e681169a504bb4c044fe6e8c65f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a5aa3b0345d849cf46a693b476e8ed22

SHA1
ab8aad4ae7a18e2ef706ff1ee65d845f63fa6840

SHA256
94f998674ba565a2960b260da133dfdab50a6ae2e2036a41f0358d9efebbc0d0

SHA512
fc54d480d3f681b13ff234fb5e17646a788bfb94907862c278bc5d810a12d76376a8ba65b740772f45edc594442d56c52a5f8a64842b12670ec097a9bd28aae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c939359bd6899b7ffbed1cb535513f71

SHA1
a81b5abe95800831f420e71f86fa6a9e9e5d673f

SHA256
088ea623864b075ee823a9b7c79a911252ce68a4e739ed96bd719e45ae5f7570

SHA512
091b313431fca6c81ab4f6eae1dff0498ebce3513384f098aa0df9f9517e5fc65c8b0b959f158a7883ac8b456c26a3aa907d51edec27744422d91902563a6121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
15c7a5b785c7eef09d28f5d176542fcd

SHA1
0e7b64430ed1453617a4d916f3145a122f6ff042

SHA256
0bea549519e135b4d43d40d5147bb91c684a432ef26063e23c0a269e1709fd92

SHA512
bc6411887337f8da881a171a971190fe96bfc6f0a1706e5a21e0d1aa11f52955a87e9110b35ecbe74535b537d5696dde0d4c1749a336e94f2b381bb1887a96da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e6dd4531904b8aa6b278db6ea5018bc1

SHA1
33ada117210abb936fee40ffa00965bceb7a9e9f

SHA256
eb74ad115d574f389621a46b65a971b628bda48485c4f409d2fe4a733047fd5a

SHA512
c60d06ff9e28b22fb58a3d165b0b23b4b4de28f12e6709c0a8a1775bac50b61ecd4740c4c1607332d409f8dc83e4d62b370270740114d1f6d4aaac63ff0f9a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b083.TMP

Filesize
72B

MD5
3c5d792973829f52a0c8a4c176d1816d

SHA1
0626a1d58f68bfdb230547ea2cdcac3ce589210f

SHA256
592e3f67ffc0601924dbd31dd416d7af44f8f12705754ea65620369edfc8fac5

SHA512
9ba7b281dbb8e2b18a27b8ff49aabe97c161b6a516e367d1b49c7e4790e0df72e79722b95116224f142c4b2c86f8d4ed93f2fb71e415ca1a7c21a81020f826f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
aa060cd71fe30258bcbdcffccb8dbd82

SHA1
4ebc124bb6a636d0d28a29ab0dd6c5374f4dd319

SHA256
0c90bd9247f448cb35984d2655629f8d5e1843d2dcc31fa3fd07b5daa9ff55a4

SHA512
3c2d191fb329adb143fad6b83bbc9a508341be0648bf676bed285c27c84020791f65e7b5a6fe622470ee184d7c7c9a5485c2a453a2ac5138c9c66d66eb9d7de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
7e31538531be090cd95d127c1fd5c152

SHA1
49747d9a7929e5cef8881ebfed3c67d9a11cb501

SHA256
b33e5b018ab665902ec48c849f8cc26bf1656f0d951cfc29a547aa4c6c67fd00

SHA512
59210bd8e5087afbcd96858eb0b58436a5d7ca860f586473047bcdd6996570459719be73c5891a6b4c00a8d95b51cff1db1c56a5e0735d3fa356a886d2d3e5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a19b8233-67b7-480a-8760-ef1fd6b52432.tmp

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
874B

MD5
abe86e79e3ff27c72849c11762e88cde

SHA1
cd1d3062311d2e141548af6f3a73a2f7091988bf

SHA256
8991f82fbb6c5d20e3b97196881e294a2a776e91080ef83380f307138833489b

SHA512
201b20a7b611bc5be20cfd717ed4b717f9ef4adafba4c7460c7299c65823c6a011fe4cfcd1b5fd5218688c1e736bb352ec839755a24512018a09a73494696267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
075e35700e5501c58a7030f87b1acca3

SHA1
392b6e5f34b8f8f533c7cc3b452fa395177470fa

SHA256
9e525e15f5f9b112de1ad92d3008c7114f94bcc5fb5d227d14cd5b7a2915d1bb

SHA512
b8ce4c34656368930555ac8aefbc99047634cf4060987961fde44f6190401cacfbe5f43cece110e710e7bba9d70713224b76fdf866fba82a7d365ed33c009c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe591e8a.TMP

Filesize
465B

MD5
0637d49e9da1c914e102dc58a3af9f1b

SHA1
11a3f45f934e6ec345ad588e182ccab7f355e569

SHA256
ebe02be261736e55d51ef92bc57b9b5783756e283477fad5bb47b94a3aaedd0b

SHA512
39384a21f492ce4d4c69d58cf58549f8c1b02f8c17e6272f07d32da8b282b0c700f3cce92f746297b5fdf6cf30dcf36eda2594b461a4e3979643c5ba304ede7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe591f84.TMP

Filesize
3KB

MD5
47430e0e9ad4838b6b88191b7966810f

SHA1
8933b4ce19e396751f93687305d3d378c48e2e0f

SHA256
98c1f419b9efe0d2a9f4350442d90916bd07593d9ecde4706030d1502cfb90d2

SHA512
e3a4e44240a11ce2173acfe66f6b52bdae8fc9c97dfdca441700ab47b5c73a46b71405da95a2cc08c34507fddf4349923c33da57da244e45b5019b9898e6b65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
e99ae07a4fe9f0fe72fca42e269d6e7c

SHA1
7aef66a9f3de3877130e1e594c490255d84b20fd

SHA256
d4d4eacdeb4387b0e3fd1f88eb11760dcfd31e4cf77612268e13f3874c31d53c

SHA512
92e510fd5608002a34ed09d7c937fe9a40241e3fad6fe3e9b5f4a141c384236d9b0234b933630526f2a8162094895bf32dc42dd756eae2c80ed23afa1feceed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
91b6f16b597ef0275b46e13c0293a8c4

SHA1
5b46e3573b70c4cce40c0f56e88da842c175008a

SHA256
081f03931d626e542a3f71678e2b35dd158d3650e371d5bd489b70b90dd95cd1

SHA512
301d42da111bcdb0e8efd6a1424f87e05c2ddc8d9ea364fa8369e578351c0cd0e47b5332518657346686792f162ccf2556e71a209976046c04d24f5458818654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
138c7520496ee9c8128f7a79c52d96ac

SHA1
70302a2f51b501cb5015277fc2978888c869be14

SHA256
221f45e5dc69f319a4779a569a472500ca02553ef58f375a9cbd302aae718cf2

SHA512
9031b86b901f5993dc91bcbf901bd620c56030c692bab92f332e008e61e155c242d77201f196f989d15283e9adae5d3c12f2ef63c7a3a86f2822b83289165948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
4eccff37808eaebe35540bc6d275e74b

SHA1
8e726318abc4ee32043b29c93d2ebe7a36bb425f

SHA256
317f7c4c0754c6880cb79bb947454c013ddfe08025c718c90473630a688cb152

SHA512
55d116323e1755a3172eac00c306f4f6986d0e0e84e9f53d6700fc1df3aae8f3d9b340704cde9d08ac462d6cc86f36c78e97b6cba0d497ab3b4ddc8cfba5ae07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
6dcd7cc1c4426008cb6eb40075d00d44

SHA1
0544de433d0057f4ab0d6eed5cf099f7bc49787a

SHA256
f1588292288a7ff3bc986cacb15005815e91239e3064e87da0940ed23e756c0d

SHA512
b0236d0c26cb0b1718547fdced901fa2157781e5b82e530f0f8e72910d0af3bf0fc0148a24c64bc6fb4b8838392ecc95ca9f826421ec8e21cba8168c56b28e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
c8dbd6931e1432bfb92f028e721fa25d

SHA1
df52c3611fe18d97e5a1f82222066ca1dbaf34a4

SHA256
3448cd396cff748d4fac20b25f6b5542d654b914264cc92ea941dd37a7819861

SHA512
a31922f4f8097b251208f7a4e5f10b3534ee7089de0eae872ad0c1566aea588072ae5fde3d2b3337f6c711b062eb6285525da138b2d3930d7693140aa92f58ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
80f896c69b1cf96e88b1635451a431fd

SHA1
0a88d94f76e72ffdaf419cf44fdcc1169d34ab8a

SHA256
70413a22890e8eb7a804967aa790f8a6b93c327b35e518a766e89983a67bc222

SHA512
ffaccfd1222b8ab8c7a6973b2a57296daae5fff28661d78a161573e05571bc0846fe7eb35dd3b82fa76967c53638a48cbb87af1cbf07860441f752a4ea4464d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
37KB

MD5
a4bd097b56ee1056cc9bc6174e9f1161

SHA1
f4a663a071119d08c56c3d7b2c23a211f9d4d661

SHA256
78cc325aa46b601ce3ecbe797fec5975b4cd5960fd658ff99a658334bcfa5a3d

SHA512
dd0eb4b19d592af1b67fbe895a20ce60b6ac4bed084c0f07719cbd11a24f9b18f87ac0d48ba59b249b1c1bc89ac9c41723c55dca6d56dd00d0d9940f52d5f8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
f1b073e546007380dc4b5f50591a5ac1

SHA1
212aff3ab26f6989c5dfbbea2ec636871b0bf1a0

SHA256
40a0549c20dc46bd841695321bc5d3becdb1db809ae3c7bf2dcea51a19f2206d

SHA512
96daf08d8ee75a5c2419fd3ca063b5c684948f0b243e8fc94330f661490009390720473b25ac3ea813ecea9e5977e8fb60c6ee8320c66e33aeeae849241e961c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
561f02a2d76a9f8879360241d6eceb2b

SHA1
9cb02f91877fdb15ef1da7aa5b027dc8f5760e3c

SHA256
fa34e72d434040a5cfdc22ab2f76bf54ce7b9bb785d06567a7cf7474cc85f763

SHA512
89589b2f96b60118798129d2cb7bb1ea75200db2c5b9499c2c56957dca12f7faf151fd005810f0dfdaf85a4012005a5bc680e609ca942249972718063fc2feb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e6c24098dcd1f7b7859410274d2fa810

SHA1
6489c9263a127d70ac93e138a42063c3f42d297b

SHA256
1c9cfdcc214f61cf635f96221977765b85cc541d403bf9ae323dd9dec1d6ae96

SHA512
897bee85e9c3c18927c6ca3d81b42b1afc32a14cf9804e4ed19deac3991456e8bc879d5e86ad3e5c302dddc001819669e7cab636e1933588f473ee9fd6d93f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
efa11dccff76fe5973429d0d17ea1c72

SHA1
aa55242b8649670d80e93df17cb60b8965c2c93e

SHA256
f6230b39150d8bfeb3390252a07c991799ccb1f53163dc4354d22de2beff9db4

SHA512
3a220b4c6814452d089e2976b05b082d42088b0ea14331b30a85441aa51554b8e1e4474259091d57dc5ea62640c0c01f29da76b8d7ec5b5190673f6f02ad07b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f5842d5-7f72-4394-83ba-78c1b71bce5c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\987643f5-0479-4baf-9137-2457b374160c.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s04smyab.agy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\b685b696-a09c-4ae3-bf1c-ac4ebb0339d3.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\WinRar.exe

Filesize
3.2MB

MD5
b66dec691784f00061bc43e62030c343

SHA1
779d947d41efafc2995878e56e213411de8fb4cf

SHA256
26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

SHA512
6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\an.txt

Filesize
7KB

MD5
bf8564b2dad5d2506887f87aee169a0a

SHA1
e2d6b4cf90b90e7e1c779dd16cbef4c787cbd7cf

SHA256
0e8dd119dfa6c6c1b3aca993715092cdf1560947871092876d309dbc1940a14a

SHA512
d3924c9397dc998577dd8cb18cc3ea37360257d4f62dd0c1d25b4d4bf817e229768e351d7be0831c53c6c9c56593546e21fd044cf7988e762fb0a04cd2d4ec81

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ar.txt

Filesize
12KB

MD5
1c45e6a6ecb3b71a7316c466b6a77c1c

SHA1
04bf837911fa31ffca8e034158714b47f6489d38

SHA256
972261b53289de2bd8a65e787a6e7cd6defc2b5f7e344128f2fe0492ed30ccf1

SHA512
5358bb2346c9f23318492b5e7d208e37a703c70d62014426eadd2dd8cda0b91c9d9c2a62eafe0137faefb38bf727fd4d5d8dc18394784ccae75ae9550558e193

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\az.txt

Filesize
9KB

MD5
81b732a8b4206fb747bfbfe524dde192

SHA1
4d596b597cf25ff8d8b43708e148db188af18ef9

SHA256
caec460e73bd0403c2bcde7e773459bea9112d1bfacbe413d4f21e51a5762ba6

SHA512
8667bff18a26fe5b892ecfdc8d9c78ecc5659b42c482e1f9e6eb09f7cf5e825584851cd4e9a00f5c62d3096d24cc9664f8223c036a4f2f6e9c568269b2fbb956

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ba.txt

Filesize
10KB

MD5
d83b65ac086da0c94d6eb57bee669c2b

SHA1
6210f62d41d44cc280f44b39accf10da28424b75

SHA256
2901b54f7621c95429658cb4edb28abd0cb5b6e257c7d9a364fc468a8b86baae

SHA512
56c7ecb4223103d81ffd11c214cceac20e7770b82fbc78a5e82e6dd9d589cc319d4689bb6d9027e5d272097e1b33ddba27a8414fcbc29f9ef68329e343004222

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\be.txt

Filesize
11KB

MD5
3c21135144ac7452e7db66f0214f9d68

SHA1
b1ec0589d769eab5e4e8f0f8c21b157ef5ebb47d

SHA256
d095879b8bbc67a1c9875c5e9896942bacf730bd76155c06105544408068c59e

SHA512
0446a0e2570a1f360fd8700fd4c869c7e2dbb9476bbdec2526a53844074c79691542b91455343c50941b8a6d5e02a58ee6aa539cc4c4ae9cf000b4034ef663e2

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\bg.txt

Filesize
12KB

MD5
833afb4f88fdb5f48245c9b65577dc19

SHA1
1a6e013226be42cd2d2872b1e6e5747fab65fe8a

SHA256
4dcabcc8ab8069db79143e4c62b6b76d2cf42666a09389eacfc35074b61779e3

SHA512
05bbc7abcfd0a0b7c3305c860b6372871cf3927bbe1790351485a315166e4cbdf8d38d63e01b677bdba251ce52da655f20b2d44b997d116a1794c7b3eb61ef31

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\bn.txt

Filesize
14KB

MD5
d0e788f64268d15b4391f052b1f4b18a

SHA1
2fd8e0a9dd22a729d578536d560354c944c7c93e

SHA256
216cc780e371dc318c8b15b84de8a5ec0e28f712b3109a991c8a09cddaa2a81a

SHA512
d50ea673018472c17db44b315f4c343a2924a2eaa95c668d1160aa3830533ca37cc13c2067911a0756f1be8c41df45669abe083759dcb9436f98e90cbb6ac8bf

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ca.txt

Filesize
9KB

MD5
1657720023a267b5b625de17bf292299

SHA1
0045dfafafb9c9058f7d0d6a6c382959c5a67fe0

SHA256
ed8748da8fa99db775ff621d3e801e2830e6c04da42c0b701095580191a700a6

SHA512
e7998f6484370e53db9cdc80cd55070e408aa93161fa59e48c6e2b26462d6d3eb774c011212840ef1eb821a5ba067b6706cd4ca2be00619aecd24a11e6ca136f

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\co.txt

Filesize
10KB

MD5
c76b8c615c11469d5f6dff0abf39171e

SHA1
1906cd1ce4712d79d129fcf32fd2ff87368081ea

SHA256
5470b36a4a715deca06035333a01e0a2899fce1cf6c29a6ece4c35cfcc843cfd

SHA512
c4920988538810b9501c6790a2ed4d4e82500134244b8ae1371f3025bffbc7e6cc73fe1a9839aa2a0d020f2b9cbf0fd09ec99354cb2a65c3d08af519bde38384

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\cs.txt

Filesize
8KB

MD5
641b90f9aedfc68486d0d20b40f7eca6

SHA1
0a683dd844534905336784fadd80498afe26f6fa

SHA256
87a4b9369fd51d76c9032c0e65c3c6221659e086798829072785be589e55b839

SHA512
567cb9f6c31d196a171e5a9c2726a39a9b3d351ac92d4acf8624213a68c9033acc31afaaad82aa9f5359f32d3a0ca40522e151b8370d553a41abeb6a6e097078

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\da.txt

Filesize
8KB

MD5
d8aba2da47c1031832957b75a6524737

SHA1
b83069ef9f7a08f18804ae966b8d18657e2907cd

SHA256
f65026ae33d4302a7ef06a856f6f062c9730100f5a87d5c00fb3feaf5fcd5805

SHA512
82b5f4ab8e3e2310a98be87b5cf2cbf04b7aeae1798cd69529325ee74add40bdca38eda865a821f66436906d4f3224004f690cf406b532e116475d2b2424b570

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\de.txt

Filesize
9KB

MD5
40ae22f5bcbeab6f622771562d584f2b

SHA1
4eaa551055ccfa0076766b7bdf111de9dbcc1c82

SHA256
06e5265a2b30807296480dc0b0d3a27e41f1381d61229e4eb239c4930d14a43e

SHA512
581a94dc12fe48aebfd88453351697aed9de5b1decf4c5dd53cf4db38d50727d3b887498f0bee6bd532cfbdc8af7bc01fc8d58ce0c3f6fac235bc6ff3f843125

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\el.txt

Filesize
16KB

MD5
812df218dae08f9f883a7455015707b2

SHA1
6e7d7d1c8e783b9b913f44df515f4d376d3502c4

SHA256
cf90a21c69a13e0d674b6b74e2904f7d9d3bee594d89862155d94105311f47a7

SHA512
51c3c6151b47fa5e3968604cc2385c5d0984ccb96b8f92982bd28440786e1b99826aa70ae1232465a3469ddb6c50d13a241b6a979387eb47bff013953db1ed07

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\eng.txt

Filesize
7KB

MD5
8d7264236adca0407fa61d942b7e575e

SHA1
21861f62751d2e3d452146ba139e758f20da6f6c

SHA256
628366cbe1964564f8bcd0732abfe08cc3f9a86fe761e41abb41f84f7b6ba00a

SHA512
74ab8e70fc3a685ae715368df90e9f6b9630e6dc1091436c244ad486db3faf25bc59ac1b89f90e935e7eb2c6766e19165032fc24824ad8af932ad95a8a34172b

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\es.txt

Filesize
9KB

MD5
5a449308a0176d6401181bef4af13765

SHA1
9d8bc3e801bcfb43c7dbfab94ab91a4079a2070f

SHA256
7dddae25296f14c1f45ac032d9c950c3a8d39a41489f9d2b06000edcfa7a6660

SHA512
2aebd25219b12d88bdf7a4a1b90b6b13b4ed5d4215e15d2316494c56b7d696eeb3252478200bcf0d84160d11979f5a71c72ca110dd3e28e901cfdb13255c45b0

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\et.txt

Filesize
7KB

MD5
54d610c174514d0f60b382249885963c

SHA1
4d2c22ba3da557a3e8641f8d5388123d96c8259f

SHA256
d3fc7e1dd6f0486c99997b75d9d8c5592da6cfb9b89c3ec4f59e7bc5826b3456

SHA512
80d51ce4dafa9967ddfa7a8bdf4f62351fa085a7059bc63f9427e0a5e70dc21cb917057f1a41b5e1a218138141dedcadf02e18a0f028ebee8316aaf4ad280d59

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\eu.txt

Filesize
8KB

MD5
29ec04893f6b2c9058a8f1e0beaf9081

SHA1
8e7b5a0ec24153aa7be02f0395c003df02cf6a09

SHA256
536d93ca6d7c96d203b51333c4e78de2429f78d32cc321461589626759c84127

SHA512
b84e6606a5f58392de5c5f8113db10b8212a82bb93367469284ad2dd9a961bf381e3d230179ec19a32cae7a266cdde7290d95a262dea247b267fdce905f89972

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ext.txt

Filesize
7KB

MD5
f048977cdc74ff4d1f045fb3fd5d0118

SHA1
4d44f8644a0d41fdde9f7d7732b197a4ebb65dae

SHA256
3cd8b8633fbc076ee07bf58da6e01ab692df461381a2bad4ef5512c653da46e4

SHA512
48011fbffa45f8809fc6e7d1e8899ee29d4cc6be2cde36484301e71a3c3ffb85cca6cca6a9e9e79af5355b1309834f67d62100ad09aec852d152aca3688d129b

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\fa.txt

Filesize
10KB

MD5
952328b44391b1d4196dfe1f832a16a2

SHA1
7bf9ced7d272d2df60d2d3984333a6bb26a69377

SHA256
05851ba54b24d7fd45179419aee91a2d40bcab62e6aab99c1a92189fb636bbb2

SHA512
34cc2908320e349d04babf2e5039dfc18b6aaf9f39bea6192e9d53bced3c661c847cce8a17b9aa6bcb941390da9a7ac40b28a93903c9f1946152a7fd93f43aef

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\fi.txt

Filesize
8KB

MD5
7ac9d88f81aacef8759e510e9601a4b9

SHA1
249fe906a2d5a8e084cad76e3e67dad26c77bdb1

SHA256
24d66c5733314f3f72b7ca0f5ceb5a3246726dddefcf2f033715188edb062db5

SHA512
00b67a09cc101c557b7c9a5ea623e654407a953fe87ebb5786a7a2e8ba1944130ba4026a64bf83952a14e7a7c719f81351d8a84fe0b3fe9ba553e4796e7a7ec1

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\fr.txt

Filesize
9KB

MD5
b1b6e1c3cf5247ec1618a88f9853d54d

SHA1
0671cb77ad76f9e27237aa538f8efa6bccc40de3

SHA256
cc283e9b0c1822f757372c21f179710c4592a2f7755e706c48065bcfe70bba5b

SHA512
045422d358b3348a1e52cced12d70757a7e6026801113eb68f07a399acc75b6ecc9a1a4401cb7a65506c6f61d4fbb348765b0c80080072bfe06e0500cf31b0ac

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\fur.txt

Filesize
7KB

MD5
dfd698a0f6ed7bf405a8fdd6f33b2315

SHA1
a8cdbc14ad118c61d484cd62e8c4e7d1141fbb4e

SHA256
fc944eaa7883341372ebd5ef0e2f236ca248b2996a902240a75218541b600e72

SHA512
07c5cd9ededc00fc28f878d83d327d91a91edc236b51d05cd8171e43bb175072fe9bf0a4c89d09e21441d8192b08e5c3e5e156fa132b1c657715a5b7cb0488a6

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\fy.txt

Filesize
6KB

MD5
0111890c0137974fce2d79b6d22e5686

SHA1
98ab055fa8bf5f410cad55627424d6512338a4a1

SHA256
9fe460264af4abd9ff23eab79387ebb52b4498758645cd5721e75fd7b747e536

SHA512
86acdb4d62bf9c784bf21999cba5fa3674e70fe5647fdf1dc6a9c5b3cf9c182a18272d9c8400d997bb09e12c908e08a87a951c3d0156a134802e00f70dd1ad90

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ga.txt

Filesize
8KB

MD5
b4295e254b9dfc90e0093188257c007c

SHA1
6ae9b959a752c32fab8407b3aa277f300165a579

SHA256
406669ecbdf562e773b9cdf831cf5f63c3dd1a012c3521a41227c9141511d959

SHA512
cc4671a9312b7f41ddecd2e02d038affd58bbc62363b811f15f10002c82ae826e060f5ad6e2b1fd75557b3dc3bbf12b6e6900b398623cf547e3727ccaa6bf8e1

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\gl.txt

Filesize
9KB

MD5
492e51b4b5b287fe2b90a5f0bd433847

SHA1
f7e1eba770d3d07d0e8c2bd61d556508ef0578b8

SHA256
54f676333ce58af67b839b0f0470f99f405b5ce7fdb9c345a19d00b6423277e5

SHA512
0aa1df55256324b24b495543e4abbefd776108bdd90d3155d02b1c10f018bdbd1700c4430848dfbd5073a374715f8510efb17ae1812a9aa44b65e50edb23de59

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\gu.txt

Filesize
17KB

MD5
410c8a33c66b4b2bc707e113d9c76914

SHA1
81a9f3618168dbecf309907ee74591ac3b1297b6

SHA256
9025d8a58e0c76b186c943ef8a73a1bba6c08945e346de14d3c255ccfa3a10e6

SHA512
a520cf2dc7e9f653bb08c93c657cb8e2d1142e86c3e0bacc44457cba5ede044e91ff01f55139c5aeb7b3f26e51724931ea2b2bb20a058c4b9d888a3ae8766021

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\he.txt

Filesize
11KB

MD5
1b53819f8d58fd734b5fd985756b557c

SHA1
8759783adbd62c6f32511313babb9d138fa0a150

SHA256
dcd061a0a7b29f55fa28d4396f60881836c2df07cd936412c476a7f149540cc4

SHA512
b7f0a16d9d02434e7d1c619768dc1d67c163ad6630c19630c405b5934311c41b65918c61dd5f27555cf5cf629411d57fe2ce04fc6c99a2272d4689b69a078e73

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\hi.txt

Filesize
17KB

MD5
a0fc3c3d880a54918d86b40ffda12f23

SHA1
34fb9f1b5a6731100466f66e193ab5028b3ec1be

SHA256
8cce5e5a846196dac3649483290160177f47d88a7dcf0e85acfd3131856a266a

SHA512
bd1f17d76699f177ce6df4b69f82dfa777a0ae20e243d5fed0605fe951a79d8ae54371b07eb30f075161c108f46be1ce21b162b66cc099c02adb6eb6d5e8f158

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\hr.txt

Filesize
8KB

MD5
a0a8a75560efcf15801c96e6d71becc3

SHA1
b3f7b92d2a13151a14b493108a50a8365c46f6a0

SHA256
a72f01215eba3be3af6659129dd20f7a42d74f1da08658a9c8ce8e303c3e8f64

SHA512
d730c0dc30a299b6bab1b8cfae64d8d4bdea121e651641f578b0947bf5f67669f342ce20198b26fe7881ec99baf290695bc460828198a997b4e59ec91396c217

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\hu.txt

Filesize
9KB

MD5
eebea9c4e71a5d2820f5e8972822800f

SHA1
e9f5e741995bf92266e5b6d6891896e5b9cc1f42

SHA256
ef79e98fc911e0d0d16bd061a65f50f5e50caa011699852e1608a2629b8ba37d

SHA512
01b4bd586a1b2629b94dab877510110e6fa1286eb9cdf7882539d42466609d830489ba450e7e7cc41958f463227f5376151f912591aa88c7866182374ed574a5

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\hy.txt

Filesize
13KB

MD5
1362c3c286cff992117d5466bbe284f6

SHA1
faf50ecdb6db6cd6ba9e0ae18e7fad64511048c7

SHA256
d8f60bf92541d20d01f6ddd56d49f25519303fd16e285e18080be6815b74b8a8

SHA512
1834fe901b1182b793872e2a822801966abdf312873e15877e589b9c6a58d04e06a2c60b26d2209fe7048f7ea9befe0f6b39630eb4c5578a54735b6840677205

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\id.txt

Filesize
8KB

MD5
73b9f189f0c37d7cf37df8db89fb52af

SHA1
060ad5b22f8dd408260b7210392c0a6f6271fbff

SHA256
18c4531e9fc00ed242f1c0526dbcd0a3d1ada9bcfee651ae950328ac872a216f

SHA512
f8dca8e9aecbaa7fd596535fb792314253814098c1089262ed36e78960ffebe377c6436354228a9b4e17bb87fa6e1833110fd843c63bbce3294262b623df86e0

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\is.txt

Filesize
8KB

MD5
f361950b7d1bb073ef48ca729b7ed5ea

SHA1
8c5d3fb8e09c9682c6256f05f82ca67c58f0ff2b

SHA256
f4f9d6dfd36512f027452499b083ad0656df6503ce03e4e4cc45b925f1f1d678

SHA512
6163fb77d3155525a563ad907cdf48fa18a6ce019a073c7d9dc2438927217d0d8534ada7fc444114f14ac216c89d12e83f5b582021be693baec80bd69199909e

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\it.txt

Filesize
9KB

MD5
87efe148b443c6b50eab945e27f9b39a

SHA1
d4a46f9a798c381a7415de8b74b296f5632124c1

SHA256
dd0a9a9ce33d25a9f6c461a6e43721e975b8b1e189c3d5b81f1dad0ff12870be

SHA512
3f391e6c840ea267f500e7912e87e8696099aee683a0a656a97033dec8de38f875c60dc21e9332a7e24ca3e2ae8c404fd936f915ad8c8a05eab090c355916dd1

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ja.txt

Filesize
11KB

MD5
470b0ca449e9f34bb34244a7ef39441b

SHA1
471c37014eff0214ce757b6e88987fb9e2b31931

SHA256
b0150c2b3d2ad9b37a7f47a24466aea4a56ced728caf12d02b407fd0080602ab

SHA512
1e2d690e484449fa4859836f7ab880d512e98e5f996bf679ecb3a5c3ca8a3fc7e9fed4e6c2470fff790ce22bb6aa407d951ec6c7ced571b5ac8e86ca873f3afa

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ka.txt

Filesize
17KB

MD5
eb2af4dc4c28275ae1876523944d708e

SHA1
bfb87569112a081a99ecd5bfdcc6f2aead07f67b

SHA256
b78defec49d07120b74c2172f3e07540314771b16729c6bbfc3a1902ece2eda0

SHA512
e04680a6050fc6b3d0bf50a092f5fe2049bedf705f479fb5c45852e4cc19d1b735b85166da15ea67dbeb3aacf39dbe6c80eda9d4c180805d87762468875ab49a

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\kaa.txt

Filesize
7KB

MD5
dfba5c2185e113eef167a5e21c32df76

SHA1
e36703d7d1954e3f1729a0497674ec15c41a2f76

SHA256
4d631602ce3d0c4d9162af6bf56a90c8eef75a24d556b729191b62f79aba0681

SHA512
3271b66114bd6f145693258c5e84a175acb3db865169734a9beb5de7f9aefd06b4144650dc0e98fd47dd38ad3cabd26415640cddc8ac611c23d14487e975fb70

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\kab.txt

Filesize
8KB

MD5
c6ac7aad8bce83ac69f197db9d4529f8

SHA1
5fa31ccfa23b753cee7aee7ee65915aaa94f9b01

SHA256
b8a7a5182dfdacc9baccb412e161c60864d3b5d30038935122c736ae4f4ebc22

SHA512
a643e38a5801a50fd318fefeb0245b8935c818737b860839c15fa09b0cc0e9ef55eb455e3ceaf8b2263ae23b5befd1e6013ba63c4abd1b89627905498ff026be

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\kk.txt

Filesize
10KB

MD5
f4c46b450a580ad5abf0b638dcdcc6fb

SHA1
750dfddddadee9cfe0e8f651f1c6cc38cf1fcd78

SHA256
f2e6e55c102485e232daad00f68d8905f7a54f8ae2128db6afe25231c17acd69

SHA512
24b6dc7b491302b905c1e20e67ddab16af9420820b6c83406618e017fa84d952661087e2ea577831441e8a3c82ef697de713597e33626aed787f3485dd9b1f7d

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ko.txt

Filesize
9KB

MD5
55e8685ac21571f0b5f11a4d5fa088f9

SHA1
285d09b7a8adcab4e5d72928487c711b8f48b8fb

SHA256
58a2dd10438c1199653c1bcd88c520ddb437fa8e01bcf311130ada0a626151c7

SHA512
bd95e5f82e17494404e7319f5cdc1b4bdd868b2ae73be1cf407f9f1e54b360bf75a36993a60a14d29e4af3ec15e0538f23e1f22dca1153bd01fc0ba964390337

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ku-ckb.txt

Filesize
12KB

MD5
c90d029172a8533946ef7419bf383305

SHA1
7b3d96899f5935e559626d215517315c04207627

SHA256
19af39960142b8599153a09ef4f03f944fc00999beb9fe2399f5f8b236716eef

SHA512
b0a711161ce233e5b9231c21abfd721bca6a85567debc6cc9c033c68d0a6e1292f369dbf1ea52b4088658d13263c245ea37752e87abd8b2aa878b5270ef0b1be

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ky.txt

Filesize
12KB

MD5
7d0420ee265c9122dc11ef964871e179

SHA1
4b84b209e5a637869e501d54ff0b535bd3924851

SHA256
4ef68fbd8ab002bbf4cd6d1c9fd6d87a5fde048afd2ef162b727259eb97d70d2

SHA512
0ddcd7871e61b76acf3fa0224519ed8e29c33234c300097f69e799951f8f9e87943a4f755f1362856f0c2a3804c399e466cf08cf0e189ec7bcdf744e07c61635

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\lij.txt

Filesize
7KB

MD5
372bc4a26b676c48cf8fefab3711b91d

SHA1
39da7ac5a483bd675657c24f875c2cee93204a1e

SHA256
431cae1bb77633fdf3ce339e97bc5d5d885779decc01ed03583e381f097a2487

SHA512
0bf4ded969bc2af21b806fea241b7f0a312d8d4d9c81b14293e352e09dc31b3b876c77c155b6c9769d89b169d8de65c4f52b649acbf90af14e75ccd6bb8157df

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\lt.txt

Filesize
9KB

MD5
92d03523dd0e7e7b2862a6396abad455

SHA1
ea1fc2bac5ab8d5ee329a5945f1ed90269cb7aec

SHA256
c5da5b37be32fa4cdd8b938d479c0327b84c9f83c948eb7e65f4ddc15a6beeae

SHA512
1fb0ae4117dd69418ecc371f699630d79f89daaa3099f57ebfa4a7de398cbdef095e0b029a547dfb6936a336a9e2748b880ec83a65554a1858f2f87104d63e27

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\mk.txt

Filesize
8KB

MD5
71d42abe45803ac9c3da5fcacf9cc59c

SHA1
98a1049906972abb480abaf1f5658c1b8c10f27c

SHA256
78f5cb9345ab258cf745eaa90d44c7a7a73d3fe06ea182b1298a989135ffa11f

SHA512
a0096575d6f911cc2600dac93d6fd7aa8d9e2f9f71a92571a76996fb4c47bdb714bba453c862b3f42cc5f4baaf2aed1dff3c9d6f84a3e2053ff2037c56ab85a5

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\mn.txt

Filesize
8KB

MD5
8756027adf94b3cc3d6c42f0d3fb4af0

SHA1
823bdbc5abf1d2f3528aa319a417ee090d1c6928

SHA256
cf5245d17224f85011ed85062957dbfd936dd760a214980fc8f2eb69e6ba3cfc

SHA512
92715a814d24318533ba26af542b174df12e5d8cd40251bc27890345eb6c64d174448745b2b138bd0a7e0fa0d96b803fab9b29f89767729e64a95b164fb27f29

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\mng.txt

Filesize
20KB

MD5
ba28c5c312d1a7827b40ed84f1f6f85b

SHA1
72788c4b14c47a3988245e81fc6e7bbb8f88442f

SHA256
92898472c1db5248b0556fb5bafda8090684249b561de5ef2a84c10f2f4383ca

SHA512
35871824adede6169118087d28fe3c78ea09cb259c7c168e83a22ca74c024d9f0d61250ad1fc9f75b71a8ee5235a12ffd52c146b8232b7bea84ec024b19da7d5

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\mng2.txt

Filesize
21KB

MD5
a0d06dc2b7f53acd8cdebf7864080cd1

SHA1
a4b9c4d1c4355bd90356e60289fb4efce0046b6a

SHA256
47bfe43f3f5a88a0f366fb317a542cdc1e216f8c368ddc67252480ede7d130f4

SHA512
811fdbfc11f8db60b2d059d433495fd50220e5a718ed9fe7f9c422d9695353825129b05e0f287419d4784c3564ea7cf7be9117c4408170f4afa3353fbc875442

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\mr.txt

Filesize
10KB

MD5
2e9fc42dbd17e30f8db8205fa2d18543

SHA1
60639e6d06a38d5c507136c130a172d606b698e7

SHA256
08b8f7ff35dd4315133e04fd17b6fb896d63b9c87040a2cc68a83e81ea4efd78

SHA512
7e1aa7234dc2c07654847de01600787ba735e9ccf5d376d37696f3810418a357beb1d611a164fdfd7a24ca33e7bed150df08187d4ade6c973c45be5df74fd95f

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ne.txt

Filesize
13KB

MD5
c7ed0560a6145a417b1e92546ed6b0f1

SHA1
6be9ff3e7ef34767caa165a0e9851914bb65378a

SHA256
c129f67193295736e1c1ff4ac7245cbd737a07ea6073b43fd22ac767f3d56e23

SHA512
508504216c916c6ef168062c1d13336594d469db92d8b40571c726a4b3053ca6fd0c57f9f2fc389f3216a5c663ebdc4aa520462ef39abd5be55c7b87b522d90f

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\nl.txt

Filesize
8KB

MD5
54169e744254bb5a4182bcb2678f8479

SHA1
244ff8c38c8da10e20282cf74a08e18ab165640c

SHA256
8a74f64c91c25da6056b054d388bf1bbd97384ad7d0086f86df0240e077c6149

SHA512
b798027c10f2aa7f06fa4fc3473f3040a23968d967aa93c08d072f86da2747d7847f8d7b37bc796a8270721c200978c61b1a4a5c6fd8b87845fdbb1337a142a2

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\pa-in.txt

Filesize
14KB

MD5
6c48ed7deba6d3efe6447be948471810

SHA1
4e1d76d565211416f0ed32a2cdd473d9ac54a61f

SHA256
377f793eedf3a935ddd6260d72ac3cada9391aafdf1f019d0be72be2b83a5dd9

SHA512
22b8bbb70492e19ede9c5e74483a1a6d57d4f86f38d1321331e0137c7953c6612e03f854fb1bb0c3234bbc0f561e92501a345d881fc09dde598e217d946018dd

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\pl.txt

Filesize
9KB

MD5
2cdf63e6b3f3a474465d0d88e5386718

SHA1
aa4f3f839b35c68ea2a17e7a63053262e94f952d

SHA256
223c109301a7bbf01fc57c42609083b28e3fcededc1f6e6dcdfdc8ec1580c51d

SHA512
db7c086b9fd9111d468b7bb4f55455524fe161869c20c20ad7e65e5b8eee38fd4e3b19aaa183c69c87d2c61f4561d12c90aa966a07156f193af59bcb6db10ff7

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ps.txt

Filesize
8KB

MD5
8f15262b3c1cf560b6352fae4a5fde21

SHA1
c493f7834117f02aab3dd34999acf55977d94c67

SHA256
881b19dd1f74251e475855b8bdb53ce9af1c3d2654a9331b069a3c273f723769

SHA512
18406e2c762f5e7d5d37d76c0fdc8a8a85d50fcb66b2d92d072b4ca3714fca6eae9ccd9dd50bbb00da84bccfd07eba290930c17a1b9342626715a6d6de8191d2

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\pt-br.txt

Filesize
9KB

MD5
7b02e1ae16e2e709d7c97de560b4dbe9

SHA1
191a54644417f7d36f5cb4182dcdb3737d74be51

SHA256
da0b58f52bbc131f967942d1d8e9de1b5721ae864bc21852a0ad4062332297cb

SHA512
4f689f854db3f766b5e53ce2f19e9f8293c075ee3f9b18098eb05b352f2ec95df85e49a78540781eb531bce60c7b1f7890f1fe3c65200dec3cb908e90fb827a1

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\pt.txt

Filesize
9KB

MD5
e6f09b147cb07532c12e47b05ccf87b7

SHA1
1b6d069d431edac41c4221a120e8cb9b1152fc70

SHA256
55807ed90ae0d9216b93ec7e1d0571cb16d7f9db40723581aefc4ea829d4d182

SHA512
95f7db5dd308ca3e91fc3203dfb9fa9dbabd7eec6cf1a8590eef0cc670c6b08447ba09ad151a972d721dbfcfa03468bb7e9d2cac190d6c72c543ce5a16c7aa32

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ro.txt

Filesize
7KB

MD5
e3ee837f02a1f6e4b2213eb36c025284

SHA1
56ccafa0f9c3d805a845311c2ebd80c93a595b17

SHA256
f168bb4d026782134cc6c261006b815850e753a27fb47c4f23ee617666459a66

SHA512
a923f953af5df72e04b5c38e523a003b85c0ed74e20ae1c3a2d4848828e03de8e703953cfcf653c148a0eeaa9365f9187804de0d534435ccb90dac1c4ea68a63

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ru.txt

Filesize
14KB

MD5
b5cec4d03d2d9e162137e475c54afbc3

SHA1
3e86ae0174a096b07173c623b637122e4323dd29

SHA256
ac73d4810639114c3269e3beaec84ecac9473ca6fbc248d804a09df2b33e4351

SHA512
cb78bd4f6d7d94780bf84f6618a2800a3b6885485c6cb7b0836affcb9ca6f6734834fb84f756946e59595067788cd1b1a230cec760e39d3ea0baf523f7cc7647

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sa.txt

Filesize
19KB

MD5
9fe4da297163a84fe9d0b0289b1af077

SHA1
d14a6a318a50f2f13e45b2269ea2ad8fc5e3c44a

SHA256
a44e8c328bf809890aa6ca883e2cb82b6c5207d9636e9a91253da4cd893668c8

SHA512
a6fee2f3d6448f1f5be6ec88b51fb65ebd07c7ba3dbaf2f7a801fef54b9da410e6b800094853180a884889b304ea9a54672781fa7d0f1067af6c4a63c494a44b

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\si.txt

Filesize
16KB

MD5
2b78e18bcb07cb8d59d8682502576f8e

SHA1
c277b543ee18441681cdaff9efead09963bf9604

SHA256
3899edd17a78bc729278304f7b0ae7750c422a5ba684aac9edc15b8527a229da

SHA512
da07af56bbd954828623c7b38fd3e6cdfe89df98f2525aa486a43fdd17ea5ce79f90e691b1f459df5238b04b3fff0fed58559bc93e15559ff6d8d2a2cf4da172

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sk.txt

Filesize
9KB

MD5
ca2b22d21945a478757a099eeafdf9a9

SHA1
5efbf215647e82ddeaa4c83d064ef83b51413dea

SHA256
e571c0d87b50f4659099b4ca618057533c22578066e411c5ceb3df8be1e77cff

SHA512
40365ac6cdd70ff7b7ab09482e1e9263b1b131772019eda357007d029a879111da72b05756adbfc3206b1c060211a16b5f10d507fb0caa3696907c8433fe9537

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sl.txt

Filesize
8KB

MD5
7004b98d09316e84156b91c54888c9d4

SHA1
39c8681e497dde4ccffa3bf8d15b53627757ece8

SHA256
548aa8422a228617b30fbd448d03c38c3a11d010051a24544cf8ae479314acd8

SHA512
c48f4baced7a4faf958712225a5326ca2225dd7b396164787ad2c83a0314774e9126fa510eba37b1ab2ff26c67a7aaaa0ba9129b0d97a119ad1d726a56a33066

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sr-spc.txt

Filesize
11KB

MD5
ffd26304b9b5fae8547703515e84460d

SHA1
cff3f023bb47ca3c6c3db202cd8c126b0bb2f59f

SHA256
283dd99ec8d13784b3d79c36766cdb16dac0ede0c1c09e8b1efa64f5dc2c1a55

SHA512
0a4e39e2598c73f936e4c8bd56201fee00aeb5daab0d7b735d5137a8b7c15830b40f028c77b528b75653540836098f5e8fc059111dd2efbd0a46ddbdf97465c1

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sr-spl.txt

Filesize
7KB

MD5
fd327f424c7e4f23d2c018ded334a1b5

SHA1
0fe9a48c528be4022b19f7373cba9190d3bdb473

SHA256
d5a250b45bd51267e2b0d78cf60e7f14113419565f9b95c2b1113963396570a5

SHA512
ae6c2959a5348bdbc1464fd0e08a3a00f8598a2d423381e5883347a85e88f7749659e0fac4f89d6ccbc74a1e83f47ec4f42cac22115ca3921def00de41978adb

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sv.txt

Filesize
8KB

MD5
2ec8b6f0c0c05157ae90aba540debed1

SHA1
56de30674cf6ed17ae1fd42080214573b8383789

SHA256
54112b265ec01759adbf72dc856ff0f9dbb2b3029eff8a56de08dffc5d3dc954

SHA512
6cb83b0d3db5254e47f86100c38be073f257b4f2e643f14e91df9ccac36a631bf06e52ce8f98106f5a17cf19745f2b6277605968bfeb9e0d423b1fd3ab5c0a06

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\sw.txt

Filesize
8KB

MD5
ee27959aef24cef2ec07684cf420b2dd

SHA1
07d9b4d2b4ab10b3341f3286cee73185daaad918

SHA256
aaeb1631458e448b678579ce369fd0a6d66e0fb02b9218328c537ee38636c557

SHA512
9e0fd7db8d799763eee9980d8c2b0864640fb74a86036d337b019ac317a3541cba6d65af1c4179ed46d64d4005395cd6c761f6a234428df3f1fb04634955242f

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ta.txt

Filesize
12KB

MD5
228ca6d7b8d850853233c4575a7ebf1f

SHA1
4bc90fca87925f7d855972f5dc67ef5e9e29b438

SHA256
0a3b285566bbeb3f188b3c72ba21cbfc545ea05471eab706e972c828da5234e0

SHA512
2995d1c2bacc8c0ee757fc47fe9c8ac07f1ee74ae3a70bbbcc66cbcfa13a924855b3f7515d04031434870829be34f0fb49a35388eaffacc0e7a33f9a44a02870

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\tg.txt

Filesize
14KB

MD5
4a5529986613cdf743b3f7755f8f5cae

SHA1
970dfad147ab3d32e93eef6bf464bcac23368e4f

SHA256
1cedd8f699940fecacacbc5df093ba70fb2099faf9864376a3d990da78b8e075

SHA512
1f7e8a8a21e8e5faf546b2f4c621b326a907afa017dd8221022df2d19b3e41d10d5157a8713f8d5485601311029f4e25dcb21d0e9b4991b6d26d651b416239c0

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\th.txt

Filesize
15KB

MD5
8ee06a03dc18e5f8bc750cb6a78f6d9c

SHA1
179c195700df844216c2cabdc17062cddbd1d6b3

SHA256
01e7b965bd4b722003f74b4e4b30ef6a1baea67108816d1b9f8d6add39c7fa10

SHA512
4c908ba391bac8bd36bf76b5c3b59dd59eb71f2513bcd04c47cbde683ad463c0feac5d5aada67730f3f566156c4beff09cd7b7d1eb043b988ad7938b9041c4ec

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\tk.txt

Filesize
9KB

MD5
75c23d0431bc83ca17308f08d1173c1d

SHA1
a052e61036e0da973253ba225031d5929ee5e2d5

SHA256
75eff9de596459f3eba755b5c4c8ce635af2cecdbae40749df348c97a2e56ee0

SHA512
10872e31df08e59d080be3c0b975df06e2e8bcecea14fcf9f547965143a9652c8b9ed50d38232a72b8f0745c964f4e616b06368d9983f35ba05fbcbf2294900b

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\tr.txt

Filesize
9KB

MD5
c69be29e4448a858180daf367464d531

SHA1
d83819911331f73bc35e2eb02ec1fbcdddf30b7d

SHA256
4816929c4bb958ce8d64d14df47f0b6a35dcf0e7eb88201eaa93af541894e354

SHA512
469be1075e9a5c4cc8bb6a0b55e645448eda3d46527a5561cd55807f5e52c3410904a34e0e64e11f963153d5cea5ccf16e7e7fc7ed63aea3fbe532959056aa77

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\tt.txt

Filesize
13KB

MD5
6e299b81edacf15face1271d032cc5a0

SHA1
f2e955fd7bbf9140f0e86bf1a759d729c9a4e4da

SHA256
18479d66e0c8b5144ea32cc9d6b58eb8748e80d2c3bdec0dbd99bbc3ab42495d

SHA512
84e9484319deb5a7049fe130290a7d67a8faefc9a17f7b2ce9f9586fb0f0641b839bae681c6f8ffef551780f56166c9886c1f7f6f0df386389f44710423b9865

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\ug.txt

Filesize
11KB

MD5
ef3e8d61d03e42a3b40d6f0b12535adb

SHA1
569360bcfeb39c102a3dd78ed96204b5d733ffbe

SHA256
9d0268d1eeb8dfdebbb8ea1033c2b99cd667a244c9859085be5d54c9e5ced369

SHA512
6e9afeb0a96da6d8bf63f06de421b8d4ddbf4d750e1bdf861fbbdc0268cbeb19068d08787f0f1655b40ebdc603d888251dae188c3547f32b970c7f927754066a

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\uk.txt

Filesize
14KB

MD5
d125ef7f9a009cfe4093152e48055ac1

SHA1
7063f242690890c98296314884e0e6d058c23aff

SHA256
53235cb228dbbb5207f18bd0b318f54fda9f9f5b05094ea6ac7ae368216cc4ef

SHA512
cc199e839e2cf24abcd8b9685702732427295858976a038fddf6e3691fd1a31bcaf9f1dbac48e125e096d1a395dcabfb4ecbb02a6c5e7d6dea67e44e21e69037

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\uz-cyrl.txt

Filesize
14KB

MD5
7afedbd6e9ef3a4a2a99bc1bcb133605

SHA1
317d758dd9f65a6e320a4d45776a21ecb2ad60cc

SHA256
2dd421a44ad779d961c951f01e7abf4ac358c61ce26ea8311a0c902b4fc77ca3

SHA512
48650bc3ac6c316ad6431b9db3e49d76fd066f976fdd949a8dfdb194775b0e1c6eda5ed99d2574c9d3c2781c6138e3bb3939c294894443eec981c78377823af5

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\uz.txt

Filesize
9KB

MD5
3035144eea3a382e39541b218a5d813a

SHA1
eb7a2f6306f7d2ded4cc88fb4cab0f65558db8b0

SHA256
a310044dbc86e2441f0d50bb7d7dadb9879359b0c6ceb1faf413a0459e07045b

SHA512
99d86146e0a6407f8d0fd7179061699bc82232e6a2427203a2951fef9089572c9c4e29c8484910f672a31f98ef13b5f3a45d5786fb118701a5b908f8f85a5c6a

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\va.txt

Filesize
6KB

MD5
639741f687d4427c9d3b170b1ced41a9

SHA1
ad3d3a09b8877381df520e6eb654227da045b89d

SHA256
f43c31bd959a752eefbb7c76ed918c4cacd50d43706121c55093d72a638fa7a5

SHA512
eb63b0437624782d2bcd033905c7c0538902f9644e4facdc52d094ede5353309613b4eef3cb437d4f69c2a4fd4b2e0f241990aaa3a38366685b10cabec20a357

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\vi.txt

Filesize
8KB

MD5
044531d134aca40d5e57cc0ab96b4940

SHA1
988aa2bb6922360c1977b97725175613266242d2

SHA256
3a6dca3e1b5c8190c81fc859b5be83eaf54efdcaa148f4374d1225381083406f

SHA512
458a86ea6468e8b1c9cc98a7a579f74854a34f101ec2ede3ab48dd7dfbbf75eeae184c5a23443b3ccc69b8c06e0e09ef2df04d9f00d86ce99b82e785f95b7635

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\yo.txt

Filesize
10KB

MD5
698af9267c08d61b712417491da6a3bb

SHA1
01f21ce60e571699b006098afe9520c02d4e11dc

SHA256
ffab6b91ffd2d3c2b1f7f431b47f7d28aa17a11587b876565613bb26c173402b

SHA512
d37f63d3824d12d9bd4749ea94fce924f3a5469874d6777261f0570a2a7ef28574825fae199408c0e1eee7061b08c447da8744a1c2fa486981165ab5062fc8a9

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\zh-cn.txt

Filesize
7KB

MD5
0aae98f500ce669da6a4fcc33aea04e9

SHA1
9326f529b796bca164835fb1eb4e135f01cb61af

SHA256
7cf13e7434e6c062a29b964c026b2f66e75ecf541228665bf0c826ef7c0fe133

SHA512
fc64fb4c2df2b99f3d24cd938f4f381acc20547ba655fb34016a1a1f860e0d8a99c087b24fdc160d2bd1dad1f04c9ebba682adde0e0004e0b64d774bd3f3550f

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Full-Info\plugins\cache\Language\zh-tw.txt

Filesize
7KB

MD5
acfc57de6b0e4489287bdafe2062409a

SHA1
dbf62f8c6dd239aa16bfd62500517b849ed8e5b4

SHA256
37c79297f8d4e491d681b556c23d957bc830068ae1d5f4535fd054c2233f3474

SHA512
50a76a2c5a61056b2b9efaf143335d86c5882d97c9d42acf29ca87cd39d79876d561ec0fe83fb377e25379cfebf593b782ecd8613d2a84ac33cbb6d8314481f1

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Language\6\Language\hi.pak

Filesize
206KB

MD5
fa034eb13d21ce4e9fc2d3eafdf40cd2

SHA1
0992d91706d26b6cc2ff64d899308ba4e9380a35

SHA256
1ca6a0546f9627fa9ba3d377d79a21ff26ec9b349d47247c9b241a70728d0699

SHA512
4f8024f43a70d9d8ae67848e2540b028cf1b9183b7dedd66043fb16394601da986d695c8d28f072444a69c1b2639c8b79096065389069fb854d152db166ed734

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Language\6\Language\hu.pak

Filesize
106KB

MD5
ca8a821ff5a6b848c5a170ff9a97bb39

SHA1
a98b91fa29848013cef021ec8b3a29979cac0c65

SHA256
fdd99d667419612bf98200783e0ccf0f7c11913ca03ca162d72d43f6861e5478

SHA512
e475a09e1f9f740b6c36c9b33b20f263896b869d8ac58848504db29903a9597b84761b9c3918addc9c726d4429a0f496f44e3a8b0cce9a3008d071a5d46bb5c6

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Language\he.pak

Filesize
124KB

MD5
209974550cc2a835f1879995851b424a

SHA1
f09850b9e7fffce197e362b9562cd0ff1c5c71ed

SHA256
ca440d0128b62e35333730c5925992ae5b4b05a37c10105a9145eb5cf7a77071

SHA512
4ab857adeab0e45f03868d1208d8f3250bbe27c5854bbc885e94e7e6ed8bcf9bdb2ff5035bebb1958b345ecadf244dcc433d760643ea544066b32f3f1e266276

Download Submit
C:\Users\Admin\Desktop\KMSpico\Resource\Language\hr.pak

Filesize
99KB

MD5
624bce9b02382312f4588d3147b738a3

SHA1
8df16c75c9e86a96d9f2b11e80eb182ba6c8eef9

SHA256
64e531e46cf5b644d1b7f1df885efcf51a65db50fab65ab250f5e4e1adfa9d29

SHA512
e74e56210cb3c184499de4e0d9e57e8ee9d7314b93fb1a97030a3397cc47b91ec74c704b25fc4bd16f4c7680240ae1d39d69cd9f024dd52c90eae9cc6c53b6ae

Download Submit
C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.dll

Filesize
16KB

MD5
3f0c03e5076c7e6b404f894ff4dc5bb1

SHA1
9cf99c875e6acd4b12e0eddd5fa51d296ea4998e

SHA256
4e7ebed8410c83b73a23185aa94680143da2933305cd6deefe8ec0b51b7ee6f3

SHA512
20de17d511cc1b3f283a28423f5bdfaef36f104d62c33a1da6449c528d1d8e4986afe8ef68e590add9262c3c7441132022a049022d14deba08a8c72e139f78f4

Download Submit
C:\Users\Admin\Desktop\KMSpico\Uninstall\WinDivert.sys

Filesize
34KB

MD5
a0d15d8727d0780c51628df46b7268b3

SHA1
c85f24ef961db67c829a676a941cbead24c62b21

SHA256
5e23f3ed1d6620c39a644f9879404a22ded86b3b076ec4a898b4b6be244afd64

SHA512
a7a6173bc2652d7b45fdc3009d00be9f7d3a9f42ad99cd569bfa2d23902f77866dd3b090f6debb11c802fc85b2230d5321309b0bf50d1dd8665ca8ab19c78361

Download Submit
C:\Users\Admin\Desktop\KMSpico\Uninstall\logs\w.log

Filesize
1KB

MD5
fadfbca1869fad6130229d0da48f26d2

SHA1
72df84f8e9fd367f65df883a0c4dca87596ac80a

SHA256
29cd1208467b529a3d6a956e9addc850dd170b880abea35c3117140c2d619725

SHA512
b34342aa9f796a360400a4e77ff30fa97b8fdf4248185d335b9777a1b501ee96225fd5dda627fc243217c51a7742595eedc756665ded69490bdb4d1dddae06a7

Download Submit
C:\Users\Admin\Desktop\KMSpico\Uninstall\logs\w.log

Filesize
4KB

MD5
389b57171e1cb4a6f520854e4399f87d

SHA1
5ab90772c93ede19374272270183317d0cf79ca3

SHA256
b1cce7cbbac51753bb9a33049c1b813dbe9d6a69727b36dfff61b99779496cce

SHA512
afeb2f9f3c669450178f3924ec6a601977d670ff6a22d181c953c856d2bb74c5d66ef577320b762ef2d191df86ae2af72371d49619a1eac730bff1063994d51e

Download Submit
C:\Users\Admin\Desktop\KMSpico\plugins\cache\ICQLiteShell.dll

Filesize
56KB

MD5
05e61539b8917fca37c03756bbdd043d

SHA1
5a72e0e528260de0ea5b34badb9e5f9873cb4245

SHA256
515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8

SHA512
565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97

Download Submit
C:\Users\Admin\Desktop\KMSpico\plugins\cache\ICQRT.dll

Filesize
32KB

MD5
1aedcb8994d6ad63ef9dcb87016e028f

SHA1
f5b891aa15c6353b681bdb7e2d96c6ac8a5f02d7

SHA256
53e1f40144bab532f9700ff25ec3d5c6a39784a98e17fada583b4ee6d9dd5dbc

SHA512
89c0f408797c4d78afc52335a9e162345c614e1e419f55487cb358c14f7a69ec82138a7e6250be3133233386ba3659d241e80ab63c9b972b6c8b26b0424cb0c8

Download Submit
C:\Users\Admin\Desktop\KMSpico\plugins\cache\Language\LiteRes.dll

Filesize
735KB

MD5
88962410244bc5c03482b82a7e3cb5e1

SHA1
4622be2d3deda305bf0a16c0e01bc2ecf9d56fad

SHA256
afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036

SHA512
c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c

Download Submit
C:\Users\Admin\Desktop\KMSpico\plugins\cache\Language\LiteSkinUtils.dll

Filesize
48KB

MD5
059d94e8944eca4056e92d60f7044f14

SHA1
46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b

SHA256
9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6

SHA512
0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902

Download Submit
C:\Users\Admin\Downloads\#Instruction.txt

Filesize
462B

MD5
58019c84e6b18d2ffa482436aa98c073

SHA1
a3c77e6edec710a48728bdfa07ce8bb0cd90b8c9

SHA256
446b6d68de299139bb9893ad1ab4688c248ba8e875581db0ee6444a42efb5db9

SHA512
b224889c3c88f81da8cf71f89e0e24dc39c8fdcd33c4425593f95f7f84053620481d4324c41e0d4067da9801505725e7dfd1d8937c8e61a23c2a4a47b9debe8a

Download Submit
memory/612-2934-0x0000000004C40000-0x0000000004C43000-memory.dmp

Filesize
12KB

Download
memory/612-2935-0x0000000004D50000-0x0000000004DB4000-memory.dmp

Filesize
400KB

Download
memory/612-2938-0x0000000000400000-0x0000000002717000-memory.dmp

Filesize
35.1MB

Download
memory/612-2968-0x0000000004D50000-0x0000000004DB4000-memory.dmp

Filesize
400KB

Download
memory/612-2970-0x0000000006150000-0x0000000006156000-memory.dmp

Filesize
24KB

Download
memory/2368-2763-0x0000000005320000-0x0000000005342000-memory.dmp

Filesize
136KB

Download
memory/2368-2762-0x00000000053A0000-0x00000000059C8000-memory.dmp

Filesize
6.2MB

Download
memory/2368-2761-0x00000000028F0000-0x0000000002926000-memory.dmp

Filesize
216KB

Download
memory/2368-2765-0x0000000005B70000-0x0000000005BD6000-memory.dmp

Filesize
408KB

Download
memory/2368-2764-0x0000000005B00000-0x0000000005B66000-memory.dmp

Filesize
408KB

Download
memory/2368-2777-0x0000000006220000-0x000000000626C000-memory.dmp

Filesize
304KB

Download
memory/2368-2776-0x00000000061E0000-0x00000000061FE000-memory.dmp

Filesize
120KB

Download
memory/2368-2775-0x0000000005BE0000-0x0000000005F34000-memory.dmp

Filesize
3.3MB

Download
memory/3540-2757-0x0000000006150000-0x0000000006156000-memory.dmp

Filesize
24KB

Download
memory/3540-2727-0x0000000003110000-0x0000000003153000-memory.dmp

Filesize
268KB

Download
memory/3540-2756-0x0000000006150000-0x0000000006156000-memory.dmp

Filesize
24KB

Download
memory/3540-2755-0x0000000004FC0000-0x0000000005024000-memory.dmp

Filesize
400KB

Download
memory/3540-2750-0x0000000000400000-0x0000000002717000-memory.dmp

Filesize
35.1MB

Download
memory/3540-2729-0x0000000004FC0000-0x0000000005024000-memory.dmp

Filesize
400KB

Download
memory/3540-2728-0x0000000002AE0000-0x0000000002AE3000-memory.dmp

Filesize
12KB

Download
memory/4076-2810-0x0000000008D20000-0x0000000008D2A000-memory.dmp

Filesize
40KB

Download
memory/4076-2813-0x0000000009960000-0x0000000009974000-memory.dmp

Filesize
80KB

Download
memory/4076-2794-0x00000000070D0000-0x0000000007674000-memory.dmp

Filesize
5.6MB

Download
memory/4076-2807-0x0000000008BD0000-0x0000000008BEE000-memory.dmp

Filesize
120KB

Download
memory/4076-2792-0x00000000056F0000-0x0000000005786000-memory.dmp

Filesize
600KB

Download
memory/4076-2808-0x0000000008BF0000-0x0000000008C93000-memory.dmp

Filesize
652KB

Download
memory/4076-2797-0x0000000007030000-0x000000000707C000-memory.dmp

Filesize
304KB

Download
memory/4076-2811-0x00000000091D0000-0x00000000091E1000-memory.dmp

Filesize
68KB

Download
memory/4076-2812-0x0000000009210000-0x000000000921E000-memory.dmp

Filesize
56KB

Download
memory/4076-2793-0x0000000005690000-0x00000000056B2000-memory.dmp

Filesize
136KB

Download
memory/4076-2814-0x00000000099A0000-0x00000000099BA000-memory.dmp

Filesize
104KB

Download
memory/4076-2815-0x00000000099C0000-0x00000000099C8000-memory.dmp

Filesize
32KB

Download
memory/4076-2796-0x0000000006B20000-0x0000000006E74000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2791-0x00000000064A0000-0x0000000006B1A000-memory.dmp

Filesize
6.5MB

Download
memory/4076-2790-0x00000000055B0000-0x00000000055CA000-memory.dmp

Filesize
104KB

Download
memory/4076-2780-0x0000000000970000-0x0000000000978000-memory.dmp

Filesize
32KB

Download
memory/4076-2795-0x0000000005F00000-0x0000000005F4A000-memory.dmp

Filesize
296KB

Download
memory/4456-2983-0x00000000056F0000-0x0000000005A44000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2873-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2925-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2926-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2928-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2927-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2924-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2892-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2893-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2894-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2895-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2896-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2897-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2889-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2891-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2890-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2888-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2883-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2884-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2885-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2886-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2887-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2878-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2879-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2880-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2881-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2882-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2877-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2875-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2874-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2876-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2870-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2868-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2869-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2867-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2866-0x000000001F990000-0x000000001F9A0000-memory.dmp

Filesize
64KB

Download
memory/4508-2863-0x000000001B960000-0x000000001BEA0000-memory.dmp

Filesize
5.2MB

Download
memory/4508-2862-0x0000000000540000-0x000000000062C000-memory.dmp

Filesize
944KB

Download