Malware Analysis Report

2025-08-05 15:06

Sample ID 250519-r8v33sal9x
Target ChromeSetup (2).exe
SHA256 72b6553c66c480332d949fb8557660bca4b83d37d8866e5b5e94d9d5ef37be12
Tags
defense_evasion discovery execution persistence privilege_escalation ransomware spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

72b6553c66c480332d949fb8557660bca4b83d37d8866e5b5e94d9d5ef37be12

Threat Level: Known bad

The file ChromeSetup (2).exe was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery execution persistence privilege_escalation ransomware spyware stealer trojan upx

UAC bypass

Creates new service(s)

Disables RegEdit via registry modification

Reads user/profile data of local email clients

Indicator Removal: Clear Persistence

Legitimate hosting services abused for malware hosting/C2

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Image File Execution Options Injection

Drops desktop.ini file(s)

Enumerates connected drives

Modifies WinLogon

Suspicious use of SetThreadContext

UPX packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

Event Triggered Execution: Component Object Model Hijacking

Drops file in System32 directory

Modifies WinLogon for persistence

Sets desktop wallpaper using registry

Drops file in Program Files directory

Checks installed software on the system

Loads dropped DLL

Launches sc.exe

Executes dropped EXE

Drops file in Windows directory

System Network Configuration Discovery: Internet Connection Discovery

Checks whether UAC is enabled

System Location Discovery: System Language Discovery

Enumerates physical storage devices

System Network Connections Discovery

Browser Information Discovery

Gathers network information

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

System policy modification

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies Control Panel

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer Phishing Filter

NTFS ADS

Scheduled Task/Job: Scheduled Task

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Reported

2025-05-19 14:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-19 14:52

Reported

2025-05-19 15:05

Platform

win11-20250502-en

Max time kernel

785s

Max time network

787s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe"

Signatures

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Creates new service(s)

persistence execution

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Reads user/profile data of local email clients

spyware stealer

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\136.0.7103.114\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe C:\Program Files\KMSpico\KMSELDI.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe" C:\Program Files\KMSpico\KMSELDI.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe" C:\Program Files\KMSpico\KMSELDI.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe" C:\Program Files\KMSpico\AutoPico.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe C:\Program Files\KMSpico\AutoPico.exe N/A

Indicator Removal: Clear Persistence

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe C:\Program Files\KMSpico\AutoPico.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A href.li N/A N/A
N/A href.li N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A href.li N/A N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\is-OMB3F.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File opened for modification C:\Windows\system32\Vestris.ResourceLib.dll C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Windows\system32\is-5HHM7.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\is-KRSAP.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\prefs.json~RFe6265b9.TMP C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\da.pak C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\is-N9B44.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\is-OS9EA.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\8c584106-ee57-4b6d-a0b0-92e67f73f076.tmp C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Standard\is-LAA24.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\is-D9R1P.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW10\Professional\is-1CO6G.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\os_update_handler.exe C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2013\Outlook\is-EPGMV.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW6\Business\is-MQQUL.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\ca.pak C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Word\is-K760U.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2013\Excel\is-2Q36D.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2016\is-M4UHS.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\scripts\is-1C1UG.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Word\is-CK7P2.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Word\is-HDKUV.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\is-12NOM.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\scripts\is-PC25S.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\d3dcompiler_47.dll C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\driver\is-CD815.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\sounds\is-F7NPJ.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Groove\is-45TB3.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\is-TVU7H.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Visio\is-QD5MJ.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Visio\is-TPSDV.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2013\Access\is-D19K3.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2013\OneNote\is-9J8A2.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\is-DG8JM.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\is-8ODH4.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\VisualElements\LogoCanary.png C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\4c364196-1d58-4c13-a61d-f63922c03768.tmp C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Program Files\KMSpico\is-NVC7Q.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\is-CN5VH.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\dxcompiler.dll C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\is-UK5DT.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\is-MAI7M.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\scripts\is-I2U3B.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files\KMSpico\logs\KMSELDI.log C:\Program Files\KMSpico\KMSELDI.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad\settings.dat C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\is-GEFHH.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\is-HIUT2.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad\settings.dat C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\6060b046-8125-4a04-8d91-69c5dd01d71a.tmp C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\es-419.pak C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\is-3IHJP.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\6060b046-8125-4a04-8d91-69c5dd01d71a.tmp C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File opened for modification C:\Program Files\KMSpico\AutoPico.exe C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Access\is-G10OF.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\is-NO4EP.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\am.pak C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-DLHS3.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\is-LKHGJ.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscertW7\Professional\is-9RGAE.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File opened for modification C:\Program Files\KMSpico\logs\KMSELDI.log C:\Program Files\KMSpico\KMSELDI.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\sv.pak C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Program Files\KMSpico\is-I26VP.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-MKRRP.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
File created C:\Program Files\KMSpico\cert\kmscert2010\Visio\is-12UK9.tmp C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-gl.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\manifest.json C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_380472550\deny_full_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1357564905\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1066959321\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\Part-RU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1357564905\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_5488_783544795\qualification_win32.crx C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\_metadata\verified_contents.json C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-gu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-sq.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_387712918\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1869597684\edge_autofill_global_block_list.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-it.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-lt.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\Google10984_2129496336\UPDATER.PACKED.7Z C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\sets.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-nl.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_380472550\deny_etld1_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-es.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hi.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hr.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Windows\SECOH-QAD.dll C:\Program Files\KMSpico\KMSELDI.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe N/A
File created C:\Windows\SystemTemp\Google10984_756201477\bin\uninstall.cmd C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-be.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-mul-ethi.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\Google6056_428554205\bin\uninstall.cmd C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_2992_1965909661\-8a69d345-d564-463c-aff1-a69d9e530f96-_136.0.7103.114_all_ad7dwyzixriyihpq34zcr5sbgv5a.crx3 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1014902142\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\test.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-kn.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-pt.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\Filtering Rules-CA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\winnt32.exe C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-or.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-ru.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\_metadata\verified_contents.json C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
File created C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\male_names.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1869597684\v1FieldTypes.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-ga.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1066959321\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-lv.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_380472550\deny_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\Part-ZH C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\CHROME.PACKED.7Z C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
N/A N/A C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
N/A N/A C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
N/A N/A C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Program Files\KMSpico\UninsHs.exe N/A
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Program Files\KMSpico\AutoPico.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChilledWindows\[email protected] N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5488_756333414\qualification_app.exe N/A
N/A N/A C:\Users\Admin\Downloads\Hydra\[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\system32\SppExtComObj.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svchost015.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Hydra\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\KMSpico\UninsHs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A

System Network Connections Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\System32\NETSTAT.EXE N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\System32\NETSTAT.EXE N/A

Modifies Control Panel

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop\PaintDesktopVersion = "0" C:\Program Files\KMSpico\AutoPico.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Mouse C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Mouse\SwapMouseButtons = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop\AutoColorization = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\EnabledV9 = "0" C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133921399628685065" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "211" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google\Chrome C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ = "IPolicyStatus3System" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{5941878B-0542-5231-BC35-AD8C3BCA6C3D} C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5941878B-0542-5231-BC35-AD8C3BCA6C3D}\TypeLib\Version = "1.0" C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{E6B4674A-6469-5F98-B5C4-421C2312C541} C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\ = "{6430040A-5EBD-4E63-A56F-C71D5990F827}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{5941878B-0542-5231-BC35-AD8C3BCA6C3D}\1.0 C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{E6B4674A-6469-5F98-B5C4-421C2312C541}\1.0 C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6430040A-5EBD-4E63-A56F-C71D5990F827}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C} C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ = "ICompleteStatusSystem" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\ = "{B685B009-DBC4-4F24-9542-A162C3793E77}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\ = "{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\ = "{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4} C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ = "IAppCommandWebSystem" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{037E6D17-C6F5-50A2-8BB1-5312D4E39619}\1.0 C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ = "IProcessLauncher2System" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\ChromeHTML C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6B4674A-6469-5F98-B5C4-421C2312C541}\TypeLib\Version = "1.0" C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\ = "{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.htm C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827} C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{615FC5B3-5D8F-5ED7-947F-743CFA72B7F4}\TypeLib\ = "{615FC5B3-5D8F-5ED7-947F-743CFA72B7F4}" C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{615FC5B3-5D8F-5ED7-947F-743CFA72B7F4} C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27634814-8E41-4C35-8577-980134A96544}\1.0\ = "GoogleUpdater TypeLib for IPolicyStatusValue" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}\AppID = "{708860E0-F641-4611-8895-7D867DD3675B}" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\1.0\ = "GoogleUpdater TypeLib for IAppWeb" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{FB3C4578-D834-5B91-838B-33C23D553EAB} C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\AppID = "{8018F647-BF07-55BB-82BE-A2D7049F7CE4}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\ServiceParameters = "--com-service" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\ = "{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}" C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\ChilledWindows.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Hydra.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\KMSPICO.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\KMSpico.rar:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MyApp\core.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Windows\SECOH-QAD.exe N/A
N/A N/A C:\Program Files\KMSpico\AutoPico.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\KMSpico\KMSELDI.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 6056 wrote to memory of 5728 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
PID 6056 wrote to memory of 5728 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
PID 6056 wrote to memory of 5728 N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
PID 5728 wrote to memory of 568 N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
PID 5728 wrote to memory of 568 N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
PID 5728 wrote to memory of 568 N/A C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
PID 4484 wrote to memory of 4372 N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
PID 4484 wrote to memory of 4372 N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
PID 4484 wrote to memory of 4372 N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
PID 2992 wrote to memory of 1820 N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
PID 2992 wrote to memory of 1820 N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
PID 2992 wrote to memory of 1820 N/A C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
PID 2400 wrote to memory of 5324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 5324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 5860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 5860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe

"C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe"

C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe

"C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={D3F8D4C5-1BE6-CDE4-FFB1-66DEA403C4E9}&lang=nl&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=JJTC&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2

C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe

C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x932e88,0x932e94,0x932ea0

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x8c2e88,0x8c2e94,0x8c2ea0

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x8c2e88,0x8c2e94,0x8c2ea0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87bbbdcf8,0x7ff87bbbdd04,0x7ff87bbbdd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1852,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1788 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2224,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2236 /prefetch:11

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2380 /prefetch:13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3964,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4140 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5328,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5348 /prefetch:14

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5356,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5684,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5688 /prefetch:14

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\dee47f94-b897-44fe-b4fc-13bc75670653.tmp"

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe" --install-archive="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\dee47f94-b897-44fe-b4fc-13bc75670653.tmp"

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=136.0.7103.114 --initial-client-data=0x230,0x228,0x254,0x22c,0x258,0x7ff6746ba3a0,0x7ff6746ba3ac,0x7ff6746ba3b8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4500,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3536,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3632,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5692 /prefetch:1

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=136.0.7103.114 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6746ba3a0,0x7ff6746ba3ac,0x7ff6746ba3b8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3784,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5876,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5376,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5660,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3352,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5792 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3256,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6044 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4772,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6052 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6148,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5832,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6232,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5340,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5400,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6132,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4196,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5348,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4192,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5852,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6096 /prefetch:12

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6376,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6544 /prefetch:14

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KMSPICO\KMSPICO\Password - 2025.txt

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\" -spe -an -ai#7zMap25799:138:7zEvent20976

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KMSPICO\KMSPICO\Password - 2025.txt

C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe

"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6412,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6400 /prefetch:10

C:\Users\Admin\AppData\Local\Temp\svchost015.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\MAS_AIO.cmd" "

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\findstr.exe

findstr /v "$" "MAS_AIO.cmd"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\reg.exe

reg query "HKCU\Console" /v ForceV2

C:\Windows\System32\find.exe

find /i "0x0"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "

C:\Windows\System32\find.exe

find /i "ARM64"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c echo prompt $E | cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "

C:\Windows\System32\cmd.exe

cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX0\MAS_AIO.cmd" "

C:\Windows\System32\find.exe

find /i "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe

"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe"

C:\Users\Admin\AppData\Local\Temp\svchost015.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\MAS_AIO.cmd" "

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\findstr.exe

findstr /v "$" "MAS_AIO.cmd"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\reg.exe

reg query "HKCU\Console" /v ForceV2

C:\Windows\System32\find.exe

find /i "0x0"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "

C:\Windows\System32\find.exe

find /i "ARM64"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c echo prompt $E | cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "

C:\Windows\System32\cmd.exe

cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\MAS_AIO.cmd" "

C:\Windows\System32\find.exe

find /i "C:\Users\Admin\AppData\Local\Temp"

C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe

"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe"

C:\Users\Admin\AppData\Local\Temp\svchost015.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX2\MAS_AIO.cmd" "

C:\Windows\System32\sc.exe

sc query Null

C:\Windows\System32\find.exe

find /i "RUNNING"

C:\Windows\System32\findstr.exe

findstr /v "$" "MAS_AIO.cmd"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c ver

C:\Windows\System32\reg.exe

reg query "HKCU\Console" /v ForceV2

C:\Windows\System32\find.exe

find /i "0x0"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "

C:\Windows\System32\find.exe

find /i "ARM64"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c echo prompt $E | cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "

C:\Windows\System32\cmd.exe

cmd

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX2\MAS_AIO.cmd" "

C:\Windows\System32\find.exe

find /i "C:\Users\Admin\AppData\Local\Temp"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4496,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3060 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5372,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6824,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6880,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6912,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6728,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7112 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KMSpico\" -spe -an -ai#7zMap20299:76:7zEvent6033

C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe

"C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe"

C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp

"C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp" /SL5="$3025A,7325112,844800,C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe"

C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe

"C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe"

C:\Users\Admin\AppData\Roaming\MyApp\core.exe

"C:\Users\Admin\AppData\Roaming\MyApp\core.exe"

C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp

"C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp" /SL5="$1046A,2952592,69120,C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\KMSpico\scripts\Install_Service.cmd""

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\KMSpico\scripts\Install_Task.cmd""

C:\Program Files\KMSpico\UninsHs.exe

"C:\Program Files\KMSpico\UninsHs.exe" /r0=KMSpico,default,C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe

C:\Program Files\KMSpico\KMSELDI.exe

"C:\Program Files\KMSpico\KMSELDI.exe" /silent /backup

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --wake --system

C:\Windows\system32\sc.exe

sc create "Service KMSELDI" binPath= "C:\Program Files\KMSpico\Service_KMS.exe" type= own error= normal start= auto DisplayName= "Service KMSELDI"

C:\Windows\system32\schtasks.exe

SCHTASKS /Create /TN "AutoPico Daily Restart" /TR "'C:\Program Files\KMSpico\AutoPico.exe' /silent" /SC DAILY /ST 23:59:59 /RU "NT AUTHORITY\SYSTEM" /RL Highest /F

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x8c2e88,0x8c2e94,0x8c2ea0

C:\Program Files\KMSpico\KMSELDI.exe

"C:\Program Files\KMSpico\KMSELDI.exe"

C:\Windows\System32\NETSTAT.EXE

"C:\Windows\System32\NETSTAT.EXE" -ano

C:\Program Files\KMSpico\AutoPico.exe

"C:\Program Files\KMSpico\AutoPico.exe" /silent

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2a0,0x2a4,0x2a8,0x274,0x2ac,0x8c2e88,0x8c2e94,0x8c2ea0

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x8c2e88,0x8c2e94,0x8c2ea0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\KMSPICO\#Instruction.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x344,0x7ff84cd4f208,0x7ff84cd4f214,0x7ff84cd4f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1956,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2052,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4692,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4188,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5444,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5708,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe" --enable-ceca-experiment --update --system --enable-logging --vmodule=*/chrome/updater/*=2

C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe

"C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe" --enable-ceca-experiment --update --system --enable-logging --vmodule=*/chrome/updater/*=2

C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe

C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.3 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff6d6f0c508,0x7ff6d6f0c514,0x7ff6d6f0c520

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1112

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Windows\SECOH-QAD.exe

C:\Windows\SECOH-QAD.exe C:\Windows\system32\SppExtComObj.exe -Embedding

C:\Windows\system32\SppExtComObj.exe

C:\Windows\system32\SppExtComObj.exe -Embedding

C:\Windows\System32\SLUI.exe

"C:\Windows\System32\SLUI.exe" RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6640,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:14

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:14

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3224,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3004 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7004,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=2164,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6800,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7256,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7228 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4960,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4700,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=4512,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7372,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7572,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7564,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5092,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7884,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7868 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7856,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7720 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7716,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3332,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7876 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ChilledWindows\" -spe -an -ai#7zMap22717:90:7zEvent4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6516,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14

C:\Users\Admin\Downloads\ChilledWindows\[email protected]

"C:\Users\Admin\Downloads\ChilledWindows\[email protected]"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7844,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4200 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hydra\" -spe -an -ai#7zMap3708:72:7zEvent5997

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --wake --system

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.3 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff73cadc508,0x7ff73cadc514,0x7ff73cadc520

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.3 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff73cadc508,0x7ff73cadc514,0x7ff73cadc520

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5488_756333414\qualification_app.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5488_756333414\qualification_app.exe"

C:\Users\Admin\Downloads\Hydra\[email protected]

"C:\Users\Admin\Downloads\Hydra\[email protected]"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7028,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7956 /prefetch:14

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NoEscape\" -spe -an -ai#7zMap18809:78:7zEvent3642

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:14

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3803855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.14:443 consent.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 consent.google.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 tunnel.googlezip.net udp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.179.234:443 ogads-pa.clients6.google.com tcp
GB 142.250.179.234:443 ogads-pa.clients6.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
VN 103.77.162.38:443 edu.vov.vn tcp
VN 103.77.162.38:443 edu.vov.vn tcp
VN 103.77.162.38:443 edu.vov.vn tcp
RO 89.40.214.138:443 dereferer.me tcp
RO 89.40.214.138:443 dereferer.me tcp
VN 103.77.162.38:443 edu.vov.vn udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 192.0.78.27:443 href.li tcp
US 192.0.78.27:443 href.li tcp
US 162.255.119.189:80 yahho.org tcp
US 162.255.119.189:80 yahho.org tcp
US 162.255.119.189:443 yahho.org tcp
US 162.255.119.189:443 yahho.org tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 173.194.210.94:443 id.google.com tcp
GB 142.250.179.234:443 ogads-pa.clients6.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.14:443 play.google.com udp
US 104.21.112.1:443 www.fogonesmx.com tcp
US 104.21.112.1:443 www.fogonesmx.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 104.18.95.41:443 challenges.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.18.95.41:443 challenges.cloudflare.com udp
GB 216.58.201.99:80 c.pki.goog tcp
GB 142.251.29.94:443 beacons.gcp.gvt2.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 172.67.203.232:443 cmpo-ns.com tcp
US 172.67.203.232:443 cmpo-ns.com tcp
US 172.67.203.232:443 cmpo-ns.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 142.251.29.94:443 beacons.gcp.gvt2.com udp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org udp
NL 176.57.71.77:443 softemporium.xyz tcp
NL 176.57.71.77:443 softemporium.xyz tcp
US 34.57.158.185:443 divine-maggot.10web.me tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 34.57.158.185:443 divine-maggot.10web.me tcp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
LU 31.216.145.5:443 mega.nz tcp
LU 89.44.169.134:443 eu.static.mega.co.nz tcp
LU 89.44.169.134:443 eu.static.mega.co.nz tcp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
LU 89.44.169.134:443 eu.static.mega.co.nz tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
ES 185.206.27.122:443 gfs214n204.userstorage.mega.co.nz tcp
ES 185.206.27.122:443 gfs214n204.userstorage.mega.co.nz tcp
ES 185.206.27.122:443 gfs214n204.userstorage.mega.co.nz tcp
ES 185.206.27.122:443 gfs214n204.userstorage.mega.co.nz tcp
ES 185.206.27.122:443 gfs214n204.userstorage.mega.co.nz tcp
ES 185.206.27.122:443 gfs214n204.userstorage.mega.co.nz tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
GB 216.58.201.97:443 drive.usercontent.google.com tcp
GB 216.58.201.99:80 c.pki.goog tcp
UA 185.156.72.196:80 185.156.72.196 tcp
GB 216.58.201.97:443 drive.usercontent.google.com tcp
GB 142.251.29.94:443 beacons.gcp.gvt2.com udp
GB 216.58.201.97:443 drive.usercontent.google.com tcp
UA 185.156.72.196:80 185.156.72.196 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
UA 185.156.72.196:80 185.156.72.196 tcp
UA 185.156.72.196:80 185.156.72.196 tcp
GB 92.123.128.134:443 tcp
UA 185.156.72.196:80 185.156.72.196 tcp
UA 185.156.72.196:80 185.156.72.196 tcp
US 52.182.143.210:443 browser.pipe.aria.microsoft.com tcp
GB 2.18.27.89:443 www.bing.com tcp
GB 2.18.27.89:443 www.bing.com tcp
GB 23.206.79.163:443 cxcs.microsoft.net tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 150.171.73.254:443 bx-ring.msedge.net tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
UA 45.12.1.24:443 kmspico.io tcp
UA 45.12.1.24:443 kmspico.io tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
UA 45.12.1.24:443 kmspico.io udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 192.0.76.3:443 stats.wp.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 172.67.201.127:443 jgjgn-2213-asd2.top tcp
US 172.67.201.127:443 jgjgn-2213-asd2.top tcp
LU 66.203.124.37:443 mega.io tcp
US 151.101.194.137:443 code.jquery.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
NL 212.162.153.43:443 mtmoweb.website tcp
US 172.67.201.127:443 jgjgn-2213-asd2.top udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
LU 89.44.169.134:443 mega.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
LU 89.44.169.134:443 mega.io tcp
NL 185.206.24.132:443 gfs204n179.userstorage.mega.co.nz tcp
NL 185.206.24.132:443 gfs204n179.userstorage.mega.co.nz tcp
NL 185.206.24.132:443 gfs204n179.userstorage.mega.co.nz tcp
NL 185.206.24.132:443 gfs204n179.userstorage.mega.co.nz tcp
NL 185.206.24.132:443 gfs204n179.userstorage.mega.co.nz tcp
NL 185.206.24.132:443 gfs204n179.userstorage.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
GB 142.251.29.94:443 beacons.gcp.gvt2.com tcp
GB 92.123.128.134:443 tcp
US 52.182.143.210:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 www.wikihow.com udp
US 8.8.8.8:53 www.wikihow.com udp
US 151.101.129.91:443 www.wikihow.com tcp
US 151.101.129.91:443 www.wikihow.com tcp
US 151.101.129.91:443 www.wikihow.com tcp
US 151.101.129.91:443 www.wikihow.com tcp
US 151.101.129.91:443 www.wikihow.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 2.18.27.95:443 www.bing.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 8.8.8.8:53 studiostaticassetsprod.azureedge.net udp
US 8.8.8.8:53 studiostaticassetsprod.azureedge.net udp
US 13.107.246.64:443 studiostaticassetsprod.azureedge.net tcp
GB 2.18.27.92:443 copilot.microsoft.com udp
US 8.8.8.8:53 o4508134825000960.ingest.us.sentry.io udp
US 8.8.8.8:53 o4508134825000960.ingest.us.sentry.io udp
US 34.120.195.249:443 o4508134825000960.ingest.us.sentry.io tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.10:443 browser.events.data.microsoft.com tcp
US 20.189.173.10:443 browser.events.data.microsoft.com tcp
US 104.21.112.1:443 chrysoeciu.run tcp
US 104.21.112.1:443 chrysoeciu.run tcp
US 104.21.112.1:443 chrysoeciu.run tcp
GB 2.18.27.92:443 copilot.microsoft.com udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 34.120.195.249:443 o4508134825000960.ingest.us.sentry.io udp
N/A 10.187.80.215:1688 tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 84.201.209.70:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.67:443 id.google.com udp
GB 142.251.29.94:443 beacons.gcp.gvt2.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
BE 142.251.5.94:443 accounts.google.co.uk tcp
BE 142.251.5.94:443 accounts.google.co.uk tcp
BE 74.125.71.84:443 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 2.18.27.92:443 copilot.microsoft.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 216.58.201.102:443 static.doubleclick.net tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.251.29.94:443 beacons.gcp.gvt2.com udp
GB 142.250.178.3:443 google.co.uk tcp
BE 74.125.71.84:443 accounts.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 2.18.27.68:443 copilot.microsoft.com udp
GB 172.217.169.14:443 chromewebstore.google.com tcp
GB 172.217.169.14:443 chromewebstore.google.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.187.238:443 apis.google.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.169.14:443 chromewebstore.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 185.199.108.133:443 private-user-images.githubusercontent.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.251.29.94:443 beacons.gcp.gvt2.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
BE 74.125.71.84:443 accounts.google.com udp
GB 142.250.178.3:443 google.co.uk udp
BE 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
FR 104.115.83.10:443 copilot.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 142.251.29.94:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 apis.google.com udp
GB 142.250.200.14:443 google.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
FR 104.115.83.35:443 copilot.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
FR 104.115.83.35:443 copilot.microsoft.com tcp
GB 2.18.27.89:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
FR 104.115.83.35:443 copilot.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe

MD5 ffda3134e0823dece997e1a4fb4fc146
SHA1 19e6b892a179ba3bddad79aebd10ae41bd219d38
SHA256 802ce5e3714c0d7ccce24629e9517034e9ccb1f601bc6d29c878985aaa9148c9
SHA512 18c583cd0bfd149d4ebb35507c7dcbdaaae9b2f68d47ebf8ba484df65bac903ac9c05dbebd7db01abd34d0240c767999af98aceb60dfdd95f0e5610313473f15

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 622df394728148301205a84224b7c734
SHA1 762af4b37811b1e93430d5abc0afd114fb660722
SHA256 0540a7c09e64f2e07f1448f3fef635dd8aaabb9db9a67fbcfb42e84540bb5cdd
SHA512 d1ab9288fb00029862f5aac63402a852664d501a45513263b36199e85c3e5601273d2e7c3536a777ee97eb38f977f250682496e199bcee9509fca8055a9484c1

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 5d30b959b391b1837c41a3383fe2c7d6
SHA1 4fbaafcbc31d9095091b532511996b58559e06f9
SHA256 12a8798e8b911f61dce9cf2861ae7cb02a5e377979a11e48bd9699eb6cd9f722
SHA512 e6b770ecf727565225ac7145c37c3726545c7545b8830a11b1ce3f20572f16a1694ef68feb2dc1888167e3d0ea82304af6e17787142b7230f5aa2ef97bdd0e36

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 593a2532c36d5e408f06ff76299a0a54
SHA1 4d48d07b3c1011bdd0d399fec6d947e543efddf8
SHA256 151bc6f7a5be219e7fdf399de7a032b7ca1d91a358569d1a6c15894225c51acd
SHA512 5c802d83adb05f8512787dd124f11c6e5c257f61d4aed02d1e9879685040b8f6389097a5319722d3200aa4a332f0e6f1ee06e77df0a957e233a4a097ad1bf507

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 67a87d9ea95a6a3efecd8f3ed782e80a
SHA1 710624182216b205eb01d81c3ab8515e72c6e922
SHA256 2c83d9735add167f9e437ae3487de8617698f43707898689ad664a2aa9aa41cf
SHA512 c10c8363e174a7eaa3e22dbbbc76b1bb6b36b4671470f675ad46f4fcf3f1585cd73df0e8d20db953a4c62a59dc3feb53f69c5fd1e6a5cbadbe08c39fb8fcfa4b

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad\settings.dat

MD5 1bc1434a31fc20416bca7d61f48c8315
SHA1 2b6d5823fa2aba78352074d1bf255eb55692682c
SHA256 512a74e68bd0cd162de30733e3c73ff258c9a23a45f99fffcc36948981833eb4
SHA512 5fa912278ef309c720b9e5bb177b49043091cb8cb994a3645b5cef5e39cfad3b09573f60673290ab6536b7baeb61d83b42809b4e06a5411357731c63f3d987f0

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 8eeb0b8cc0f90b46f6bfbeffb3715234
SHA1 855b989447a03e51b1eff951de146c4e460c2d0c
SHA256 6ee72874c5f218ceaeed93515446726b16e2d3eea7d60de533a0b3f8d601a65c
SHA512 0828deb37b0862462f5ac2bf81f03b36fe505e89803db2ed9cd19e30e252b4ff897d19631506e7bf63cd903307a35f561ad6e011dfda58ef2f2b35cec7537100

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 41d0004b3b942b74786dd132e2815fe6
SHA1 68cc3442f23568618953cbb14d14161455b2335c
SHA256 e531fd62dcabed28dd176a9c7f1f7cbc90c7f3c393ead8e7c8fda9cfcf609ee5
SHA512 f018bd68fdc85b1e1984e8f926b55b6c2845e13a321c55577809a7a2b7be2ddafca65dd6c3c30a11ede96416702409f8c5a8854584d475c6ee8802c05dc73ea9

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 0d3bba4e276e671a8a8b712b995c2563
SHA1 776bf5578f39995057186864637fea566d8aa530
SHA256 fb73e7f44bc463232debe4eee0e37cf0eed4367d618c35d10db6681997e0f651
SHA512 f6c3feb4c12cc31d20b142ddba6d1cb5bb858c5400906a740e40184284c4e1442caf27f56b36e9eac691381e35769ac094051f55ef3bbba02c10731e8252bdd1

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 dc478af46a24cdef2a94219b67147b38
SHA1 efc8f180ddb25023961d2caa35840923382eca3f
SHA256 374f50d37db4fef2b70fe71ee3f8c294d42cfe56cc764d7a069622616e999d24
SHA512 69002281dc3a6a4398e4d7f5e07eb9e1a2ef710ddbe7fca02bc67fa63889a286db7b17d9c4e3e54fbb268421610d0eb140afd25139b86b0020d204b4a36ae2af

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\prefs.json

MD5 aa2d0c0c72bb528cf4168ea91c1c9a56
SHA1 67be5a0c29b13b92dd86ba935f605c4ba7eea2cc
SHA256 e03e9d262ca3b7d19e37c3a69c7d8b46bd3f5542aa555a17d864071c28257b2c
SHA512 6bdb9a72b73f11f7627e6fca0ee1d417201b038cb255d445dd29e5f27de08e99a6c4729c4c893ffe97e4bc1835532879c47cceaa051f07b3cdad06ad17b2d5e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3d27555ce39b4e3e41b4d17d9bd83c0e
SHA1 393c9fcc7ed88e54f229540b6b6d70174d9239c9
SHA256 c667d6c8cbecc41e88f2a6bc1186b1802db421ad70544ae4c84f3af7b88cf785
SHA512 f153b62ec7e48ef6508e7b8643808266fd1fef792b7a006b44b29a9be296872ae9079a1ba5a2df0fd5e794b1867ab8638f41729f76bd9d2a0796ec04d407f204

\??\pipe\crashpad_2400_ICNYUWKLKJDEJXKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 1aa0ff5f2bad42e32610eae0c1e74921
SHA1 5741a69f5d55ecef33b19e3ac8f5520e42b005b2
SHA256 7b933fdb8fd82d1ee84ff73daf31f3cf6bee953839e12a8b3adc5673b693bc58
SHA512 60bbf62a91d3e10d05f00264fcaf07c026fb58992294d0c7c627aa33455191353972aa564a2a59a24792f84bb068ad47ddcdabc9eac878397265f5098bbfb653

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 9ef347dcd27aa93d8f7230c50320a714
SHA1 3aeab6941fe0d920258c5d29800c9b4d5c42a501
SHA256 67eb272ed8edeb56b3501c1b93a8e36af1f62a142d6b3d42bc5b30c9d7702635
SHA512 a21bf946c8c9d76f83c4cfb595e6c8b0315e148218c548190e1503005ea791b879e9be2534e2d51532eb7c498400242e9624a480917c0943776c6e07ef45bbb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 be6063af2f340f8480f2101e38952fd3
SHA1 07fbf9b3ae22489886fa656eaa28f861dafc1eae
SHA256 40e82ba7c3f1bcceac0198d1af624f55203dd27786a4fa2634a05fcc7da140f3
SHA512 bce33bdcf1c71dbb601a8517cbcbb8c0d9790724a6a6f9831df31dfe4bef6fdc716a58c8a7d7ee1d3d3df400a9d7710b8eb6567be654f2508678324d70358222

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 02f7ae9660fc5f301f953c820dd2cff3
SHA1 f9b0e2d08ab74b1edef208bda15fdb52fc7a61b4
SHA256 7c5227d6b997a2c018b2c5d8dfafe8156af95079894291c6eea7f89caf9f915c
SHA512 2cd15c4710bfa58c3247ae11c9d89b24e79546563664a12916cfd4fbe0e6106d787d6fad780c46f92c93926ddd3f4f2252454058d9628e922601521dc33ad97b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7f841338abccefa7c1bc1f0be42ced7
SHA1 021f54e110462a4329d3281fbdea091151f299b4
SHA256 a982a16111c3cd30da8eb752354987520e61dd16729c9712f9124b4bdc967331
SHA512 a935890aa44c16f5ac8caf0b308092a982e4732c9d9a07113b576eea8474d29c03b5943c574865534ae3a0bdcd094d7cb0616928a6e5273b6d6d770f7a7721c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 0357e715131a8076d10fd189cd7d5def
SHA1 5127b3004620844472acdc5d6d8464a1e409d96b
SHA256 88f40e187d40be24b11f610d733816f3ee1efe40e02bf82714c7003b3062339d
SHA512 e9aabe35ca3b4750f6ca414849875129eb86f466f781f34d577546ee6d1bdc5ac99aa442f9d67acd1644e7568b1d3e4f0ba95595e97c346222ed09ea39c4de8f

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe

MD5 64023fa99b9cafa2c6f266fb64e52d01
SHA1 d919afdbd36c41dea559571a7ca2de5abf54ef75
SHA256 b1267714836571c38106523ee017c8760e6842e7442d4c96cf9bb5b496d48b3b
SHA512 30792dce1e849fe81d7b60fe16c6ecbd6a28906d1754aac66f27cc20e2dd84b2c9ce8560963f8d8e9dba4f5f9650cb416803bea944e7bf8ead3646de5ef698d8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\dee47f94-b897-44fe-b4fc-13bc75670653.tmp

MD5 3e57a03741f6d2ccd1afda85582e6eff
SHA1 15e659d2d5fd63b69b8e0cfd3123122c2ce3f31f
SHA256 6ce061043d7742dbfbf9e37f560c36e9cd171c3133222f3b0783c12997ba3616
SHA512 046961af0c34d38cf484971fafb5c48e8198cccdbcd688eea6424d9f9fd06039bccf0809d124fe761fb345d153648b8de400441646570d5cdaf02084bbfa9b20

C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json

MD5 c63dc1c29aee7a960cdb5526d5dd18e6
SHA1 44a4c56f25bde97ce8df3210d0cc71896adfd320
SHA256 a98c9c6a1db2eb5708711ee162908b4631ac473b8ea97f4fad989e9b52cc16e4
SHA512 e7cb454afccc845e7b1fec2b5706daf8384a1b4e5bc0595db431b768390dd6233b0f97375f99cea8b2b29b9421868cb011361f1e8652eccd6d64fa5d0335c4dc

C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json~RFe57e510.TMP

MD5 2aa9e263ee3796d9ce358460a2451b4c
SHA1 7a55d937c0cd1f7543a12be730e4a78d0a14a545
SHA256 2771d13c637c267132afff9db67537bef95708534b79ae8d954254c4e64e4e0f
SHA512 4909e73ffd1a777a9f102a8831f6ae5a9091084a2755707363251f39164bb65e22c318972ea59e7155976c6a626691dfa94539ee752f58e31aa16f4de5cdbccf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a4f041bbf308442a25512e9bb6563197
SHA1 f6cedc78d457fa206cea4a189cb88bf1740acb2a
SHA256 f4caf6c28dde6b1e0f00ccd739f4d6006c32aa1350ff538cf7ebdcb61d164bb4
SHA512 5a97d0b4e759e0af2abf974fc3ab8dca7af57726b50a9bd9be283b3cc685798ef4ba7b05f33fa35cf8b78bcb27fbfce086e3487fee1e72a491d9be7243065c54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e87b.TMP

MD5 6f576f90b6e2280bf433f882940b3f34
SHA1 ae86f5755f114822a1b546b71d7d3bcb0b92bc29
SHA256 161eb8b172d5e3b1b2e6b94c4b3f8c7ee08bcf9e3473462f6984380de6514db5
SHA512 f8f7b4805a1be36473df557808e313fbe15789bba97dd2d549e3026182b4c25b30d878acd28edcfde73a2eeec9785e49fde2e13c85a7c032a2df9e59f5df2cfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdac3cff3a64f8361780798980c9a65a
SHA1 51c62d97ed2a258859cac78d4620342a42b115c5
SHA256 cb0f200a978d7588083136758d1af4e7942722862d0439ce0591e9828b5f6bd2
SHA512 0f23d8f0d48ba73c332b28c4a5f6986ec44e417b26ab0cfc2ecc76b28f4acaa8cef5bcee7f1f0cef93e593e400dcc03dbea570661815b3f852e5bbd0793bcd9c

C:\Windows\SystemTemp\chrome_installer.log

MD5 5705345bdfbc84aa97a7f8047b8e5447
SHA1 8ca9f3b747d261ed8a3e67f1c3a7d23b0fb397c9
SHA256 4e04bf79fd0b0a499e506ed7cbbab26336fb42f711a0982ccc3c92878d60d749
SHA512 24eceb218a61b3f29b05048503a0e762c7b803d2f8734808e2a12d84713a26f7d4dabc28f8dcbfde78d6cdfbd7cfd91a1eecd9633109ce9689218728a77d5be1

C:\Windows\SystemTemp\Crashpad\settings.dat

MD5 cee7aa869bf6537430d8795024533485
SHA1 b794de7ee857485dff1f0151fe11994e7c382007
SHA256 406b2da8def07648586ad87d7a779f0c816657ca93dbaa9141ca50033bc8e24b
SHA512 0c4fd595395b70bad980266ae8c2d8820a158792470386b4f109429f1a579866f31a484e047240d5c15e6c21ca049b136d2d79e807d35fbb5b86efd6933fc2cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 46909ea9247679717450fb57a67c73a9
SHA1 c6e4fa22464966e8cab9f9ff288aa6748784fca9
SHA256 f4e407e7695b058455d93b41c4fd9d6465318b745a3d79cf19f769ce13764535
SHA512 98c482f57df650965c571a0ed8991074817119b5d6da23caaf85716b9ce69ecb91c24a4f3e26dd04b26b943c3aca0befc27e22106da8f0e4d3e7deed32eca3aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bba28c0f3c5f5241d38bfdab7a8be52e
SHA1 3e871d51b84d47a274f12278a5a419cacdbb677b
SHA256 b80899f8e186f93d9a42e579bea20df1c06e2b3c5fac314363ebe6e7b22f2a79
SHA512 279a4087d8f5b2641eaafd5241375203348732f592cc9b145c3206ebebb487a8b4a74bcc7a3b344fb954dd47633c8975d3dffc088ddd9ecc096c57b2d35da6b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d75b69923dd13816ecc7f04a5a866c2f
SHA1 815c0669af46b0cce16f522353e4b76aa5360f7d
SHA256 1cb6c001b7e9adeed40325e24e747d9afc12d0b3dcd8a57ae0045f5f9ecd9922
SHA512 3dc79b30c3c42e5c2d046f12b0e04bfe9d30321885f6798aa6acb6feff5fb37652507b1372fc037c9d9763ea15198faef526abddd1b8f8d3431b0c7273a8955f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

MD5 ca0c72d9328dafe0b0e14d8e33f35015
SHA1 8cf6db3ef7614d09686e1ba89462e90a51b591d7
SHA256 7970164315c2081526b3b7b60f307f1aa1438e1b7e75d608226aaf84d262d6f1
SHA512 a959e553dbe7d09b45d84cf9406fb3a84237370c8c854895d34a3220b7900d22c008d6c8224737ba531a559f31d8fa77dc12f061eaa72264937eb8502fa80e92

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 30e00fd9524eeb3a7518b9d77b698477
SHA1 f0014fb4c9de2b63c602b3b6f60cf063ca84d5a8
SHA256 5769027d8c5e4619a95f91d5cdd515e13321d49e2bd171175c88904b7050f626
SHA512 5b9dbdb3585dc70c36fc6a2d51d14ea5e550a73b03b2dd26deea6c25f28f1184113121f126f3760dfb886ebd985928eca83ae2bc46ecd1a87e0d0dc5b8c453e8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 10bf893c6b57c1111c9f05bdf07574e9
SHA1 e48e60948b61e46625629c15a828ac22f383b83d
SHA256 d2d985ad159a6dd856e493faf52ef13f47612e5516ace0249e41513757954b74
SHA512 73b445a9f735f8c50aad353807fdca3a8def7ff440cab093ff6e69d91277c35a797a932106135556cd2cd2be8f1972bc36974bc9ec073156c50604da2e8fb2ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3781a08eebc65de66ab5e8dc2201b9fe
SHA1 8e9430cbe9d29058722b6e3081ef1f5c0c9fac5d
SHA256 1b1f172543e0b24970991131a625b511cd4273cdc11a58cde9eec9a322c073a0
SHA512 7889edc6148ec9aac557706bc5fda3544c19e76f48b9db2f55a78cbaf86e74e82c73dab9c81e82d70e253a22d71ecfa92c785f4e0069442cdfb7f78508225b68

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 715279e3233d70a7ef06601638d4cb12
SHA1 b1fcc5ff70cace20f8b19a04200bb579f6bea11d
SHA256 1cbc747d3d8a86a26a13e345d94022940ee64a519f3e7feac9f32eec51e8bb86
SHA512 9d53987c109d6b176882ff6bccedf98a23924831af30942b7a24c1a99802fb41047642be47b97f784f0dd6c6e5ecef112bf1a5c668540a703a9815a8a1f93716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b54f6b1997b1e432950752a51f49745f
SHA1 fd964509dd451ce21ec448865df30f0a401025fe
SHA256 621d217b69286be26a9ea9895a786467f1d319f2ed1b5d88002ac43aec29760a
SHA512 053744de9bc39e5b2f536ba622df4cb09a4ef5be47f01a616b06b3172520dac3b665eacbdce51e94abd5120325ff0336817065ba441f1bc539dac469afe666aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ceb736a1c6226e7da15a666feee98bf2
SHA1 3f9b90e437056e3ebd97fb6198e138d9307246cf
SHA256 1e2281aaefc4e43dc3f264e121210176bc39ac8b4709a81a1b80b2f19a8e5083
SHA512 5bed9f612a0abff57fe17867c5e12c561de9f62eb409b023f3a9c6133ce950db2fc752324070496e4567a56127033d06e305e98daa19c661bad09fd9cc536b3a

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 4134b72daf210600f94d712d3fa26f3a
SHA1 d1120722a1aedd77a52562548862f714cc5656b8
SHA256 e94c18ddd8b84cfc265fcc47b4d36d65ebd66a853c5446f858bdb335fe54bf09
SHA512 af38f7b28daa8859910b3dd3f96aad55e95383f3863e4e261b1231c3e281865d9cfdd2ab377347ad79476e28539e7bf01ad56c18ffa714a83e32d4e54e4c3c5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2af83781c368796a10d6233cc3d7ac0
SHA1 7a606793fd80309e06fb0da638f53922af01ae4d
SHA256 99ca80228c697ddc54461d81cd88e7acdb2ca670f07029b0f5935cabc6b4a517
SHA512 5b0f31ad2e0fbc87b9e3e2264c08f263ec675b74b1c73b4e51a9c65326d6125000a6ebda84128633f1f982277e3883dd205f2dd003619c327bbcd299a47c125e

C:\Program Files\Google\Chrome\Application\SetupMetrics\3708_13392139982504254.pma

MD5 1b7cdddfb06152ae01f12d9f253237d6
SHA1 1ef358781a086a0727f4fa95cd53510eb328bc52
SHA256 fd668d6edcf6b6cc176edd9bf7b0d7f1881fe2f0d94ebae656127c27a359550e
SHA512 4705c93b233be92dd2d04649d404b538bc76607bbe655d5e35a739653ac1af776ecdd12ec1cbf81476070ec5bae633f891817155014730a06939efb21bd132ea

C:\Program Files\Google\Chrome\Application\SetupMetrics\1420_13392139982582343.pma

MD5 282758ce2ecb186afb422388fec6dbe7
SHA1 b91108b2752a233759ae8821eafa557e1bbf5db9
SHA256 502e4dece48c1f58418e73ed8776e899547fcd28cb3b13e9207f4b8a7b779bb2
SHA512 90df48f5b0212ccbdff39df5f9bf7a3499bc464b5680e80ed13aaaa6b71ada2a33b7060c34952ea9d4b2c9d33933ef9b20e0d49fb02b596f96aa0e44125210ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 319a38c776fc075bc593c9725b9ba856
SHA1 bc5146bff3c417dd1c4e9a328a5ac253ca50540d
SHA256 e27d95958e31b25e30a50773dc2ef867d4ec29d79ed10d260afc2141f027c2da
SHA512 5ccbab15bc8ff86b69953b2d91bf031feeabb2a96a3d7df4f2b7cbd09582701f12fd2fbdd573fb3c4e79b6ed891126079f426d08c5da5978df931bca995d4b4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2a28254161c49fa637224eba90072a9
SHA1 0cf514ec80a74bd8f06a61b8ed308bfaac303d7c
SHA256 2d1947f082cc5578d0a15aade29c8d0d6328778a06b10ec7ec1bc8979c3f75d8
SHA512 c89797ec02940cf766404a1e6f724e15026e7cd56f500120dce6559f037f22d969b2cd80ff285bcd6d77bf9a22ab113bee21771b03ec7c158b4c5425171d8938

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf0a98315b5b38b935433a4ac0f33104
SHA1 10df0edece7dec7c0fc3b3a118143795f7468e06
SHA256 c8c9426fbeeaa4364588a6ce0fcbfd551f68c2555273997fc7d7a9c036875610
SHA512 73ee1798b5cd348ea9a3ed6be0ba495088fb345768cea7456fea64e6eb1c92fcf6b4b0ee4a7ca73660e3b650941ff4e76400eb463895d94b052f0258511dea7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\Downloads\KMSPICO.zip.crdownload

MD5 50f57289b07af78d85570d10ef3cce71
SHA1 31b0c2fe8861e165fe83b9578d395dffb00bc311
SHA256 3049b6dfa29ce152d37303eb67572364fe499fcaf6a607c6ba5f38b810925d8c
SHA512 673276c0c60b96fa98851f6f426228a5da459868a216650e5c02d23c93cba29c5ed7353552ebb9ad6daf6d4a23be6e525685be1f2ac977ee9a85925f5b2649e7

C:\Users\Admin\Downloads\KMSPICO.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85fc48cbfd07c462150565f74deb4afa
SHA1 3d2d7e6c4986d21e1a63eafbdc749f6dab6302c8
SHA256 f623d0b47add9a1d18cc206e0abf6dbc793de39af4110a763a646baad169b557
SHA512 d676107209309aeeef5cd2962307ee5e6a1421bc43960c1d35f5d0bbe76fd1d120c1f9ce2ccfb4aa21ffeaf0d7737b3ec85f23e4478a51b35c528b2f4ca039bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b49cb69265ef6816d59e02bcf967accb
SHA1 107fb691d78e1d47faeadaf0faf61bf0e0aa2f36
SHA256 41178d6b4daac778a7d7dd73f4f8933bbb080dc6f849acb1d686e1bebff295df
SHA512 3b25bf0d90fb3000441a7547b44bcc9eac3c58d2f6d42317e7eba15bc34e0acefd4b93796b2b513f086003692a145bd58cc43e20746855fd8096a6c5c22987bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1da9d45302bd0b369c329c725bbcb72
SHA1 92dd3bc80ded766539568015ec3dbd148a961275
SHA256 3c4d72f96efae4e251b30090baf4357bd406d8b65d38ebf24c51b0f4d2069693
SHA512 56ed23a08593ecfac29a5a3c4f6a95e5a16e4efa4fc5163065776d708ae6d4e9549f4eb737ca5cf722cef4097bb0481d2a9cbc20b5501ae1c325a145bcf37e18

C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe

MD5 8ab55547fce70b2182db6eb4fb1abc7d
SHA1 6ec93ba65375e4204fa144090382300d9d63d881
SHA256 235b07e28345fcf1f8380d985e77f86c80b43448f43d7b3b7553b76010f1f241
SHA512 d8cfc9a348ae93b302e602cb35c96d0dd7ea228e15ac491189fd1318e13f8b3deab5e5142ced115c4b80c08e5f23e44f8e988f013eaf7d08fc5e2c49624b8099

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe

MD5 b6692d8ccf9c170e5f962a484bc3abef
SHA1 cefd818d91574de91cb816acaec5f70ef689d547
SHA256 99b157ae6556a8edd5c6d8e1f2a841d6f852c85dc7770bf83f0108647a933998
SHA512 312604e84001519e9b0f4f50f9d7dbf8e0ea4bc45803b1f08ac9afe2584164d12f74bafff940c90abf87c57b65f378975d78258d202e0f07a5226eee76a17a11

memory/4576-863-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4356-864-0x0000000000400000-0x000000000080D000-memory.dmp

memory/4576-865-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX1\MAS_AIO.cmd

MD5 51d1a565dafb87d618fec0487618dadd
SHA1 d818c140b322dcb6d1097a6fe0dbb2f29e4efb63
SHA256 99b9d8e20701ddca02676146f7878ecc79bc403cb7b51fbb1b15b2d8d8bc64c4
SHA512 8a1e5f34b39885fd251b457d17fbf038c35e1e3ec090b011707b5135cdd3ff50287e78510fb69e61c96c2e2c1ee15137b21a36618f0df9ef6e74216789a1361a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bf0602c285d4a6f10584e043535121ab
SHA1 ad3b0b308793e62243829399c983378b85a3c24b
SHA256 82699bd3010ff0dcad447e427d5198a850c290092931611199086a78460e9421
SHA512 e3f3259cbbb19588e712a953e078e6a731f1b267e2b476ebecd3d772ba7b32f1e85a9c56b6ba291bfdcd905530620f62a6fa7c09b4688dfb6acd944966b949af

memory/4576-893-0x0000000000400000-0x000000000042F000-memory.dmp

memory/656-897-0x0000000000400000-0x000000000042F000-memory.dmp

memory/1340-896-0x0000000000400000-0x000000000080D000-memory.dmp

memory/4192-915-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4344-914-0x0000000000400000-0x000000000080D000-memory.dmp

memory/4576-918-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4576-921-0x0000000010000000-0x000000001001C000-memory.dmp

memory/656-925-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QS0IAO7S\success[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

memory/4192-931-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4576-933-0x0000000000400000-0x000000000042F000-memory.dmp

memory/656-936-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4192-955-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\72a1ea4e-0110-46d9-a91c-53e9dae17722.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

memory/656-967-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4576-977-0x00000000005C0000-0x000000000068E000-memory.dmp

memory/4576-978-0x0000000000400000-0x000000000042F000-memory.dmp

memory/4192-994-0x0000000000400000-0x000000000042F000-memory.dmp

memory/656-996-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d56bb54386a02da54ecf8a97e22a38b6
SHA1 ce112acf0f65f82cc6404a4c3b3765af4744cd6f
SHA256 0a68c73b05f5e25fbc8cafa90e9d5c4d277e75c81537bd5cccea28378016a65a
SHA512 a8fc85ba0df9a53c346605ba2bcd5a82cd2d76b146ee10ff4fa9fa3abe6fc52d6b3fc3aab971b8b52bec8482f1e03bc4d864ba55f69369786d20b6f8f2a3d2f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bdfa08b0e7423bea43efa8af5b570687
SHA1 9f810c95a1663d99045ec0f8ea11a5ef0c3132d7
SHA256 e616f54e96ea57d413b21898dd1ef83ee7cfe73ef3aa1a91b09f1ac25ba5b002
SHA512 864f6a6ff8fd0de24b32d42112eedcc372ed7109838d069e4afa08aaa4734b4c2a4ecc20f3f50c1a1ff1b04fa6e89b8e4de38718e0c4bbb56cade8a06dd80e75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6b1d257bb9699b60c3339e048249db6
SHA1 ce0e9df8d983bc68cc9babf16042352f9cf5f03e
SHA256 e5ff2115e7ae86334bec0dc9541e5a865b26d124d05074898dda2730e47ad338
SHA512 9588aeb5b60d57ee0bef373326ffe766e87697e7aeaff68778f0d2373650c28c2240d3aa5f02651b393bff8eb5052813c3934ec01e60550d4734653debc17716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16915965a28a3d9e6c6d291d87ba1be8
SHA1 2c32db2ab1dab890e50e3fdd3d7dff03a622169a
SHA256 a46d266f4944b8b94b2d9f5b941c9531ba2b0945d2ebd5e5658b6570f93f0cf0
SHA512 d8770d42f636d19179d0a64e5bc80ed44e83dfadd635baded79b1a2c579a72a5ba6faf699aaab4efaa7b49f63d85c483fc2a303b33730c5254241df2b54e8b90

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d6fc4cc16c5f879475407fd5336886f
SHA1 bfee20a939c2274f864c727da47d0169e6484923
SHA256 38d2bb2171c6a01d76e6e8edeeb25caf23bea4aae931ab45dafb42b3bfff6d58
SHA512 b7e7dd7af90e2b3422dbb1af58068cca279c2f8e7bac64c6e4e2aad72ab63267a48e9081a3b4d454dbf392aed661964589d1dd3e1c2eb5c005ad261ea428e4b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5fad55d5842d12318efbc46c275c1d63
SHA1 f15acb5b7211d07207f594d9f0be82b0eaded46d
SHA256 b1d3f0ccc174d0fcee95ed9f0cf56b707b21a04dc4f54d5cc4f512d21cc9b784
SHA512 63924cb17aa772f150496863623780a07604b3484134e176833d32f0ea088215d31872447b60a87fbdda2c023ca9f4a7cf5c37bd0320f9b970ae633352d6aeff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba766bebc110c48f7394220a502dd6e8
SHA1 466eb597fcbc8a509ae966ef3728475b2eb46615
SHA256 5c7726ed17ea869924c010f736a50999e4b567c54745d7c26eaa10e6fcd4a4c4
SHA512 585705dc81e23794d0fdf95c2796afabf2701afc88aa21b3a1f0a5c8f4dd328680240a6878d8d5b8c7473905d03705fe94325144bc16340c919fd667922fe66a

memory/3660-1296-0x0000000000DC0000-0x0000000000E9D000-memory.dmp

C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe

MD5 a02164371a50c5ff9fa2870ef6e8cfa3
SHA1 060614723f8375ecaad8b249ff07e3be082d7f25
SHA256 64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a
SHA512 6c6903f3a3092fd3d63c373189f2c06e12de032ee4fd6b80a15f58eaeb2079f3ae8a8bcdac85a358b1f9070b192b1c8260f9aa127d009b5afce475f966e91326

memory/1304-1316-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 997d43b76d8af3327722f1bc8adc2ce7
SHA1 84019aaf118b8b0989882aa0c6e1105a67c04d5c
SHA256 10a26c37ffd8efedee2322130230e7b661377b319f43fdb2453aa4b6cb4a5ff5
SHA512 3e4145ec46bbf1f18bc3aa2a173ac8a46939303b7a064bcc69824d6d7e2c6a3ecd0a571a5944f111ce48c6372a7a4d184cc52c8d6e1f93e8cd1aa69565921327

memory/3660-1332-0x0000000000DC0000-0x0000000000E9D000-memory.dmp

memory/3032-1333-0x00000000007B0000-0x0000000000B1B000-memory.dmp

memory/3032-1336-0x00000000007B0000-0x0000000000B1B000-memory.dmp

memory/3660-1337-0x0000000000DC0000-0x0000000000E9D000-memory.dmp

memory/5020-1339-0x0000000000400000-0x00000000004C0000-memory.dmp

memory/1304-1338-0x0000000000400000-0x0000000000417000-memory.dmp

memory/2536-1343-0x00000000FF440000-0x00000000FF441000-memory.dmp

memory/2536-1353-0x00000000FF440000-0x00000000FF441000-memory.dmp

memory/2536-1347-0x00000000FF440000-0x00000000FF441000-memory.dmp

memory/2536-1345-0x00000000FF440000-0x00000000FF441000-memory.dmp

memory/2536-1340-0x00000000FF440000-0x00000000FF441000-memory.dmp

memory/2536-1359-0x00000000FF440000-0x00000000FF441000-memory.dmp

C:\Windows\System32\Vestris.ResourceLib.dll

MD5 3d733144477cadcf77009ef614413630
SHA1 0a530a2524084f1d2a85b419f033e1892174ab31
SHA256 392d73617fd0a55218261572ece2f50301e0cfa29b5ed24c3f692130aa406af3
SHA512 be6b524d67d69385a02874a2d96d4270335846bece7b528308e136428fd67af66a4216d90da4f288aeefd00a0ba5d5f3b5493824fcb352b919ab25e7ef50b81c

C:\Program Files\KMSpico\UninsHs.exe

MD5 245824502aefe21b01e42f61955aa7f4
SHA1 a58682a8aae6302f1c934709c5aa1f6c86b2be99
SHA256 0a265b4bb8acceafaffb001632fa7e4c3f8ac39a71eda37f253e15bc1b8db90d
SHA512 204b39e31f22ba99cf09c5c8458fc94ea21b47aacc4abd305f71ba20a35d36bfc0ff53b95180542911c9c6f259db897dee76090d953f7ee18a8079caefda7981

memory/948-9473-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files\KMSpico\KMSELDI.exe

MD5 f0280de3880ef581bf14f9cc72ec1c16
SHA1 43d348e164c35f9e02370f6f66186fbfb15ae2a3
SHA256 50ebfa1dd5b147e40244607d5d5be25709edf2cc66247a78beb920c77ac514cc
SHA512 ac31a972e9e93e6671f44d403139b0db89d950097c848fbaf6b9965b722215f74e9ed9bb9e083d31328101e6fcfe7f960a08b3bea0813900f11d5c1bb40539a6

memory/948-9762-0x0000000000400000-0x0000000000417000-memory.dmp

memory/6632-11303-0x000000001BE20000-0x000000001C360000-memory.dmp

memory/6632-11237-0x00000000009F0000-0x0000000000ADA000-memory.dmp

C:\Program Files\KMSpico\logs\KMSELDI.log

MD5 aefae2ff8ec7522b277fa4cba143d87a
SHA1 bc9ce8984289093b77a179f8005fa37979a7bf7e
SHA256 e0256052838d369d85a26f90ebb5a8b267018e6b8d7e8f4af6f1c42df252437f
SHA512 ed1641868c82f239af93bc7e1237175604300778009513d317702a7519842f123a96911f1e3237e08c802c76dd5b569736b2e49b4ddc2a9b7e0dc0516556b4f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

MD5 9e53e5fa7c169d75d2765f2bc82bd0a7
SHA1 852cafb4c2b2c6b888f93c195db5791d0a23e3d3
SHA256 ca097acc3535bd6ed087707239a824690bf9ecb3fb4ffb693bb9f36f7fe6d28e
SHA512 9835533055a02adac4fabca4e8939f6ada9071c2ec991e8e8655188f5de9d224c177d1620e8be220645bbfae7d802473b36afde525d23371cdcfa7af52b8514e

C:\Program Files\KMSpico\logs\KMSELDI.log

MD5 be319ea4746b2489e137da1ed4c46a49
SHA1 57750cdbb09220c72f3699005f55c36eee57d06e
SHA256 ef3cd05b5a11a540096a5c67b930312457910b401ee5e4b12f70ec65bfda6ec1
SHA512 7b2dddff6616a580fb041f2776b232762d73aac572e8069d1da2a23ddca1ab450d3aaa766cec82bf481f21b1b86f07c9b18e75cc46fb7d86c8e717429c2c6e19

C:\Program Files\KMSpico\logs\KMSELDI.log

MD5 3b17ef665ac1515402cecee3940a2f56
SHA1 46515c1353d2af4d51ab6f303e3d12bbdf5c14db
SHA256 84a2bcaf6e4cbb64475ff114a4331e298cc8231e7f73ccfa12d90b7ab5090e9a
SHA512 e10f35564f75cafbdf5054c3728df3ce023066e1e8774dcd3f267348785fe897a153416ae807c729981e9c129235d7891996920017ef9ca40dc7c7ac9449f53d

C:\Program Files\KMSpico\logs\KMSELDI.log

MD5 95f3d2573fa928b6fa50986b1b20ee56
SHA1 6990697304229d8b80a65cb1e99f61b52af41648
SHA256 6071a355e4fbf217f78a4b953a9b0073a7bf21b6934d2edb46d61419b39d89e5
SHA512 e540602ce089d0ad6dc1b56e880c8fba14cec61324d6f25b8b3574388348f82b77518d5c802c1a71d20c7ad713c474149da6ff11f4f79ed29ad0dc6bb3053407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 130d9616d0630b1904f1998da47bf715
SHA1 822d2b6d8c618dc5eaa41189e3693132fadc800e
SHA256 8aa6a7059b54b943608f43706cae08d1b5507ec818b291c2c78b596335ea3608
SHA512 0806a8f95665ad6a9a6137bf7f1eaa9662baf00b137a4d9a15007f3f7af309a2f74c3141bdd14d37728adf143973e40b1ad1993550b2817cbd872c5f92eed1d5

C:\Program Files\KMSpico\AutoPico.exe

MD5 cfe1c391464c446099a5eb33276f6d57
SHA1 9999bfcded2c953e025eabaa66b4971dab122c24
SHA256 4a714d98ce40f5f3577c306a66cb4a6b1ff3fd01047c7f4581f8558f0bcdf5fa
SHA512 4119a1722202bbc33339747ea02fd35b327890d55bb472cd1e2146ca446d8ba6fddb1e8cf8bbfaeb08aec8ed2a9d5c0fa71b73510d409ffacd3908fa72bb53b4

memory/11900-124520-0x00000000004F0000-0x00000000005AA000-memory.dmp

C:\Program Files\KMSpico\logs\KMSELDI.log

MD5 51aba7089689c3328c98b7978a21ea87
SHA1 d4f2f56ffdbaad5ac93577556e32ade9653b83b5
SHA256 1df14eeb4905fbc144f6522719973f00fbea46e1f2ff37ebf4abf9e0e53d0204
SHA512 c60783fb988481d861090cfd2cbbbc3b269eac7c4af3150a76134d0adb609e9d55369402f37340b24d2700287a54f888647d6c6f3b013c1867ebc360ca06a904

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 feb0cf13c082d7cd1951c1251cd56a31
SHA1 28b58978fc28b6e0a418ebd9f654129f1a925b25
SHA256 8c8177f2a0e7903ff19284693c05efee57894be510f669e6215d5615b9841425
SHA512 2ae58f3d98290a51a7fc846fb2cf4bcf098206a95308483b8f0ed0756b5f4a1083d0639c3fcdb4660a8f8bed7a5ceffdf5106db6e29281c3a773affd56cbc509

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 9ccaae73e4db3e4fb098d1e68cb26c82
SHA1 4c11b486f714533069cb18994f7fc8ae49e7a00e
SHA256 d6a2a710812bc4af90aea9d560b776962eeb1a476928efb36ac939897147441a
SHA512 2c8fb9cb94d494476a2e4e0df52a21b6c83eea291b6500fa8a9cb8f7e19f4c0fec1a1520582198f58ba71d6d7b58700fd94d490cd336cdc5e84e6f00de6eeab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97b531b695f3b65e8a9c0b8711b6e2d1
SHA1 955870c651f4c2eff4c1b44018726aaacd03324b
SHA256 5767acc679f55296bc18ea8f4644e39983f78b2c4554010fe5ac21179737d46a
SHA512 d7f27da009c187e80eaed3551a4f912304c7c60496068b45aa3808169ca1ae6776c006a4c5236f5238396d3acfe76106a837ee0b882cb332434fc6f36290bab2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d6f3f2c4fe28835dda7c550005f3100a
SHA1 f0ea20d0d93f59e155fa67e9765770aca8d21c92
SHA256 88afac386ab5b1c9751b0368bad19ec47df2c9d351fd30cec3379db22dcf48e5
SHA512 c429abfc68c99455c4e4a414a7fd209bc8561f2abb9297299d213bc4c789a7679843896a819e53618655330ded7213b027c7b19a307b0a81a17fc932cc31be2f

C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\8d462e8386e76af6b0c098c3dec959fde2367eb3a1aa0d49313bad1c63bceb62

MD5 6d847393f9094c1d191475939e0acb47
SHA1 6bf419eff9297c99c103f89cb23b52d5e7f50093
SHA256 8d462e8386e76af6b0c098c3dec959fde2367eb3a1aa0d49313bad1c63bceb62
SHA512 f21bdf989915ada06d6f1a32d9b54ba67e3594dee302548fd2afd5ef6f635e1169e688539c152c96c4fbbb9d4c9298f2fdd86d85f6c56c39d542ebcce249cb6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 371294454b39042064813ac9bc47fd9f
SHA1 56b036f4d5dbb89387d2c7d8322ecaaacc876eb7
SHA256 7070c3c375ebc3089e12b43d36fb3ea561eaaa91a900b78bb0892a9ceebe4b49
SHA512 812ca239d335a8e9f32b765fb0f70be6e14bde0abb6de7f4e7b68ec0cdcd2b08bf7f0b770317deb5ff69b82d6507610622bd00486cb8fc57699daba724fdd510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 feb5a12d3f70c17583f21872a9f643c6
SHA1 3565c240d6a2570501a0ecf5383559add8e313d9
SHA256 3349d73d8de35c63f0ee8999f879c1b7ada57b1916f906752fbc9182aaa8f27e
SHA512 4cf95328d8c124da540477560169ec7c72ea8690fcce3e9ba0fc8220203e5728e65a588d89368935a79bcd4b7e5200266749ac6e12a8bdd417bd5f815e78efdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 59611ca3a8485abc30e9b6bb49c1d1a3
SHA1 f06c870c8c5e3600523228a502c3c903e947a86c
SHA256 2180f4d707631e4068a4c0f8cefa1da94af86c11dc5fea8b75c8ea218e7c11dc
SHA512 ab61d30eb84b07477438be57cc4f8462315e9d7ef1d803da28471b6b57ba90a53e53564fd0a47c08028844cb15665bed798bb6c87ad1a6f3fea673c717bed3d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 29c2ac894df4ac3a1c06f2ccd30865f9
SHA1 b9eb791b8961188b43c8e8a7f99e3264952d62f1
SHA256 12777c0cba32489b24653c827d7019c2efd53984601ad155080c4988370f8b85
SHA512 229fec40f16085627eb91239e7880b9eea7c525e25c75086d2a0e0bd051d2ad29a9a2eff49cc1bf700822f537f570bfbd9e8e1e405a89007f65066b147b49d8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Program Files\KMSpico\logs\KMSELDI.log

MD5 b386a893e55fe98301314a09a0063dc5
SHA1 989db377cc02aa1d4078a3f646872080adb72558
SHA256 7ad70bf75af74f31b46a9d6d0fee384fe192eea8288ac70de6cc11b1e8c0890f
SHA512 1986ab2694fb226727c821b0c94fc0e88d575ae67f045bee7d6b1434f18e509569f3d16d942025e5a7fc9806df779efcd616c3016fdd881f911097f674ad1136

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Program Files\KMSpico\logs\AutoPico.log

MD5 7215d3613059fd574ba11e9199d12b0d
SHA1 7b802a708af18763d20e5b03844a56d61171502c
SHA256 7645565203cd64c0e7cf11484ed3363bcdd65ced1459e2645f03cc1ef3a4d2a3
SHA512 9fb66898b3dd637cbc6529c6e3e39c323bb04e631974776e06eb701b3160838d4a6cb3aa627f7574258650dc263b543da3b23db3864631a2a7128a3b5cee2c4e

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 4b78ea595fbb31ccd695233717c5ab9d
SHA1 8c0e953807128d58ce82d67f97b3482111d2bf70
SHA256 809e79c8ffcd971b588bc2507601299217261b67066df2157e622d5cb9801bac
SHA512 ab33321b4d5871fb12a304b613b10994a659f992d6522f3e6f91975959d793fd8a6c18e1e0bda39eeb5343262ecb20105ab37ff55a8c11b03c12cf43ee20f1f0

C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json

MD5 7af2f67e4447d6fbb5159546c5c764f7
SHA1 b73ba42e70a18a10a91951488afaa0beccb8203a
SHA256 1610d0bb4d427fcf87ff37ae50ab6483ae10e4da41ef31edbe5bcc1f59b95a86
SHA512 3b4332487f0aaba893e822b170af7d55bbc47e28b636e7afbc635bca105d39f1b6c084e024dc91875e62f84cfcd069a6ea5614c5883c6fe7de48d48508f61d30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a16034577b6c64c4eee60e9968e8d2f5
SHA1 167e43558cabeb5af215e5f8c3f2fa6da044009c
SHA256 84783700347c0a7e5a0bfd911e501ed1c9e7a1d457fd929fee8af7802dc8053d
SHA512 5378d8c4ad2927136e09e3229affe4afc47a268f32cbcf8be9b81dd43323853ea67f1cb6597f20c84feae4dd02d788fe23d660f42243525b075d7038c0c8ee80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d86a83c3d15aacd628e46e05af862bb
SHA1 332bc810251597df14c80e571d800d4418aa7f6c
SHA256 e4bb390991530ff6a1bc551bf272ddb7d66f9033d7ae37625c78589e21c90a3f
SHA512 13672b5438c77ba1de0016416adc19b56298271d0d7c750a7ab4262b26b73ec2ac2c7a47b1ab035327c9dd1580c612b0b2add7c72bec25afa1576c1444f2dce6

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 845f5e16a7cb826993eb62257cdefdfb
SHA1 c353aa3e1e24d13a8e0d332df7f6a3313ba30a50
SHA256 22ad2f954435abef2a14e42945fad5d803806ad744deff8b564575fcf68c944c
SHA512 df6ff424a42cd699d0a39e77bcd01c6abb29190e13ad888810425c1ee09fc7dd7a9f5188df82d5b6db985b71ce97765191c9d79096226e9793734bd46b35c2af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e25c6.TMP

MD5 35d70980a747f1d808494fe8d0b70415
SHA1 a9e34c3766233cd0df3e4875c6a617d80c958d20
SHA256 f8557891154a5f3237925a15f96087ae8dcecaadc6ffd63a88101f993335d832
SHA512 f013e74e34b7f0e9662a5753be299bc8279401bf1be4d822bde5198bab8053954d3c0b694343407fa57edc9a1a3381b9e801a39227b5e89288bc534c513cb0e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c4eb768ac28ec32442338a33547a85a
SHA1 4364dbd278a8d8553e882683cd897097ff0f15ef
SHA256 6dd7de2c3a94cdde39fdb484ea84a14a9d3a2dfc7937463b508392dd7da14acb
SHA512 9084ac90caeb3e066b9d002a82d775aafdce386765488b8fff02ec26baeac43005ebb8103904ea54ac061bcb9c82980391044ba90f327a1ae62eb98726ff68c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e7e30692a4e76c8eb8c6494e95123d66
SHA1 3dc1d73d2bd2b73ab18766cdc7bbe6471cefe939
SHA256 6a3aa5e1fc8c1d2c76953371fa34b410c2e0e1c6fec8e81e6caa684d8a38f0b7
SHA512 775e6dd9c51158d29eee278f09c5c67bf1da3513b957daa4ca34bd5e4b3e1434c2b6a2a5e65e1ff4464c51e3c0aad2b7fafd8d48bcc827fb450e2b7a73c1ea3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33ee971313382f0ce66c959636af3867
SHA1 37914609a9b1a7c0ee99c75bfb23ea5e8f0e42e1
SHA256 f08528578ddee59a40057a0d28dbc2a199162c5b4d69e614068eed70816f8e69
SHA512 15e2d15f1c7ee69a4b64c8675e0cd1d7f6097d343e1a43ebd200403c12df518f1171624d95a2163bf23875fbc5e984e2827b6e193a638c4366869ec2d7d89f71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 c499f1fc8cc86e175c90dccf1496d628
SHA1 4bb890c851688d30adfc2bf6d49c0632576b7532
SHA256 04976cdf025d802d79c84d75bd7b6dad1b01a3b654f79a926e09fbeef2191355
SHA512 19c954536aa972c86af9acbe4475cec558f1a010bb67d65f30a615a5b2b7f5d22ba0430534c01d311b52145b9229dc43ab2fedbab8c00fa94a29a09541d86b5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 746d765d6f3d4e06e8bb95bfb5869bb0
SHA1 984e0151726a57c46e0b524ba730a61f99b4fd9d
SHA256 2bcbfb4323dbf1b34d076856b459797de0905437b7ce580d357b1e2e0877e35f
SHA512 5e532bab47f986103a94a132d6d9195801096644de29b68be5c995d6c159a26e1feb0a8fcbaab7e49c34c0db7cc834980630a042f72ce8037d10f78970ec4331

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\manifest.json

MD5 c3419069a1c30140b77045aba38f12cf
SHA1 11920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256 db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512 c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 fe667aac020a2a9fb065318625a7b9b0
SHA1 f9378ed86f47ec10be516678c7e8c3a46b5600b9
SHA256 f9a06ceef537b566861dd2583cf6977c1d3adf2ab219e1e2cfd62e630883c44f
SHA512 4dfea990d94b16efdce44926bc374db4bda8a044a3434c0ecfc23b7c3f9036f00681c5334311150bf172c8db853a1c575050dc445a2edb7b75d3e11625f04c13

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_387712918\manifest.json

MD5 89217e000f3145a2523e43f947208e79
SHA1 cd7915d003ee87f2babc9ee9add12841022710ac
SHA256 6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb
SHA512 385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json

MD5 03f15dff10ac451682f8a308674ddf77
SHA1 c723e23c49bed8a52b8f947b2cb8879a110fc94b
SHA256 f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4
SHA512 df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\1ebd2abd20952511_0

MD5 801cf0335c4fc29c37c854934475ae8c
SHA1 a73da5fd28c410d28cf07bc5fc040ec5b6d698d2
SHA256 5a874142c2d6aa91429b7e8a9735faefb3d5ba8524eff12cb7ea09a940c64c00
SHA512 716fca0a58c165ee10da1652b7d567135a05ff5f06de5dfa72921a51b44923c099e21890b62811e8bd4f18b9ef7f0c2fd953069f607053f7fdbf8a6da4a6000b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d38d88125f9dfb6d10ee6bd2e59782f
SHA1 f4ff0d6136cf20fa27fc3b5f53b4616de1d29e21
SHA256 be804dbbb423f4ccf3bff4e205727e6f7dd57f0b6183cdaa020f35670b4c4c3c
SHA512 376a7eb4a09586eb2c9db2cd1357af44b65fb814d478e491bb9facba90437e5f94f28a9d2a117dc2e1c54046033a8554b6eccbfe21cbbc624fdfb3e3fb16e57b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41ee5c9bcde24aeb6f202be50b31332b
SHA1 ed97216fa6e705e16994b5034eabe07da2c838b5
SHA256 4839194a8af633d2dac5215edfa2d7b8f84eeb172dfb399cff021a9879b38cf4
SHA512 35fcca1038e7fcab6d333b95f8b99748c79eaff37ca3ed00a1c7d50331bdf7019a7823f40670f62204f7cccba01b6afeed5e86ace8eba18f4adaf4bb0c05f93e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47a8cceb594e9704e241893a2ad52bb3
SHA1 560c0db1be023c179ff872c2f5478c201d99703f
SHA256 ffff2578c929f70893b21f425d22c8b392cc8c5a88d3ad3537f2ef063c9fd8c6
SHA512 243f0fd4ac09015d18937d70c795f8bda3facf3112e7d95800c0ccd9b6ccf97441aa63eaa26e89eb524606d89608f742ef1c700563e7a8de61faf904b29451d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 f447414bdc80bc0c3dbe879c831499e2
SHA1 b4563c893b82701721aea465541a5c01b456a287
SHA256 e2f51dc0e2dd0894d754cb9be8e072295bc564e846ca8bf383624bb700753bd4
SHA512 c0f499b5f64b6a95d1b5d4f551e3d38299108baaa58670fa3abb1d4b0666fd2bd5a3f65e99af14e5a76b8bf1a1286086a0637857d68ed3fe1507c8d5aaa52814

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23092c50543785e845d832afdaa35b54
SHA1 762e2af6402cfa0070ba1ed4ef4205266bb4bf67
SHA256 aa679fa0bef6c1e834e25cae0b99795de41ddbebd0381fedf1378a6bfc667624
SHA512 bc6f7089540f8a5b01f068bdd19af409a3a9141e940926b7696ca03bc4183543540347b5302dbc6fc512164f7c50fbcd7ce4cc1ad5e4a10d9e2f77bcaf4c5f1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27bc66e247f8a868e7914cafff7ab95b
SHA1 90ddfaacec0ed2d261e2507a9a0d98db905549ac
SHA256 299570499d0b09b01309002e0296419a17893d78000f99dffea7a84d090b8c83
SHA512 a3a6810f23d0e4fcee0426a02280402d9311e387760435324c62038d6e8c4bb6ec40277a0ce64afb77953118bbc21844a8f22107fe4246f1c6cdb0ce7908229c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 9436affc97843765a966b3568fa7e5ec
SHA1 7bfda74bb30589c75d718fbc997f18c6d5cc4a0b
SHA256 7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916
SHA512 473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 2d0021d7a4e87ce4760baf2120cc96d0
SHA1 4526a9548e69d9cafa8b438fbeca54122e80d589
SHA256 c91fdaae185a9c1cecfabb2078388fb3c7e38f5dfb6d35fc5466a127f5090a62
SHA512 43c8e4b35ad3e1570c7e1b419e3a10d6104ceece661874717da00f07bc96134ce33378ec8ca3d5fa8180cc4847c2982c7408f45a19e5c6d4a4fabc3feba75cfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 b9132df98b5513d561b5bc073b7149a3
SHA1 b80b365943601b191cca904b66bd9f367cfaae39
SHA256 4ffe9446dd873ec420ca3397dfe970b2d8b02862adaa2567ae582aa9561d8009
SHA512 4260de3cece0641df3e9d47cc1456cfc6effbb528506deef148b2d0b58a8c1d5daba84069343dbd372b9a23edf87c83c1b58c6d59a7cb69f6bfcdcc39e665811

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 5ca16ce263586f7811f2a4f54bd98713
SHA1 464c41a76313a92e638a61652f2ce05282aff7ca
SHA256 a6900da3c4db77ecd85801601d25600ea403ff584af0f9b09ffe3b0ad3c9cd20
SHA512 9f2e3f53c87ec9b578e3926300e5a0c82a2b4748701c70f23b18eb4071f8f97d8512ad809a3132d8446005032eaedfa46a397a1de6df40557cd7a96e22b95346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

MD5 568e7e61523398473af556dae2918fb7
SHA1 4091b1e52408b3ab3d34683f0b442fa35e661f9c
SHA256 5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541
SHA512 e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe602186.TMP

MD5 283c90462e85f0c45c70c553ab126740
SHA1 7019e6fcde35b6235252415ea6545ea7628d6b91
SHA256 351d961cbc900ae2dc45e657680d823a837db95cf7a454ada22c0171072124c1
SHA512 a1149ff41759355e70884d5f524c5ab56690122dd569a659f81754683b65e839b46a039322899361a020479a484d47256d48c8b8af23b28daf3bec86b758a79a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\edge_autofill_global_block_list.json

MD5 83fa257627cb07f25d59201b73b39c90
SHA1 4f0997b451e4c4a3b4d6b6641eb9ae27ef2b2e3d
SHA256 dfe5c91426765e7cbd52598f2de41e5196cde1242dd941a824419ec94224a135
SHA512 bc7258fb88aa77a36f2145402b3fefbabf3e21473294f1227b0cd7f3a75ee9f1e77bd30e3d5df740340a7f66d25d5637c6299d3cd3c50181bf5beac4f6fb33e8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1869597684\manifest.json

MD5 4e81f856241f98ee1d9f66c50d82be04
SHA1 35baa5754a213e3238d8827cf1bea868f9e8187c
SHA256 3cd3e4d5f61b46b8ce46662b10c6ba8fe34ac8e103e15f672fa7fb222b8416aa
SHA512 70643b61d2c7769af52a34c2d87f6230cb61985decb865ecf376855b3f1888fdf3aa477573f647e2e09c09ebf036a711b5a57f333f0285d05eae5972c7d31afe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\autofill_bypass_cache_forms.json

MD5 8060c129d08468ed3f3f3d09f13540ce
SHA1 f979419a76d5abfc89007d91f35412420aeae611
SHA256 b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA512 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2ba5c5fdbdf81608773db963386b2a9
SHA1 5ff849b17c49d117907588c35109816a289ce604
SHA256 9b67ff71a3ee5a713fcd1a33536fb001497dc52f832e99afdf9c3a4360aa92fd
SHA512 05c60a1b03089dee1182a07657576050a0e9ad2424962e3403bf7a3091c73d16a78ce1d9119501e1fc7f5763093cdb73f58ab0d36cd9f332c2433c232418817d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 592fcb5fa047d4d161981fb7bbe063d3
SHA1 1002fb1843215f16cdb0ce8595efafdfe2bc463c
SHA256 7ddf90f5cd29e8270b1e2f2eca15abd4573ae55fdab0027a75ba54266ed6922e
SHA512 11ee5eed9ac175c38a5a218c0bdadaf562617a2a5911ef697f68c724ce891e0087cb735177d6fe1d99f968853b00c278006a5cd9dcab3b3a4ad7b1e521df2852

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7f206da9ed736cbfed00e58edc87800
SHA1 8f8f0b7a94ee43ab94943fe8c8bd8b43072555c8
SHA256 08dafd3ccaf92ec5ae6cd8cef5ac9d1e3dfbba3c93060aae0049832042d5959f
SHA512 ba39bbebd9d8b2b0377780e82d2f6d076d44b4adff06b3f8da0593d1659e6cbc170ae905fa0aa76526556e3c09b32c21525ca63c1429e4473dd2735b1e12412c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bba7312b8792cf65a379e45b48236b17
SHA1 a15d108d2cb454199bbc234f59d3dc258183c694
SHA256 efb133d3475a40e8765d707e4d646439a4be8ad236bb6957e63ccaea6a3d2808
SHA512 3da08f1c4691c39c3cb07fb5d05fd56e659abd25b6141dae16f619a147fa613b761aea2cc1ea4c18c4139c5c642f2a89b5c4c76ec77eb4d326fc0e04e7e33b30

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1014902142\manifest.json

MD5 811f0436837c701dc1cea3d6292b3922
SHA1 4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87
SHA256 dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d
SHA512 21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

MD5 f5f5b37fd514776f455864502c852773
SHA1 8d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA256 2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512 b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 888e4040ba885772176c3d66e74b9c64
SHA1 ae75869fc7f260bfedf715a8cd151ef32aab6487
SHA256 8abc2bd108ea17745c5052f2c877c5121b6cff19ea1729525a749f21bff44e5c
SHA512 6a7ab9705e0ba64600f7c93b05950ee68fc8c8496689c89d174504840c55c8481c81cf1040f25b06ecdabc7171b5071a940faa2068c41419c23d3a22dd8e7fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3a3d978f0835ff37c9b02f17bc3d7c0
SHA1 f8796a68bbb07b7b546a8ff8caee096b74968aba
SHA256 ce373fd6b4062849c84d3648df8c9ea5675eb086900e7784e7b920057d76f07d
SHA512 d84c362b6d852f8664ba343a23f5c2248904fda292a556af2e820a1b70e331048a10dfe342d15c9f061d5e3c575978fb0a334feb785dede31881cdcc88b9ad93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 cee707783110f88384cd7f467ed90395
SHA1 c54c0fa63162ab3ff2976e415546efb4647de24b
SHA256 c646c3fb0b3b717dbc85080b481ca3bee439cb1b0197114ce32811214960bf94
SHA512 0e284a710f2b9dd48560660edc91f0a5e5d6512eebf43ce50d3e8734ea4f63d92b296fa03e96b1786f0a1187d5ae39f16e72a20cbe45cd4d4b0e6426a5943b9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 954af218a25453e8251c2c0cb6c62b28
SHA1 7dd77290f3f5d07934480a92e3dfe4c9f247a2a9
SHA256 0b028893ef9f96bbf1128e72d62d9e9bb02df28f1c07f5dc72070691c3d06eab
SHA512 7e0958f84292a61e11fcebcd22bcf20bdb5fa60d6863583b269d852242bc7d67a4dd92ede53d56244f0c20adf3581d76267db0fa63a984303ded314075009717

C:\Users\Admin\Downloads\ChilledWindows.zip.crdownload

MD5 5806c691583167135665b6aac348d3b8
SHA1 34d14feafac0946097fbbc03e3be2b235392587d
SHA256 00cf66b0bab94b1ae74d534160a801315df8a7efea764cda906af49f99be54e9
SHA512 dbcda2362ba5aaba904087a512e3423e2356f0e824e4bd4de99f277316afb32e03d6f8ea109d4d046ba9f14fc32f21a5d80cceb982fbce529c6f15abd7c6fa7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a0113a259add1c66e018d442bea57aea
SHA1 faafa32a40ad820f3910173ff727b609251ee3d3
SHA256 2402cdfbfcd582e8cbfbcbb2804e585aa52a5ced1d54ca89e6b912ab4dcabb6b
SHA512 3dbcdd639317807bb585239b491828066813b3a25f9e0aab290349c0fccb313a487f1fbdebaa94ad7f6a99654630bec35464225aaddc7192f7d0d80286eaca7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9f2772caf89490d1306686649f52e32b
SHA1 8739cfed2e0095af8d8929e03ba28775310e6cc9
SHA256 672b95def316c8368cbb7e310103820361e2777451df70594da0809b7aaa1bc8
SHA512 663b22b1c5968d03b33794cd13ea223f362270438f1be8eb4139781fb9fc455746d2e557c62a521bda0d84fdb09b6f5ae7f220b25f4933c692c7ac4e52b079ef

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\manifest.json

MD5 b721bdf2924d658186ac8868dbd2c008
SHA1 914aacc65bb7933bd73aa06f8bd2ca0b04de3858
SHA256 dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3
SHA512 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 329a2b0c047c4ed509ed9fda25b38fb8
SHA1 50c584ae5a5c308488c5c4ac51d29597308be49a
SHA256 e81588b364e34ca98ccd8f26e04619e07fada8f2410984fc5c853e0d84bd227f
SHA512 09bebd7dd0ac712466d91aa49bd34c6d2649d0d6fe3a92330c20b1dce65453de701a20220661ca34aba7b79a8e4001ecd49b254008ec413a192e970f26b8f3e4

memory/11296-183442-0x0000000000ED0000-0x0000000001334000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/11296-183454-0x000000001C8D0000-0x000000001C8D8000-memory.dmp

memory/11296-183455-0x000000001CF80000-0x000000001CFB8000-memory.dmp

memory/11296-183456-0x000000001CF50000-0x000000001CF5E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 0a4c6d652e00e1532685ddf25ef21960
SHA1 d4938c4bf2e54d02889aa2170d416ff59a119185
SHA256 85cd04956e186b37187aa5cf8cfd6f2d346bd9bd31d1c9a8fd8d1aaf56825cea
SHA512 b0183f52cca8835cda4769acf9d477a732bc7175a44904bd7e36cd8c10dd5ff8634f6320e51bb7a504d0a70af504d35631048dd3fc3e6e8d6a6832f81d8049c7

C:\Users\Admin\Downloads\ChilledWindows\chilledwindows.mp4

MD5 698ddcaec1edcf1245807627884edf9c
SHA1 c7fcbeaa2aadffaf807c096c51fb14c47003ac20
SHA256 cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b
SHA512 a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4a5456dda0d2a5a5c1f3d123847afcc
SHA1 2f331d55edf5cbf12d6fd7ae85fe557b6986a29f
SHA256 d8a557efca29080023d26f2f56b3b540836f553a5bb6fa43178800ee15f933b3
SHA512 ac6f9b4166849ffc96a7df2211607118c55cacb101489a1812bead37211fe6b840b045b87b941ff365be1f2013f551ad297a37506fd514cee7d4cfb11812f7a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 f12d8dde2dabb4f53b4c264b85619688
SHA1 d0d4e3bc98ccfb84719a40b47ab0ec7a386fa9a0
SHA256 5df1578cc767ccac603861808ec82fa1a938003ef9018816e60e5ad35abddd70
SHA512 1c67b2d2bbf87b9fa6e551f81827e4f0f5405acfb88d6d97157b0172488e1e42b41f3f2f613a0680a9acdd2a5e9aeea64c6037a80836d70021ffd2dffe4d1d5a

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1066959321\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a85f30f82a4bb2cb1fa6b5497956712
SHA1 5b6ad152b160072e391fdafb5b481965d88c8d7e
SHA256 b6fc329ce93efa61951eb16b8505f790e9ad0b1dc9abe3304297da8a6c669f0b
SHA512 f0112d6efbac5c3cd8daf6679c8535b2bd57278caa387b671ef55116885c90712bf2963dd5ca48c780cc57ec3e7c5ff81a0a34befbeee397e50da9af361a020f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 b8daba8922dac43a85788c5d08e3883e
SHA1 21423f56dc5464742167f6d87974165e4a0ea8f9
SHA256 34ce1e0962304d500ccec400613e5da2a30e470679c9b6a477a031ca4b6cbfa2
SHA512 ae0bebac7ca7b03c962590aedd293f58c14dd5beacfac785b7d8ee2f2f1d38f6c0a6b393491d6f8261c0fb0fb677d48e0c7c3fe8795d825a85c54eaaa9b41ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b7bc502c-873d-4762-b6cb-dfe2e898061f\index-dir\the-real-index

MD5 bdd4e2ef6771c880077f4d492c4bdc8d
SHA1 a942b7d27f7818c60e49e8acd505a1b1eb5e3193
SHA256 584174cdf2bf4d5b012dc2c9160295223ca8751b08bb7d336a755ac13740938c
SHA512 88cb3c980ae84a5f2ebe9005315965bd008f704467c54a09f405b09bf427240110127e11d6417bc4875d8d06ac741dd9fba88648a5ef9c5275231e7a80254324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b7bc502c-873d-4762-b6cb-dfe2e898061f\index-dir\the-real-index~RFe624e59.TMP

MD5 71df510c4b55c19ba3df685fe84bca9e
SHA1 d51d5ef73d8847022bb11389294ddd362267565b
SHA256 0d0972c16a1750a79453f5c2817c9cdc2b3e4c501a8cf97c847ca1a91b9094d5
SHA512 f45377214615511e56d871b52c57871ce6291e3aafd5561cab8fb17df753672ae490be6e7906280edcfc3fb8c0c860155a5af6585b96bc4f6dd285bfc3b55ddc

C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\93cabfe024225a474280813904d8fa551c1af9f9ff31dafa9ca4a97f767da578

MD5 d59d2f4f53e3462939e0338b64acd0c0
SHA1 9da3fb4d0faa27319eaf9f435de2ecfdc4977b63
SHA256 93cabfe024225a474280813904d8fa551c1af9f9ff31dafa9ca4a97f767da578
SHA512 ac61489a7a883556fc221ee2e27b8233f552672f78e6bc7c9d2f8a1d7a65611805fdf3b620a92906737cfabd9158ca44a100ab9180ee8f00c7b24cc6831ec0e7

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\prefs.json

MD5 505c73dc944c5a399cd9b4625a41fa4a
SHA1 c8fad10f66bea618903021d51c2536e937c2a50a
SHA256 cb98a4c8e87bd8233843f13a62f0632161b4ff6ea77646d66d1cb5a8a99a6622
SHA512 e78555246b2b341a39b306ef762ded0d07be9ecb6e57178370c0a670603ce8a5a1c3731e1e6b476fb5d4bd4bbcb9904d9c1f465b17614b7cb60e94052f20dfed

C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json

MD5 e72a4234d0426f87334460ff30f2e1f0
SHA1 a6602792d9f14b76af3f8ba2176c9ae19b22d2e6
SHA256 45dca77ec51d452e08dd8730bc8485a9604312a923d21a40cdfe93610f765c74
SHA512 da79bd1f38c7aeef26f2f225f82fca28673aa57246651d1c88e28fd2696c75f15e9937ad7466a0553dbfa814ea0b02e6e2446dba5ed0d82bb997bd9288e720fd

C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\prefs.json

MD5 ff276934c029721d0aa99507d1a5a0f4
SHA1 7cb7a06e88e1fa1a536fdc13b1f40c78d0638c36
SHA256 22c5fd592e40b37d9d2cc458974e4c09986001c9780814a9de81ff5a68967725
SHA512 531ded8289a79a187e48e844467de652b473377fef902679677f2ef2389ffed7d18121464589a36e0762c0ced6c738661a2448fd1029682bdd4b469a3ed38c5b

memory/11344-183647-0x00000000002F0000-0x0000000000300000-memory.dmp

memory/11344-183648-0x0000000005100000-0x00000000056A6000-memory.dmp

memory/11344-183649-0x0000000004C50000-0x0000000004CE2000-memory.dmp

memory/11344-183650-0x0000000004D00000-0x0000000004D0A000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 497c169268de5ef20a39e1397eb2296c
SHA1 1951ba9f5608cd8f5cf5665f7490caa1330b74ff
SHA256 f0cb1c7c124afe95b0bcf3327362cb801e76182bdac8dcca927c26c9e92a56c4
SHA512 42cfd7f31bf9065c52a75fdd15480a7df02b6ed40972050eb44b8b27daf076a77378afeb8b32d195bd3315405c8faa3d4586fd088a26b5a1e313b6c4f093018f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 90e758b6d2647bdfc1e937348b45c4d9
SHA1 bb59beebcb12ea813d2510f5c68983e1af46e70e
SHA256 9d54300537aba11b0bc9f596551b805c1dfcb16b852dfec0f53b096f7de0f486
SHA512 fcdeea10faad9696c897b2066cf048c64e214b1916aef4e30fbc80d5e6152f52dfe6b0c40215d7578b01a996fe41a93160550132954ea0d5baac0f000b4d855e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13392140581584030

MD5 fbba78ba294e69e93dc0af1457697c46
SHA1 d6ac7725f05ff83834757a1a221b0a1bf4895f14
SHA256 cbe871d79672ad02aee4231364f4b58ea5b75ef5349ec3aa97655f0ecf8c6a6f
SHA512 f7a41a786e3e105323f933badd39cbd98af84d75a7767b4507fca3574114788f5b8cd67ea451f4200ea3ebc6e61d185d8684760e48dd7b70f11c2b00f3b90e40

C:\Users\Admin\Downloads\NoEscape.zip

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0065959ab2224bd55d674ac4d74d254b
SHA1 717ade70fe043511da8c0c2a8e0abfac76798598
SHA256 13e76dd8baed7e9c1e1b0360f360a81b03260790f30da89bd7ca0c76e248ec4d
SHA512 c27003f2f8fc0118820abbb10db250df5131ca5753cb1b5119c1d4134f4a771333ea3c6ddf21598ebefcae2efaddb8f06a27b768bb3decb512d9a2672af60de7

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\manifest.json

MD5 a4edf901d950a9758ffe578ff1b03212
SHA1 cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5
SHA256 aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd
SHA512 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

MD5 faf01ed2c0020f8fa512ff379d82c211
SHA1 233d104dfe718231837e33c5543085b6dba5cd8b
SHA256 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750
SHA512 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

memory/7312-184075-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Public\Desktop\࿘⌗ᘔ⢨ᣟ፸ᑫൈ⊳ၺⶋ᪳௄ᡊᴿ⒉␰⦖ᇭᱧ⯄ᴤ⟠⤚ᓇ

MD5 e49f0a8effa6380b4518a8064f6d240b
SHA1 ba62ffe370e186b7f980922067ac68613521bd51
SHA256 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512 de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

memory/7312-184252-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\74bf91e7-4840-4259-854d-8196b9ccc9be.tmp

MD5 f07eb90d71896ca1ba79a3b5c3fd9ab5
SHA1 63be865c9f21fd43e5f30d7cc8f408b07e221453
SHA256 8a72f311885d776d2ec25ef80e646a960e91e8424da4952037192ac6ba85d2af
SHA512 9f2df6d7fb8644e626faefc9283665ce66489cbdb888524479e5904d56de4e0ea5d298c3e71779cf51dc82199176481b2aeb5b4104a5acfbdcc81ab770b681a2