Analysis Overview
SHA256
72b6553c66c480332d949fb8557660bca4b83d37d8866e5b5e94d9d5ef37be12
Threat Level: Known bad
The file ChromeSetup (2).exe was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Creates new service(s)
Disables RegEdit via registry modification
Reads user/profile data of local email clients
Indicator Removal: Clear Persistence
Legitimate hosting services abused for malware hosting/C2
Boot or Logon Autostart Execution: Active Setup
Event Triggered Execution: Image File Execution Options Injection
Drops desktop.ini file(s)
Enumerates connected drives
Modifies WinLogon
Suspicious use of SetThreadContext
UPX packed file
Suspicious use of NtSetInformationThreadHideFromDebugger
Event Triggered Execution: Component Object Model Hijacking
Drops file in System32 directory
Modifies WinLogon for persistence
Sets desktop wallpaper using registry
Drops file in Program Files directory
Checks installed software on the system
Loads dropped DLL
Launches sc.exe
Executes dropped EXE
Drops file in Windows directory
System Network Configuration Discovery: Internet Connection Discovery
Checks whether UAC is enabled
System Location Discovery: System Language Discovery
Enumerates physical storage devices
System Network Connections Discovery
Browser Information Discovery
Gathers network information
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of WriteProcessMemory
System policy modification
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies Control Panel
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer Phishing Filter
NTFS ADS
Scheduled Task/Job: Scheduled Task
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-05-19 14:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-19 14:52
Reported
2025-05-19 15:05
Platform
win11-20250502-en
Max time kernel
785s
Max time network
787s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Creates new service(s)
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Reads user/profile data of local email clients
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\136.0.7103.114\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Enumerates connected drives
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe" | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe" | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\Debugger = "C:\\Windows\\SECOH-QAD.exe" | C:\Program Files\KMSpico\AutoPico.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Program Files\KMSpico\AutoPico.exe | N/A |
Indicator Removal: Clear Persistence
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Program Files\KMSpico\AutoPico.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | href.li | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | href.li | N/A | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\is-OMB3F.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\system32\Vestris.ResourceLib.dll | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Windows\system32\is-5HHM7.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
Event Triggered Execution: Component Object Model Hijacking
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MyApp\core.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MyApp\core.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4356 set thread context of 4576 | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe | C:\Users\Admin\AppData\Local\Temp\svchost015.exe |
| PID 1340 set thread context of 656 | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe | C:\Users\Admin\AppData\Local\Temp\svchost015.exe |
| PID 4344 set thread context of 4192 | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe | C:\Users\Admin\AppData\Local\Temp\svchost015.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\is-KRSAP.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\prefs.json~RFe6265b9.TMP | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\da.pak | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\is-N9B44.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\is-OS9EA.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\8c584106-ee57-4b6d-a0b0-92e67f73f076.tmp | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Standard\is-LAA24.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\is-D9R1P.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW10\Professional\is-1CO6G.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\os_update_handler.exe | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2013\Outlook\is-EPGMV.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW6\Business\is-MQQUL.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\ca.pak | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Word\is-K760U.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2013\Excel\is-2Q36D.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2016\is-M4UHS.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\scripts\is-1C1UG.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Word\is-CK7P2.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Word\is-HDKUV.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\is-12NOM.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\scripts\is-PC25S.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad\metadata | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\d3dcompiler_47.dll | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\driver\is-CD815.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\sounds\is-F7NPJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Groove\is-45TB3.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\is-TVU7H.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Visio\is-QD5MJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Visio\is-TPSDV.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2013\Access\is-D19K3.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2013\OneNote\is-9J8A2.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\is-DG8JM.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\is-8ODH4.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\VisualElements\LogoCanary.png | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\4c364196-1d58-4c13-a61d-f63922c03768.tmp | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Program Files\KMSpico\is-NVC7Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\is-CN5VH.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\dxcompiler.dll | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\is-UK5DT.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\is-MAI7M.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\scripts\is-I2U3B.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files\KMSpico\logs\KMSELDI.log | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad\settings.dat | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\is-GEFHH.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\is-HIUT2.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad\settings.dat | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| File created | C:\Program Files (x86)\Google\GoogleUpdater\6060b046-8125-4a04-8d91-69c5dd01d71a.tmp | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\es-419.pak | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\is-3IHJP.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\6060b046-8125-4a04-8d91-69c5dd01d71a.tmp | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File opened for modification | C:\Program Files\KMSpico\AutoPico.exe | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Access\is-G10OF.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\is-NO4EP.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\am.pak | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-DLHS3.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\is-LKHGJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscertW7\Professional\is-9RGAE.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File opened for modification | C:\Program Files\KMSpico\logs\KMSELDI.log | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\GoogleUpdater\updater.log | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Temp\source1420_824753932\Chrome-bin\136.0.7103.114\Locales\sv.pak | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Program Files\KMSpico\is-I26VP.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-MKRRP.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| File created | C:\Program Files\KMSpico\cert\kmscert2010\Visio\is-12UK9.tmp | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-gl.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\manifest.json | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_380472550\deny_full_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1357564905\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1066959321\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\Part-RU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\chrome_installer.log | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1357564905\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_url_fetcher_5488_783544795\qualification_win32.crx | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\_metadata\verified_contents.json | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-gu.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-sq.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_387712918\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1869597684\edge_autofill_global_block_list.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-it.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-lt.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\Google10984_2129496336\UPDATER.PACKED.7Z | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-nl.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_380472550\deny_etld1_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-es.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hi.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hr.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hu.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Windows\SECOH-QAD.dll | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe | N/A |
| File created | C:\Windows\SystemTemp\Google10984_756201477\bin\uninstall.cmd | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-be.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-mul-ethi.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\Google6056_428554205\bin\uninstall.cmd | C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_url_fetcher_2992_1965909661\-8a69d345-d564-463c-aff1-a69d9e530f96-_136.0.7103.114_all_ad7dwyzixriyihpq34zcr5sbgv5a.crx3 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1014902142\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\test.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-kn.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-pt.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\Filtering Rules-CA | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-or.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-ru.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\_metadata\verified_contents.json | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| File created | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\male_names.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1869597684\v1FieldTypes.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-ga.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1066959321\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-lv.hyb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_380472550\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\Part-ZH | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\CHROME.PACKED.7Z | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\SppExtComObj.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\svchost015.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\svchost015.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\svchost015.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Hydra\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\KMSpico\UninsHs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MyApp\core.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe | N/A |
| N/A | N/A | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
System Network Connections Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NETSTAT.EXE | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NETSTAT.EXE | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop\PaintDesktopVersion = "0" | C:\Program Files\KMSpico\AutoPico.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Mouse | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Mouse\SwapMouseButtons = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1178639776-3244803473-3821071008-1000\Control Panel\Desktop\AutoColorization = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\EnabledV9 = "0" | C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133921399628685065" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "211" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Google\Chrome | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ = "IPolicyStatus3System" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{5941878B-0542-5231-BC35-AD8C3BCA6C3D} | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5941878B-0542-5231-BC35-AD8C3BCA6C3D}\TypeLib\Version = "1.0" | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{E6B4674A-6469-5F98-B5C4-421C2312C541} | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win64 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\ = "{6430040A-5EBD-4E63-A56F-C71D5990F827}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\4" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{5941878B-0542-5231-BC35-AD8C3BCA6C3D}\1.0 | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{E6B4674A-6469-5F98-B5C4-421C2312C541}\1.0 | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6430040A-5EBD-4E63-A56F-C71D5990F827}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C} | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ = "ICompleteStatusSystem" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\ = "{B685B009-DBC4-4F24-9542-A162C3793E77}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\ = "{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\ = "{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\1.0\0\win64 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4} | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ = "IAppCommandWebSystem" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{037E6D17-C6F5-50A2-8BB1-5312D4E39619}\1.0 | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ = "IProcessLauncher2System" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\ChromeHTML | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6B4674A-6469-5F98-B5C4-421C2312C541}\TypeLib\Version = "1.0" | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0\win64 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\Version = "1.0" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\ = "{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.htm | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827} | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\138.0.7156.0\\updater.exe\\6" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{615FC5B3-5D8F-5ED7-947F-743CFA72B7F4}\TypeLib\ = "{615FC5B3-5D8F-5ED7-947F-743CFA72B7F4}" | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{615FC5B3-5D8F-5ED7-947F-743CFA72B7F4} | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27634814-8E41-4C35-8577-980134A96544}\1.0\ = "GoogleUpdater TypeLib for IPolicyStatusValue" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}\AppID = "{708860E0-F641-4611-8895-7D867DD3675B}" | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID | C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ProxyStubClsid32 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\1.0\ = "GoogleUpdater TypeLib for IAppWeb" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{FB3C4578-D834-5B91-838B-33C23D553EAB} | C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\AppID = "{8018F647-BF07-55BB-82BE-A2D7049F7CE4}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\ServiceParameters = "--com-service" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0 | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\ = "{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}" | C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\ChilledWindows.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Hydra.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\KMSPICO.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\KMSpico.rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\KMSpico\KMSELDI.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe
"C:\Users\Admin\AppData\Local\Temp\ChromeSetup (2).exe"
C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
"C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={D3F8D4C5-1BE6-CDE4-FFB1-66DEA403C4E9}&lang=nl&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=JJTC&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x932e88,0x932e94,0x932ea0
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x8c2e88,0x8c2e94,0x8c2ea0
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x8c2e88,0x8c2e94,0x8c2ea0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87bbbdcf8,0x7ff87bbbdd04,0x7ff87bbbdd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1852,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1788 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2224,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2236 /prefetch:11
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2380 /prefetch:13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3964,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4140 /prefetch:9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5328,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5348 /prefetch:14
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5356,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5684,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5688 /prefetch:14
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe
"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\136.0.7103.114_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\dee47f94-b897-44fe-b4fc-13bc75670653.tmp"
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe
"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe" --install-archive="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\dee47f94-b897-44fe-b4fc-13bc75670653.tmp"
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=136.0.7103.114 --initial-client-data=0x230,0x228,0x254,0x22c,0x258,0x7ff6746ba3a0,0x7ff6746ba3ac,0x7ff6746ba3b8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4500,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3536,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3632,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5692 /prefetch:1
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe
"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=136.0.7103.114 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6746ba3a0,0x7ff6746ba3ac,0x7ff6746ba3b8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3784,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5876,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5376,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5660,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3352,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5792 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3256,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6044 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4772,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6052 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6148,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5832,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6232,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5340,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5400,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6132,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4196,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5348,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4192,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5852,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6096 /prefetch:12
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6376,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6544 /prefetch:14
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KMSPICO\KMSPICO\Password - 2025.txt
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\" -spe -an -ai#7zMap25799:138:7zEvent20976
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KMSPICO\KMSPICO\Password - 2025.txt
C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe
"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6412,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6400 /prefetch:10
C:\Users\Admin\AppData\Local\Temp\svchost015.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\MAS_AIO.cmd" "
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "MAS_AIO.cmd"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
C:\Windows\System32\find.exe
find /i "ARM64"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX0\MAS_AIO.cmd" "
C:\Windows\System32\find.exe
find /i "C:\Users\Admin\AppData\Local\Temp"
C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe
"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe"
C:\Users\Admin\AppData\Local\Temp\svchost015.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Soft.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\MAS_AIO.cmd" "
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "MAS_AIO.cmd"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
C:\Windows\System32\find.exe
find /i "ARM64"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\MAS_AIO.cmd" "
C:\Windows\System32\find.exe
find /i "C:\Users\Admin\AppData\Local\Temp"
C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe
"C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe"
C:\Users\Admin\AppData\Local\Temp\svchost015.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX2\Soft.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX2\MAS_AIO.cmd" "
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "MAS_AIO.cmd"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
C:\Windows\System32\find.exe
find /i "ARM64"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX2\MAS_AIO.cmd" "
C:\Windows\System32\find.exe
find /i "C:\Users\Admin\AppData\Local\Temp"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4496,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3060 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5372,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6824,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6880,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6912,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6728,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7112 /prefetch:14
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KMSpico\" -spe -an -ai#7zMap20299:76:7zEvent6033
C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe
"C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe"
C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TNP1A.tmp\KMSpico.tmp" /SL5="$3025A,7325112,844800,C:\Users\Admin\Downloads\KMSPICO\KMSpico.exe"
C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe
"C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe"
C:\Users\Admin\AppData\Roaming\MyApp\core.exe
"C:\Users\Admin\AppData\Roaming\MyApp\core.exe"
C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp
"C:\Users\Admin\AppData\Local\Temp\is-P4H7F.tmp\KMSpico.tmp" /SL5="$1046A,2952592,69120,C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\KMSpico\scripts\Install_Service.cmd""
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\KMSpico\scripts\Install_Task.cmd""
C:\Program Files\KMSpico\UninsHs.exe
"C:\Program Files\KMSpico\UninsHs.exe" /r0=KMSpico,default,C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe
C:\Program Files\KMSpico\KMSELDI.exe
"C:\Program Files\KMSpico\KMSELDI.exe" /silent /backup
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --wake --system
C:\Windows\system32\sc.exe
sc create "Service KMSELDI" binPath= "C:\Program Files\KMSpico\Service_KMS.exe" type= own error= normal start= auto DisplayName= "Service KMSELDI"
C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "AutoPico Daily Restart" /TR "'C:\Program Files\KMSpico\AutoPico.exe' /silent" /SC DAILY /ST 23:59:59 /RU "NT AUTHORITY\SYSTEM" /RL Highest /F
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x8c2e88,0x8c2e94,0x8c2ea0
C:\Program Files\KMSpico\KMSELDI.exe
"C:\Program Files\KMSpico\KMSELDI.exe"
C:\Windows\System32\NETSTAT.EXE
"C:\Windows\System32\NETSTAT.EXE" -ano
C:\Program Files\KMSpico\AutoPico.exe
"C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2a0,0x2a4,0x2a8,0x274,0x2ac,0x8c2e88,0x8c2e94,0x8c2ea0
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --system --windows-service --service=update
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x8c2e88,0x8c2e94,0x8c2ea0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\KMSPICO\#Instruction.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x344,0x7ff84cd4f208,0x7ff84cd4f214,0x7ff84cd4f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1956,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2052,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4692,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4188,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5444,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5708,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe
"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5792_2035495848\UpdaterSetup.exe" --enable-ceca-experiment --update --system --enable-logging --vmodule=*/chrome/updater/*=2
C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe
"C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe" --enable-ceca-experiment --update --system --enable-logging --vmodule=*/chrome/updater/*=2
C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe
C:\Windows\SystemTemp\Google10984_756201477\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.3 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff6d6f0c508,0x7ff6d6f0c514,0x7ff6d6f0c520
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1112
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Windows\SECOH-QAD.exe
C:\Windows\SECOH-QAD.exe C:\Windows\system32\SppExtComObj.exe -Embedding
C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
C:\Windows\System32\SLUI.exe
"C:\Windows\System32\SLUI.exe" RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6640,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:14
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:14
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3224,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3004 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7004,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=2164,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6800,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7256,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7228 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4960,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4700,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=4512,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7372,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7572,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7564,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5092,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7884,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7868 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7856,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7716,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3332,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7876 /prefetch:14
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ChilledWindows\" -spe -an -ai#7zMap22717:90:7zEvent4244
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6516,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
C:\Users\Admin\Downloads\ChilledWindows\[email protected]
"C:\Users\Admin\Downloads\ChilledWindows\[email protected]"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:14
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7844,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4200 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:14
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hydra\" -spe -an -ai#7zMap3708:72:7zEvent5997
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --wake --system
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.3 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff73cadc508,0x7ff73cadc514,0x7ff73cadc520
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --system --windows-service --service=update-internal
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7156.3 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff73cadc508,0x7ff73cadc514,0x7ff73cadc520
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5488_756333414\qualification_app.exe
"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5488_756333414\qualification_app.exe"
C:\Users\Admin\Downloads\Hydra\[email protected]
"C:\Users\Admin\Downloads\Hydra\[email protected]"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7028,i,1943772414974280795,11742677811456065417,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=7956 /prefetch:14
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NoEscape\" -spe -an -ai#7zMap18809:78:7zEvent3642
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,16663258413365356016,4904664799637162204,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:14
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3803855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.179.234:443 | ogads-pa.clients6.google.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| VN | 103.77.162.38:443 | edu.vov.vn | tcp |
| VN | 103.77.162.38:443 | edu.vov.vn | tcp |
| VN | 103.77.162.38:443 | edu.vov.vn | tcp |
| RO | 89.40.214.138:443 | dereferer.me | tcp |
| RO | 89.40.214.138:443 | dereferer.me | tcp |
| VN | 103.77.162.38:443 | edu.vov.vn | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 192.0.78.27:443 | href.li | tcp |
| US | 192.0.78.27:443 | href.li | tcp |
| US | 162.255.119.189:80 | yahho.org | tcp |
| US | 162.255.119.189:80 | yahho.org | tcp |
| US | 162.255.119.189:443 | yahho.org | tcp |
| US | 162.255.119.189:443 | yahho.org | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 173.194.210.94:443 | id.google.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.clients6.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 104.21.112.1:443 | www.fogonesmx.com | tcp |
| US | 104.21.112.1:443 | www.fogonesmx.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 172.67.203.232:443 | cmpo-ns.com | tcp |
| US | 172.67.203.232:443 | cmpo-ns.com | tcp |
| US | 172.67.203.232:443 | cmpo-ns.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | udp |
| NL | 176.57.71.77:443 | softemporium.xyz | tcp |
| NL | 176.57.71.77:443 | softemporium.xyz | tcp |
| US | 34.57.158.185:443 | divine-maggot.10web.me | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 34.57.158.185:443 | divine-maggot.10web.me | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.134:443 | eu.static.mega.co.nz | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| ES | 185.206.27.122:443 | gfs214n204.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.122:443 | gfs214n204.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.122:443 | gfs214n204.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.122:443 | gfs214n204.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.122:443 | gfs214n204.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.122:443 | gfs214n204.userstorage.mega.co.nz | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| UA | 185.156.72.196:80 | 185.156.72.196 | tcp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| UA | 185.156.72.196:80 | 185.156.72.196 | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| UA | 185.156.72.196:80 | 185.156.72.196 | tcp |
| UA | 185.156.72.196:80 | 185.156.72.196 | tcp |
| GB | 92.123.128.134:443 | tcp | |
| UA | 185.156.72.196:80 | 185.156.72.196 | tcp |
| UA | 185.156.72.196:80 | 185.156.72.196 | tcp |
| US | 52.182.143.210:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 2.18.27.89:443 | www.bing.com | tcp |
| GB | 2.18.27.89:443 | www.bing.com | tcp |
| GB | 23.206.79.163:443 | cxcs.microsoft.net | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 172.202.64.254:443 | arc-ring.msedge.net | tcp |
| US | 150.171.73.254:443 | bx-ring.msedge.net | tcp |
| US | 150.171.22.254:443 | ln-ring.msedge.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| UA | 45.12.1.24:443 | kmspico.io | tcp |
| UA | 45.12.1.24:443 | kmspico.io | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| UA | 45.12.1.24:443 | kmspico.io | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 172.67.201.127:443 | jgjgn-2213-asd2.top | tcp |
| US | 172.67.201.127:443 | jgjgn-2213-asd2.top | tcp |
| LU | 66.203.124.37:443 | mega.io | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| NL | 212.162.153.43:443 | mtmoweb.website | tcp |
| US | 172.67.201.127:443 | jgjgn-2213-asd2.top | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| LU | 89.44.169.134:443 | mega.io | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.134:443 | mega.io | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | tcp |
| GB | 92.123.128.134:443 | tcp | |
| US | 52.182.143.210:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.wikihow.com | udp |
| US | 8.8.8.8:53 | www.wikihow.com | udp |
| US | 151.101.129.91:443 | www.wikihow.com | tcp |
| US | 151.101.129.91:443 | www.wikihow.com | tcp |
| US | 151.101.129.91:443 | www.wikihow.com | tcp |
| US | 151.101.129.91:443 | www.wikihow.com | tcp |
| US | 151.101.129.91:443 | www.wikihow.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 2.18.27.95:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | studiostaticassetsprod.azureedge.net | udp |
| US | 8.8.8.8:53 | studiostaticassetsprod.azureedge.net | udp |
| US | 13.107.246.64:443 | studiostaticassetsprod.azureedge.net | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | o4508134825000960.ingest.us.sentry.io | udp |
| US | 8.8.8.8:53 | o4508134825000960.ingest.us.sentry.io | udp |
| US | 34.120.195.249:443 | o4508134825000960.ingest.us.sentry.io | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 104.21.112.1:443 | chrysoeciu.run | tcp |
| US | 104.21.112.1:443 | chrysoeciu.run | tcp |
| US | 104.21.112.1:443 | chrysoeciu.run | tcp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 34.120.195.249:443 | o4508134825000960.ingest.us.sentry.io | udp |
| N/A | 10.187.80.215:1688 | tcp | |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 84.201.209.70:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | id.google.com | udp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| BE | 142.251.5.94:443 | accounts.google.co.uk | tcp |
| BE | 142.251.5.94:443 | accounts.google.co.uk | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.27.92:443 | copilot.microsoft.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.102:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.3:443 | google.co.uk | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | udp |
| GB | 172.217.169.14:443 | chromewebstore.google.com | tcp |
| GB | 172.217.169.14:443 | chromewebstore.google.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.14:443 | chromewebstore.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| GB | 142.250.178.3:443 | google.co.uk | udp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| FR | 104.115.83.10:443 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.251.29.94:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| FR | 104.115.83.35:443 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| FR | 104.115.83.35:443 | copilot.microsoft.com | tcp |
| GB | 2.18.27.89:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| FR | 104.115.83.35:443 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
Files
C:\Windows\SystemTemp\Google6056_428554205\bin\updater.exe
| MD5 | ffda3134e0823dece997e1a4fb4fc146 |
| SHA1 | 19e6b892a179ba3bddad79aebd10ae41bd219d38 |
| SHA256 | 802ce5e3714c0d7ccce24629e9517034e9ccb1f601bc6d29c878985aaa9148c9 |
| SHA512 | 18c583cd0bfd149d4ebb35507c7dcbdaaae9b2f68d47ebf8ba484df65bac903ac9c05dbebd7db01abd34d0240c767999af98aceb60dfdd95f0e5610313473f15 |
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
| MD5 | 622df394728148301205a84224b7c734 |
| SHA1 | 762af4b37811b1e93430d5abc0afd114fb660722 |
| SHA256 | 0540a7c09e64f2e07f1448f3fef635dd8aaabb9db9a67fbcfb42e84540bb5cdd |
| SHA512 | d1ab9288fb00029862f5aac63402a852664d501a45513263b36199e85c3e5601273d2e7c3536a777ee97eb38f977f250682496e199bcee9509fca8055a9484c1 |
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
| MD5 | 5d30b959b391b1837c41a3383fe2c7d6 |
| SHA1 | 4fbaafcbc31d9095091b532511996b58559e06f9 |
| SHA256 | 12a8798e8b911f61dce9cf2861ae7cb02a5e377979a11e48bd9699eb6cd9f722 |
| SHA512 | e6b770ecf727565225ac7145c37c3726545c7545b8830a11b1ce3f20572f16a1694ef68feb2dc1888167e3d0ea82304af6e17787142b7230f5aa2ef97bdd0e36 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 593a2532c36d5e408f06ff76299a0a54 |
| SHA1 | 4d48d07b3c1011bdd0d399fec6d947e543efddf8 |
| SHA256 | 151bc6f7a5be219e7fdf399de7a032b7ca1d91a358569d1a6c15894225c51acd |
| SHA512 | 5c802d83adb05f8512787dd124f11c6e5c257f61d4aed02d1e9879685040b8f6389097a5319722d3200aa4a332f0e6f1ee06e77df0a957e233a4a097ad1bf507 |
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
| MD5 | 67a87d9ea95a6a3efecd8f3ed782e80a |
| SHA1 | 710624182216b205eb01d81c3ab8515e72c6e922 |
| SHA256 | 2c83d9735add167f9e437ae3487de8617698f43707898689ad664a2aa9aa41cf |
| SHA512 | c10c8363e174a7eaa3e22dbbbc76b1bb6b36b4671470f675ad46f4fcf3f1585cd73df0e8d20db953a4c62a59dc3feb53f69c5fd1e6a5cbadbe08c39fb8fcfa4b |
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\Crashpad\settings.dat
| MD5 | 1bc1434a31fc20416bca7d61f48c8315 |
| SHA1 | 2b6d5823fa2aba78352074d1bf255eb55692682c |
| SHA256 | 512a74e68bd0cd162de30733e3c73ff258c9a23a45f99fffcc36948981833eb4 |
| SHA512 | 5fa912278ef309c720b9e5bb177b49043091cb8cb994a3645b5cef5e39cfad3b09573f60673290ab6536b7baeb61d83b42809b4e06a5411357731c63f3d987f0 |
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
| MD5 | 8eeb0b8cc0f90b46f6bfbeffb3715234 |
| SHA1 | 855b989447a03e51b1eff951de146c4e460c2d0c |
| SHA256 | 6ee72874c5f218ceaeed93515446726b16e2d3eea7d60de533a0b3f8d601a65c |
| SHA512 | 0828deb37b0862462f5ac2bf81f03b36fe505e89803db2ed9cd19e30e252b4ff897d19631506e7bf63cd903307a35f561ad6e011dfda58ef2f2b35cec7537100 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 41d0004b3b942b74786dd132e2815fe6 |
| SHA1 | 68cc3442f23568618953cbb14d14161455b2335c |
| SHA256 | e531fd62dcabed28dd176a9c7f1f7cbc90c7f3c393ead8e7c8fda9cfcf609ee5 |
| SHA512 | f018bd68fdc85b1e1984e8f926b55b6c2845e13a321c55577809a7a2b7be2ddafca65dd6c3c30a11ede96416702409f8c5a8854584d475c6ee8802c05dc73ea9 |
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
| MD5 | 0d3bba4e276e671a8a8b712b995c2563 |
| SHA1 | 776bf5578f39995057186864637fea566d8aa530 |
| SHA256 | fb73e7f44bc463232debe4eee0e37cf0eed4367d618c35d10db6681997e0f651 |
| SHA512 | f6c3feb4c12cc31d20b142ddba6d1cb5bb858c5400906a740e40184284c4e1442caf27f56b36e9eac691381e35769ac094051f55ef3bbba02c10731e8252bdd1 |
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
| MD5 | dc478af46a24cdef2a94219b67147b38 |
| SHA1 | efc8f180ddb25023961d2caa35840923382eca3f |
| SHA256 | 374f50d37db4fef2b70fe71ee3f8c294d42cfe56cc764d7a069622616e999d24 |
| SHA512 | 69002281dc3a6a4398e4d7f5e07eb9e1a2ef710ddbe7fca02bc67fa63889a286db7b17d9c4e3e54fbb268421610d0eb140afd25139b86b0020d204b4a36ae2af |
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\prefs.json
| MD5 | aa2d0c0c72bb528cf4168ea91c1c9a56 |
| SHA1 | 67be5a0c29b13b92dd86ba935f605c4ba7eea2cc |
| SHA256 | e03e9d262ca3b7d19e37c3a69c7d8b46bd3f5542aa555a17d864071c28257b2c |
| SHA512 | 6bdb9a72b73f11f7627e6fca0ee1d417201b038cb255d445dd29e5f27de08e99a6c4729c4c893ffe97e4bc1835532879c47cceaa051f07b3cdad06ad17b2d5e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3d27555ce39b4e3e41b4d17d9bd83c0e |
| SHA1 | 393c9fcc7ed88e54f229540b6b6d70174d9239c9 |
| SHA256 | c667d6c8cbecc41e88f2a6bc1186b1802db421ad70544ae4c84f3af7b88cf785 |
| SHA512 | f153b62ec7e48ef6508e7b8643808266fd1fef792b7a006b44b29a9be296872ae9079a1ba5a2df0fd5e794b1867ab8638f41729f76bd9d2a0796ec04d407f204 |
\??\pipe\crashpad_2400_ICNYUWKLKJDEJXKU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 1aa0ff5f2bad42e32610eae0c1e74921 |
| SHA1 | 5741a69f5d55ecef33b19e3ac8f5520e42b005b2 |
| SHA256 | 7b933fdb8fd82d1ee84ff73daf31f3cf6bee953839e12a8b3adc5673b693bc58 |
| SHA512 | 60bbf62a91d3e10d05f00264fcaf07c026fb58992294d0c7c627aa33455191353972aa564a2a59a24792f84bb068ad47ddcdabc9eac878397265f5098bbfb653 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 9ef347dcd27aa93d8f7230c50320a714 |
| SHA1 | 3aeab6941fe0d920258c5d29800c9b4d5c42a501 |
| SHA256 | 67eb272ed8edeb56b3501c1b93a8e36af1f62a142d6b3d42bc5b30c9d7702635 |
| SHA512 | a21bf946c8c9d76f83c4cfb595e6c8b0315e148218c548190e1503005ea791b879e9be2534e2d51532eb7c498400242e9624a480917c0943776c6e07ef45bbb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | be6063af2f340f8480f2101e38952fd3 |
| SHA1 | 07fbf9b3ae22489886fa656eaa28f861dafc1eae |
| SHA256 | 40e82ba7c3f1bcceac0198d1af624f55203dd27786a4fa2634a05fcc7da140f3 |
| SHA512 | bce33bdcf1c71dbb601a8517cbcbb8c0d9790724a6a6f9831df31dfe4bef6fdc716a58c8a7d7ee1d3d3df400a9d7710b8eb6567be654f2508678324d70358222 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 02f7ae9660fc5f301f953c820dd2cff3 |
| SHA1 | f9b0e2d08ab74b1edef208bda15fdb52fc7a61b4 |
| SHA256 | 7c5227d6b997a2c018b2c5d8dfafe8156af95079894291c6eea7f89caf9f915c |
| SHA512 | 2cd15c4710bfa58c3247ae11c9d89b24e79546563664a12916cfd4fbe0e6106d787d6fad780c46f92c93926ddd3f4f2252454058d9628e922601521dc33ad97b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7f841338abccefa7c1bc1f0be42ced7 |
| SHA1 | 021f54e110462a4329d3281fbdea091151f299b4 |
| SHA256 | a982a16111c3cd30da8eb752354987520e61dd16729c9712f9124b4bdc967331 |
| SHA512 | a935890aa44c16f5ac8caf0b308092a982e4732c9d9a07113b576eea8474d29c03b5943c574865534ae3a0bdcd094d7cb0616928a6e5273b6d6d770f7a7721c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 0357e715131a8076d10fd189cd7d5def |
| SHA1 | 5127b3004620844472acdc5d6d8464a1e409d96b |
| SHA256 | 88f40e187d40be24b11f610d733816f3ee1efe40e02bf82714c7003b3062339d |
| SHA512 | e9aabe35ca3b4750f6ca414849875129eb86f466f781f34d577546ee6d1bdc5ac99aa442f9d67acd1644e7568b1d3e4f0ba95595e97c346222ed09ea39c4de8f |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\CR_1AB6B.tmp\setup.exe
| MD5 | 64023fa99b9cafa2c6f266fb64e52d01 |
| SHA1 | d919afdbd36c41dea559571a7ca2de5abf54ef75 |
| SHA256 | b1267714836571c38106523ee017c8760e6842e7442d4c96cf9bb5b496d48b3b |
| SHA512 | 30792dce1e849fe81d7b60fe16c6ecbd6a28906d1754aac66f27cc20e2dd84b2c9ce8560963f8d8e9dba4f5f9650cb416803bea944e7bf8ead3646de5ef698d8 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2992_1985196688\dee47f94-b897-44fe-b4fc-13bc75670653.tmp
| MD5 | 3e57a03741f6d2ccd1afda85582e6eff |
| SHA1 | 15e659d2d5fd63b69b8e0cfd3123122c2ce3f31f |
| SHA256 | 6ce061043d7742dbfbf9e37f560c36e9cd171c3133222f3b0783c12997ba3616 |
| SHA512 | 046961af0c34d38cf484971fafb5c48e8198cccdbcd688eea6424d9f9fd06039bccf0809d124fe761fb345d153648b8de400441646570d5cdaf02084bbfa9b20 |
C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json
| MD5 | c63dc1c29aee7a960cdb5526d5dd18e6 |
| SHA1 | 44a4c56f25bde97ce8df3210d0cc71896adfd320 |
| SHA256 | a98c9c6a1db2eb5708711ee162908b4631ac473b8ea97f4fad989e9b52cc16e4 |
| SHA512 | e7cb454afccc845e7b1fec2b5706daf8384a1b4e5bc0595db431b768390dd6233b0f97375f99cea8b2b29b9421868cb011361f1e8652eccd6d64fa5d0335c4dc |
C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json~RFe57e510.TMP
| MD5 | 2aa9e263ee3796d9ce358460a2451b4c |
| SHA1 | 7a55d937c0cd1f7543a12be730e4a78d0a14a545 |
| SHA256 | 2771d13c637c267132afff9db67537bef95708534b79ae8d954254c4e64e4e0f |
| SHA512 | 4909e73ffd1a777a9f102a8831f6ae5a9091084a2755707363251f39164bb65e22c318972ea59e7155976c6a626691dfa94539ee752f58e31aa16f4de5cdbccf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a4f041bbf308442a25512e9bb6563197 |
| SHA1 | f6cedc78d457fa206cea4a189cb88bf1740acb2a |
| SHA256 | f4caf6c28dde6b1e0f00ccd739f4d6006c32aa1350ff538cf7ebdcb61d164bb4 |
| SHA512 | 5a97d0b4e759e0af2abf974fc3ab8dca7af57726b50a9bd9be283b3cc685798ef4ba7b05f33fa35cf8b78bcb27fbfce086e3487fee1e72a491d9be7243065c54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e87b.TMP
| MD5 | 6f576f90b6e2280bf433f882940b3f34 |
| SHA1 | ae86f5755f114822a1b546b71d7d3bcb0b92bc29 |
| SHA256 | 161eb8b172d5e3b1b2e6b94c4b3f8c7ee08bcf9e3473462f6984380de6514db5 |
| SHA512 | f8f7b4805a1be36473df557808e313fbe15789bba97dd2d549e3026182b4c25b30d878acd28edcfde73a2eeec9785e49fde2e13c85a7c032a2df9e59f5df2cfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdac3cff3a64f8361780798980c9a65a |
| SHA1 | 51c62d97ed2a258859cac78d4620342a42b115c5 |
| SHA256 | cb0f200a978d7588083136758d1af4e7942722862d0439ce0591e9828b5f6bd2 |
| SHA512 | 0f23d8f0d48ba73c332b28c4a5f6986ec44e417b26ab0cfc2ecc76b28f4acaa8cef5bcee7f1f0cef93e593e400dcc03dbea570661815b3f852e5bbd0793bcd9c |
C:\Windows\SystemTemp\chrome_installer.log
| MD5 | 5705345bdfbc84aa97a7f8047b8e5447 |
| SHA1 | 8ca9f3b747d261ed8a3e67f1c3a7d23b0fb397c9 |
| SHA256 | 4e04bf79fd0b0a499e506ed7cbbab26336fb42f711a0982ccc3c92878d60d749 |
| SHA512 | 24eceb218a61b3f29b05048503a0e762c7b803d2f8734808e2a12d84713a26f7d4dabc28f8dcbfde78d6cdfbd7cfd91a1eecd9633109ce9689218728a77d5be1 |
C:\Windows\SystemTemp\Crashpad\settings.dat
| MD5 | cee7aa869bf6537430d8795024533485 |
| SHA1 | b794de7ee857485dff1f0151fe11994e7c382007 |
| SHA256 | 406b2da8def07648586ad87d7a779f0c816657ca93dbaa9141ca50033bc8e24b |
| SHA512 | 0c4fd595395b70bad980266ae8c2d8820a158792470386b4f109429f1a579866f31a484e047240d5c15e6c21ca049b136d2d79e807d35fbb5b86efd6933fc2cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 46909ea9247679717450fb57a67c73a9 |
| SHA1 | c6e4fa22464966e8cab9f9ff288aa6748784fca9 |
| SHA256 | f4e407e7695b058455d93b41c4fd9d6465318b745a3d79cf19f769ce13764535 |
| SHA512 | 98c482f57df650965c571a0ed8991074817119b5d6da23caaf85716b9ce69ecb91c24a4f3e26dd04b26b943c3aca0befc27e22106da8f0e4d3e7deed32eca3aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bba28c0f3c5f5241d38bfdab7a8be52e |
| SHA1 | 3e871d51b84d47a274f12278a5a419cacdbb677b |
| SHA256 | b80899f8e186f93d9a42e579bea20df1c06e2b3c5fac314363ebe6e7b22f2a79 |
| SHA512 | 279a4087d8f5b2641eaafd5241375203348732f592cc9b145c3206ebebb487a8b4a74bcc7a3b344fb954dd47633c8975d3dffc088ddd9ecc096c57b2d35da6b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d75b69923dd13816ecc7f04a5a866c2f |
| SHA1 | 815c0669af46b0cce16f522353e4b76aa5360f7d |
| SHA256 | 1cb6c001b7e9adeed40325e24e747d9afc12d0b3dcd8a57ae0045f5f9ecd9922 |
| SHA512 | 3dc79b30c3c42e5c2d046f12b0e04bfe9d30321885f6798aa6acb6feff5fb37652507b1372fc037c9d9763ea15198faef526abddd1b8f8d3431b0c7273a8955f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index
| MD5 | ca0c72d9328dafe0b0e14d8e33f35015 |
| SHA1 | 8cf6db3ef7614d09686e1ba89462e90a51b591d7 |
| SHA256 | 7970164315c2081526b3b7b60f307f1aa1438e1b7e75d608226aaf84d262d6f1 |
| SHA512 | a959e553dbe7d09b45d84cf9406fb3a84237370c8c854895d34a3220b7900d22c008d6c8224737ba531a559f31d8fa77dc12f061eaa72264937eb8502fa80e92 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 30e00fd9524eeb3a7518b9d77b698477 |
| SHA1 | f0014fb4c9de2b63c602b3b6f60cf063ca84d5a8 |
| SHA256 | 5769027d8c5e4619a95f91d5cdd515e13321d49e2bd171175c88904b7050f626 |
| SHA512 | 5b9dbdb3585dc70c36fc6a2d51d14ea5e550a73b03b2dd26deea6c25f28f1184113121f126f3760dfb886ebd985928eca83ae2bc46ecd1a87e0d0dc5b8c453e8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 10bf893c6b57c1111c9f05bdf07574e9 |
| SHA1 | e48e60948b61e46625629c15a828ac22f383b83d |
| SHA256 | d2d985ad159a6dd856e493faf52ef13f47612e5516ace0249e41513757954b74 |
| SHA512 | 73b445a9f735f8c50aad353807fdca3a8def7ff440cab093ff6e69d91277c35a797a932106135556cd2cd2be8f1972bc36974bc9ec073156c50604da2e8fb2ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3781a08eebc65de66ab5e8dc2201b9fe |
| SHA1 | 8e9430cbe9d29058722b6e3081ef1f5c0c9fac5d |
| SHA256 | 1b1f172543e0b24970991131a625b511cd4273cdc11a58cde9eec9a322c073a0 |
| SHA512 | 7889edc6148ec9aac557706bc5fda3544c19e76f48b9db2f55a78cbaf86e74e82c73dab9c81e82d70e253a22d71ecfa92c785f4e0069442cdfb7f78508225b68 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 715279e3233d70a7ef06601638d4cb12 |
| SHA1 | b1fcc5ff70cace20f8b19a04200bb579f6bea11d |
| SHA256 | 1cbc747d3d8a86a26a13e345d94022940ee64a519f3e7feac9f32eec51e8bb86 |
| SHA512 | 9d53987c109d6b176882ff6bccedf98a23924831af30942b7a24c1a99802fb41047642be47b97f784f0dd6c6e5ecef112bf1a5c668540a703a9815a8a1f93716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b54f6b1997b1e432950752a51f49745f |
| SHA1 | fd964509dd451ce21ec448865df30f0a401025fe |
| SHA256 | 621d217b69286be26a9ea9895a786467f1d319f2ed1b5d88002ac43aec29760a |
| SHA512 | 053744de9bc39e5b2f536ba622df4cb09a4ef5be47f01a616b06b3172520dac3b665eacbdce51e94abd5120325ff0336817065ba441f1bc539dac469afe666aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ceb736a1c6226e7da15a666feee98bf2 |
| SHA1 | 3f9b90e437056e3ebd97fb6198e138d9307246cf |
| SHA256 | 1e2281aaefc4e43dc3f264e121210176bc39ac8b4709a81a1b80b2f19a8e5083 |
| SHA512 | 5bed9f612a0abff57fe17867c5e12c561de9f62eb409b023f3a9c6133ce950db2fc752324070496e4567a56127033d06e305e98daa19c661bad09fd9cc536b3a |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 4134b72daf210600f94d712d3fa26f3a |
| SHA1 | d1120722a1aedd77a52562548862f714cc5656b8 |
| SHA256 | e94c18ddd8b84cfc265fcc47b4d36d65ebd66a853c5446f858bdb335fe54bf09 |
| SHA512 | af38f7b28daa8859910b3dd3f96aad55e95383f3863e4e261b1231c3e281865d9cfdd2ab377347ad79476e28539e7bf01ad56c18ffa714a83e32d4e54e4c3c5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2af83781c368796a10d6233cc3d7ac0 |
| SHA1 | 7a606793fd80309e06fb0da638f53922af01ae4d |
| SHA256 | 99ca80228c697ddc54461d81cd88e7acdb2ca670f07029b0f5935cabc6b4a517 |
| SHA512 | 5b0f31ad2e0fbc87b9e3e2264c08f263ec675b74b1c73b4e51a9c65326d6125000a6ebda84128633f1f982277e3883dd205f2dd003619c327bbcd299a47c125e |
C:\Program Files\Google\Chrome\Application\SetupMetrics\3708_13392139982504254.pma
| MD5 | 1b7cdddfb06152ae01f12d9f253237d6 |
| SHA1 | 1ef358781a086a0727f4fa95cd53510eb328bc52 |
| SHA256 | fd668d6edcf6b6cc176edd9bf7b0d7f1881fe2f0d94ebae656127c27a359550e |
| SHA512 | 4705c93b233be92dd2d04649d404b538bc76607bbe655d5e35a739653ac1af776ecdd12ec1cbf81476070ec5bae633f891817155014730a06939efb21bd132ea |
C:\Program Files\Google\Chrome\Application\SetupMetrics\1420_13392139982582343.pma
| MD5 | 282758ce2ecb186afb422388fec6dbe7 |
| SHA1 | b91108b2752a233759ae8821eafa557e1bbf5db9 |
| SHA256 | 502e4dece48c1f58418e73ed8776e899547fcd28cb3b13e9207f4b8a7b779bb2 |
| SHA512 | 90df48f5b0212ccbdff39df5f9bf7a3499bc464b5680e80ed13aaaa6b71ada2a33b7060c34952ea9d4b2c9d33933ef9b20e0d49fb02b596f96aa0e44125210ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 319a38c776fc075bc593c9725b9ba856 |
| SHA1 | bc5146bff3c417dd1c4e9a328a5ac253ca50540d |
| SHA256 | e27d95958e31b25e30a50773dc2ef867d4ec29d79ed10d260afc2141f027c2da |
| SHA512 | 5ccbab15bc8ff86b69953b2d91bf031feeabb2a96a3d7df4f2b7cbd09582701f12fd2fbdd573fb3c4e79b6ed891126079f426d08c5da5978df931bca995d4b4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c2a28254161c49fa637224eba90072a9 |
| SHA1 | 0cf514ec80a74bd8f06a61b8ed308bfaac303d7c |
| SHA256 | 2d1947f082cc5578d0a15aade29c8d0d6328778a06b10ec7ec1bc8979c3f75d8 |
| SHA512 | c89797ec02940cf766404a1e6f724e15026e7cd56f500120dce6559f037f22d969b2cd80ff285bcd6d77bf9a22ab113bee21771b03ec7c158b4c5425171d8938 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf0a98315b5b38b935433a4ac0f33104 |
| SHA1 | 10df0edece7dec7c0fc3b3a118143795f7468e06 |
| SHA256 | c8c9426fbeeaa4364588a6ce0fcbfd551f68c2555273997fc7d7a9c036875610 |
| SHA512 | 73ee1798b5cd348ea9a3ed6be0ba495088fb345768cea7456fea64e6eb1c92fcf6b4b0ee4a7ca73660e3b650941ff4e76400eb463895d94b052f0258511dea7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\Downloads\KMSPICO.zip.crdownload
| MD5 | 50f57289b07af78d85570d10ef3cce71 |
| SHA1 | 31b0c2fe8861e165fe83b9578d395dffb00bc311 |
| SHA256 | 3049b6dfa29ce152d37303eb67572364fe499fcaf6a607c6ba5f38b810925d8c |
| SHA512 | 673276c0c60b96fa98851f6f426228a5da459868a216650e5c02d23c93cba29c5ed7353552ebb9ad6daf6d4a23be6e525685be1f2ac977ee9a85925f5b2649e7 |
C:\Users\Admin\Downloads\KMSPICO.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 85fc48cbfd07c462150565f74deb4afa |
| SHA1 | 3d2d7e6c4986d21e1a63eafbdc749f6dab6302c8 |
| SHA256 | f623d0b47add9a1d18cc206e0abf6dbc793de39af4110a763a646baad169b557 |
| SHA512 | d676107209309aeeef5cd2962307ee5e6a1421bc43960c1d35f5d0bbe76fd1d120c1f9ce2ccfb4aa21ffeaf0d7737b3ec85f23e4478a51b35c528b2f4ca039bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b49cb69265ef6816d59e02bcf967accb |
| SHA1 | 107fb691d78e1d47faeadaf0faf61bf0e0aa2f36 |
| SHA256 | 41178d6b4daac778a7d7dd73f4f8933bbb080dc6f849acb1d686e1bebff295df |
| SHA512 | 3b25bf0d90fb3000441a7547b44bcc9eac3c58d2f6d42317e7eba15bc34e0acefd4b93796b2b513f086003692a145bd58cc43e20746855fd8096a6c5c22987bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d1da9d45302bd0b369c329c725bbcb72 |
| SHA1 | 92dd3bc80ded766539568015ec3dbd148a961275 |
| SHA256 | 3c4d72f96efae4e251b30090baf4357bd406d8b65d38ebf24c51b0f4d2069693 |
| SHA512 | 56ed23a08593ecfac29a5a3c4f6a95e5a16e4efa4fc5163065776d708ae6d4e9549f4eb737ca5cf722cef4097bb0481d2a9cbc20b5501ae1c325a145bcf37e18 |
C:\Users\Admin\Downloads\KMSPICO\KMSPICO\K-MSPICO (PASS - 2025)\ACTIVATE.exe
| MD5 | 8ab55547fce70b2182db6eb4fb1abc7d |
| SHA1 | 6ec93ba65375e4204fa144090382300d9d63d881 |
| SHA256 | 235b07e28345fcf1f8380d985e77f86c80b43448f43d7b3b7553b76010f1f241 |
| SHA512 | d8cfc9a348ae93b302e602cb35c96d0dd7ea228e15ac491189fd1318e13f8b3deab5e5142ced115c4b80c08e5f23e44f8e988f013eaf7d08fc5e2c49624b8099 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Soft.exe
| MD5 | b6692d8ccf9c170e5f962a484bc3abef |
| SHA1 | cefd818d91574de91cb816acaec5f70ef689d547 |
| SHA256 | 99b157ae6556a8edd5c6d8e1f2a841d6f852c85dc7770bf83f0108647a933998 |
| SHA512 | 312604e84001519e9b0f4f50f9d7dbf8e0ea4bc45803b1f08ac9afe2584164d12f74bafff940c90abf87c57b65f378975d78258d202e0f07a5226eee76a17a11 |
memory/4576-863-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4356-864-0x0000000000400000-0x000000000080D000-memory.dmp
memory/4576-865-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX1\MAS_AIO.cmd
| MD5 | 51d1a565dafb87d618fec0487618dadd |
| SHA1 | d818c140b322dcb6d1097a6fe0dbb2f29e4efb63 |
| SHA256 | 99b9d8e20701ddca02676146f7878ecc79bc403cb7b51fbb1b15b2d8d8bc64c4 |
| SHA512 | 8a1e5f34b39885fd251b457d17fbf038c35e1e3ec090b011707b5135cdd3ff50287e78510fb69e61c96c2e2c1ee15137b21a36618f0df9ef6e74216789a1361a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bf0602c285d4a6f10584e043535121ab |
| SHA1 | ad3b0b308793e62243829399c983378b85a3c24b |
| SHA256 | 82699bd3010ff0dcad447e427d5198a850c290092931611199086a78460e9421 |
| SHA512 | e3f3259cbbb19588e712a953e078e6a731f1b267e2b476ebecd3d772ba7b32f1e85a9c56b6ba291bfdcd905530620f62a6fa7c09b4688dfb6acd944966b949af |
memory/4576-893-0x0000000000400000-0x000000000042F000-memory.dmp
memory/656-897-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1340-896-0x0000000000400000-0x000000000080D000-memory.dmp
memory/4192-915-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4344-914-0x0000000000400000-0x000000000080D000-memory.dmp
memory/4576-918-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4576-921-0x0000000010000000-0x000000001001C000-memory.dmp
memory/656-925-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QS0IAO7S\success[1].htm
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
memory/4192-931-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4576-933-0x0000000000400000-0x000000000042F000-memory.dmp
memory/656-936-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4192-955-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\72a1ea4e-0110-46d9-a91c-53e9dae17722.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
memory/656-967-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4576-977-0x00000000005C0000-0x000000000068E000-memory.dmp
memory/4576-978-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4192-994-0x0000000000400000-0x000000000042F000-memory.dmp
memory/656-996-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d56bb54386a02da54ecf8a97e22a38b6 |
| SHA1 | ce112acf0f65f82cc6404a4c3b3765af4744cd6f |
| SHA256 | 0a68c73b05f5e25fbc8cafa90e9d5c4d277e75c81537bd5cccea28378016a65a |
| SHA512 | a8fc85ba0df9a53c346605ba2bcd5a82cd2d76b146ee10ff4fa9fa3abe6fc52d6b3fc3aab971b8b52bec8482f1e03bc4d864ba55f69369786d20b6f8f2a3d2f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bdfa08b0e7423bea43efa8af5b570687 |
| SHA1 | 9f810c95a1663d99045ec0f8ea11a5ef0c3132d7 |
| SHA256 | e616f54e96ea57d413b21898dd1ef83ee7cfe73ef3aa1a91b09f1ac25ba5b002 |
| SHA512 | 864f6a6ff8fd0de24b32d42112eedcc372ed7109838d069e4afa08aaa4734b4c2a4ecc20f3f50c1a1ff1b04fa6e89b8e4de38718e0c4bbb56cade8a06dd80e75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6b1d257bb9699b60c3339e048249db6 |
| SHA1 | ce0e9df8d983bc68cc9babf16042352f9cf5f03e |
| SHA256 | e5ff2115e7ae86334bec0dc9541e5a865b26d124d05074898dda2730e47ad338 |
| SHA512 | 9588aeb5b60d57ee0bef373326ffe766e87697e7aeaff68778f0d2373650c28c2240d3aa5f02651b393bff8eb5052813c3934ec01e60550d4734653debc17716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16915965a28a3d9e6c6d291d87ba1be8 |
| SHA1 | 2c32db2ab1dab890e50e3fdd3d7dff03a622169a |
| SHA256 | a46d266f4944b8b94b2d9f5b941c9531ba2b0945d2ebd5e5658b6570f93f0cf0 |
| SHA512 | d8770d42f636d19179d0a64e5bc80ed44e83dfadd635baded79b1a2c579a72a5ba6faf699aaab4efaa7b49f63d85c483fc2a303b33730c5254241df2b54e8b90 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d6fc4cc16c5f879475407fd5336886f |
| SHA1 | bfee20a939c2274f864c727da47d0169e6484923 |
| SHA256 | 38d2bb2171c6a01d76e6e8edeeb25caf23bea4aae931ab45dafb42b3bfff6d58 |
| SHA512 | b7e7dd7af90e2b3422dbb1af58068cca279c2f8e7bac64c6e4e2aad72ab63267a48e9081a3b4d454dbf392aed661964589d1dd3e1c2eb5c005ad261ea428e4b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5fad55d5842d12318efbc46c275c1d63 |
| SHA1 | f15acb5b7211d07207f594d9f0be82b0eaded46d |
| SHA256 | b1d3f0ccc174d0fcee95ed9f0cf56b707b21a04dc4f54d5cc4f512d21cc9b784 |
| SHA512 | 63924cb17aa772f150496863623780a07604b3484134e176833d32f0ea088215d31872447b60a87fbdda2c023ca9f4a7cf5c37bd0320f9b970ae633352d6aeff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba766bebc110c48f7394220a502dd6e8 |
| SHA1 | 466eb597fcbc8a509ae966ef3728475b2eb46615 |
| SHA256 | 5c7726ed17ea869924c010f736a50999e4b567c54745d7c26eaa10e6fcd4a4c4 |
| SHA512 | 585705dc81e23794d0fdf95c2796afabf2701afc88aa21b3a1f0a5c8f4dd328680240a6878d8d5b8c7473905d03705fe94325144bc16340c919fd667922fe66a |
memory/3660-1296-0x0000000000DC0000-0x0000000000E9D000-memory.dmp
C:\Users\Admin\AppData\Roaming\MyApp\data\KMSpico.exe
| MD5 | a02164371a50c5ff9fa2870ef6e8cfa3 |
| SHA1 | 060614723f8375ecaad8b249ff07e3be082d7f25 |
| SHA256 | 64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a |
| SHA512 | 6c6903f3a3092fd3d63c373189f2c06e12de032ee4fd6b80a15f58eaeb2079f3ae8a8bcdac85a358b1f9070b192b1c8260f9aa127d009b5afce475f966e91326 |
memory/1304-1316-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 997d43b76d8af3327722f1bc8adc2ce7 |
| SHA1 | 84019aaf118b8b0989882aa0c6e1105a67c04d5c |
| SHA256 | 10a26c37ffd8efedee2322130230e7b661377b319f43fdb2453aa4b6cb4a5ff5 |
| SHA512 | 3e4145ec46bbf1f18bc3aa2a173ac8a46939303b7a064bcc69824d6d7e2c6a3ecd0a571a5944f111ce48c6372a7a4d184cc52c8d6e1f93e8cd1aa69565921327 |
memory/3660-1332-0x0000000000DC0000-0x0000000000E9D000-memory.dmp
memory/3032-1333-0x00000000007B0000-0x0000000000B1B000-memory.dmp
memory/3032-1336-0x00000000007B0000-0x0000000000B1B000-memory.dmp
memory/3660-1337-0x0000000000DC0000-0x0000000000E9D000-memory.dmp
memory/5020-1339-0x0000000000400000-0x00000000004C0000-memory.dmp
memory/1304-1338-0x0000000000400000-0x0000000000417000-memory.dmp
memory/2536-1343-0x00000000FF440000-0x00000000FF441000-memory.dmp
memory/2536-1353-0x00000000FF440000-0x00000000FF441000-memory.dmp
memory/2536-1347-0x00000000FF440000-0x00000000FF441000-memory.dmp
memory/2536-1345-0x00000000FF440000-0x00000000FF441000-memory.dmp
memory/2536-1340-0x00000000FF440000-0x00000000FF441000-memory.dmp
memory/2536-1359-0x00000000FF440000-0x00000000FF441000-memory.dmp
C:\Windows\System32\Vestris.ResourceLib.dll
| MD5 | 3d733144477cadcf77009ef614413630 |
| SHA1 | 0a530a2524084f1d2a85b419f033e1892174ab31 |
| SHA256 | 392d73617fd0a55218261572ece2f50301e0cfa29b5ed24c3f692130aa406af3 |
| SHA512 | be6b524d67d69385a02874a2d96d4270335846bece7b528308e136428fd67af66a4216d90da4f288aeefd00a0ba5d5f3b5493824fcb352b919ab25e7ef50b81c |
C:\Program Files\KMSpico\UninsHs.exe
| MD5 | 245824502aefe21b01e42f61955aa7f4 |
| SHA1 | a58682a8aae6302f1c934709c5aa1f6c86b2be99 |
| SHA256 | 0a265b4bb8acceafaffb001632fa7e4c3f8ac39a71eda37f253e15bc1b8db90d |
| SHA512 | 204b39e31f22ba99cf09c5c8458fc94ea21b47aacc4abd305f71ba20a35d36bfc0ff53b95180542911c9c6f259db897dee76090d953f7ee18a8079caefda7981 |
memory/948-9473-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Program Files\KMSpico\KMSELDI.exe
| MD5 | f0280de3880ef581bf14f9cc72ec1c16 |
| SHA1 | 43d348e164c35f9e02370f6f66186fbfb15ae2a3 |
| SHA256 | 50ebfa1dd5b147e40244607d5d5be25709edf2cc66247a78beb920c77ac514cc |
| SHA512 | ac31a972e9e93e6671f44d403139b0db89d950097c848fbaf6b9965b722215f74e9ed9bb9e083d31328101e6fcfe7f960a08b3bea0813900f11d5c1bb40539a6 |
memory/948-9762-0x0000000000400000-0x0000000000417000-memory.dmp
memory/6632-11303-0x000000001BE20000-0x000000001C360000-memory.dmp
memory/6632-11237-0x00000000009F0000-0x0000000000ADA000-memory.dmp
C:\Program Files\KMSpico\logs\KMSELDI.log
| MD5 | aefae2ff8ec7522b277fa4cba143d87a |
| SHA1 | bc9ce8984289093b77a179f8005fa37979a7bf7e |
| SHA256 | e0256052838d369d85a26f90ebb5a8b267018e6b8d7e8f4af6f1c42df252437f |
| SHA512 | ed1641868c82f239af93bc7e1237175604300778009513d317702a7519842f123a96911f1e3237e08c802c76dd5b569736b2e49b4ddc2a9b7e0dc0516556b4f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
| MD5 | 9e53e5fa7c169d75d2765f2bc82bd0a7 |
| SHA1 | 852cafb4c2b2c6b888f93c195db5791d0a23e3d3 |
| SHA256 | ca097acc3535bd6ed087707239a824690bf9ecb3fb4ffb693bb9f36f7fe6d28e |
| SHA512 | 9835533055a02adac4fabca4e8939f6ada9071c2ec991e8e8655188f5de9d224c177d1620e8be220645bbfae7d802473b36afde525d23371cdcfa7af52b8514e |
C:\Program Files\KMSpico\logs\KMSELDI.log
| MD5 | be319ea4746b2489e137da1ed4c46a49 |
| SHA1 | 57750cdbb09220c72f3699005f55c36eee57d06e |
| SHA256 | ef3cd05b5a11a540096a5c67b930312457910b401ee5e4b12f70ec65bfda6ec1 |
| SHA512 | 7b2dddff6616a580fb041f2776b232762d73aac572e8069d1da2a23ddca1ab450d3aaa766cec82bf481f21b1b86f07c9b18e75cc46fb7d86c8e717429c2c6e19 |
C:\Program Files\KMSpico\logs\KMSELDI.log
| MD5 | 3b17ef665ac1515402cecee3940a2f56 |
| SHA1 | 46515c1353d2af4d51ab6f303e3d12bbdf5c14db |
| SHA256 | 84a2bcaf6e4cbb64475ff114a4331e298cc8231e7f73ccfa12d90b7ab5090e9a |
| SHA512 | e10f35564f75cafbdf5054c3728df3ce023066e1e8774dcd3f267348785fe897a153416ae807c729981e9c129235d7891996920017ef9ca40dc7c7ac9449f53d |
C:\Program Files\KMSpico\logs\KMSELDI.log
| MD5 | 95f3d2573fa928b6fa50986b1b20ee56 |
| SHA1 | 6990697304229d8b80a65cb1e99f61b52af41648 |
| SHA256 | 6071a355e4fbf217f78a4b953a9b0073a7bf21b6934d2edb46d61419b39d89e5 |
| SHA512 | e540602ce089d0ad6dc1b56e880c8fba14cec61324d6f25b8b3574388348f82b77518d5c802c1a71d20c7ad713c474149da6ff11f4f79ed29ad0dc6bb3053407 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 130d9616d0630b1904f1998da47bf715 |
| SHA1 | 822d2b6d8c618dc5eaa41189e3693132fadc800e |
| SHA256 | 8aa6a7059b54b943608f43706cae08d1b5507ec818b291c2c78b596335ea3608 |
| SHA512 | 0806a8f95665ad6a9a6137bf7f1eaa9662baf00b137a4d9a15007f3f7af309a2f74c3141bdd14d37728adf143973e40b1ad1993550b2817cbd872c5f92eed1d5 |
C:\Program Files\KMSpico\AutoPico.exe
| MD5 | cfe1c391464c446099a5eb33276f6d57 |
| SHA1 | 9999bfcded2c953e025eabaa66b4971dab122c24 |
| SHA256 | 4a714d98ce40f5f3577c306a66cb4a6b1ff3fd01047c7f4581f8558f0bcdf5fa |
| SHA512 | 4119a1722202bbc33339747ea02fd35b327890d55bb472cd1e2146ca446d8ba6fddb1e8cf8bbfaeb08aec8ed2a9d5c0fa71b73510d409ffacd3908fa72bb53b4 |
memory/11900-124520-0x00000000004F0000-0x00000000005AA000-memory.dmp
C:\Program Files\KMSpico\logs\KMSELDI.log
| MD5 | 51aba7089689c3328c98b7978a21ea87 |
| SHA1 | d4f2f56ffdbaad5ac93577556e32ade9653b83b5 |
| SHA256 | 1df14eeb4905fbc144f6522719973f00fbea46e1f2ff37ebf4abf9e0e53d0204 |
| SHA512 | c60783fb988481d861090cfd2cbbbc3b269eac7c4af3150a76134d0adb609e9d55369402f37340b24d2700287a54f888647d6c6f3b013c1867ebc360ca06a904 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | feb0cf13c082d7cd1951c1251cd56a31 |
| SHA1 | 28b58978fc28b6e0a418ebd9f654129f1a925b25 |
| SHA256 | 8c8177f2a0e7903ff19284693c05efee57894be510f669e6215d5615b9841425 |
| SHA512 | 2ae58f3d98290a51a7fc846fb2cf4bcf098206a95308483b8f0ed0756b5f4a1083d0639c3fcdb4660a8f8bed7a5ceffdf5106db6e29281c3a773affd56cbc509 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 9ccaae73e4db3e4fb098d1e68cb26c82 |
| SHA1 | 4c11b486f714533069cb18994f7fc8ae49e7a00e |
| SHA256 | d6a2a710812bc4af90aea9d560b776962eeb1a476928efb36ac939897147441a |
| SHA512 | 2c8fb9cb94d494476a2e4e0df52a21b6c83eea291b6500fa8a9cb8f7e19f4c0fec1a1520582198f58ba71d6d7b58700fd94d490cd336cdc5e84e6f00de6eeab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97b531b695f3b65e8a9c0b8711b6e2d1 |
| SHA1 | 955870c651f4c2eff4c1b44018726aaacd03324b |
| SHA256 | 5767acc679f55296bc18ea8f4644e39983f78b2c4554010fe5ac21179737d46a |
| SHA512 | d7f27da009c187e80eaed3551a4f912304c7c60496068b45aa3808169ca1ae6776c006a4c5236f5238396d3acfe76106a837ee0b882cb332434fc6f36290bab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d6f3f2c4fe28835dda7c550005f3100a |
| SHA1 | f0ea20d0d93f59e155fa67e9765770aca8d21c92 |
| SHA256 | 88afac386ab5b1c9751b0368bad19ec47df2c9d351fd30cec3379db22dcf48e5 |
| SHA512 | c429abfc68c99455c4e4a414a7fd209bc8561f2abb9297299d213bc4c789a7679843896a819e53618655330ded7213b027c7b19a307b0a81a17fc932cc31be2f |
C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\8d462e8386e76af6b0c098c3dec959fde2367eb3a1aa0d49313bad1c63bceb62
| MD5 | 6d847393f9094c1d191475939e0acb47 |
| SHA1 | 6bf419eff9297c99c103f89cb23b52d5e7f50093 |
| SHA256 | 8d462e8386e76af6b0c098c3dec959fde2367eb3a1aa0d49313bad1c63bceb62 |
| SHA512 | f21bdf989915ada06d6f1a32d9b54ba67e3594dee302548fd2afd5ef6f635e1169e688539c152c96c4fbbb9d4c9298f2fdd86d85f6c56c39d542ebcce249cb6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 371294454b39042064813ac9bc47fd9f |
| SHA1 | 56b036f4d5dbb89387d2c7d8322ecaaacc876eb7 |
| SHA256 | 7070c3c375ebc3089e12b43d36fb3ea561eaaa91a900b78bb0892a9ceebe4b49 |
| SHA512 | 812ca239d335a8e9f32b765fb0f70be6e14bde0abb6de7f4e7b68ec0cdcd2b08bf7f0b770317deb5ff69b82d6507610622bd00486cb8fc57699daba724fdd510 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | feb5a12d3f70c17583f21872a9f643c6 |
| SHA1 | 3565c240d6a2570501a0ecf5383559add8e313d9 |
| SHA256 | 3349d73d8de35c63f0ee8999f879c1b7ada57b1916f906752fbc9182aaa8f27e |
| SHA512 | 4cf95328d8c124da540477560169ec7c72ea8690fcce3e9ba0fc8220203e5728e65a588d89368935a79bcd4b7e5200266749ac6e12a8bdd417bd5f815e78efdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 59611ca3a8485abc30e9b6bb49c1d1a3 |
| SHA1 | f06c870c8c5e3600523228a502c3c903e947a86c |
| SHA256 | 2180f4d707631e4068a4c0f8cefa1da94af86c11dc5fea8b75c8ea218e7c11dc |
| SHA512 | ab61d30eb84b07477438be57cc4f8462315e9d7ef1d803da28471b6b57ba90a53e53564fd0a47c08028844cb15665bed798bb6c87ad1a6f3fea673c717bed3d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 29c2ac894df4ac3a1c06f2ccd30865f9 |
| SHA1 | b9eb791b8961188b43c8e8a7f99e3264952d62f1 |
| SHA256 | 12777c0cba32489b24653c827d7019c2efd53984601ad155080c4988370f8b85 |
| SHA512 | 229fec40f16085627eb91239e7880b9eea7c525e25c75086d2a0e0bd051d2ad29a9a2eff49cc1bf700822f537f570bfbd9e8e1e405a89007f65066b147b49d8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Program Files\KMSpico\logs\KMSELDI.log
| MD5 | b386a893e55fe98301314a09a0063dc5 |
| SHA1 | 989db377cc02aa1d4078a3f646872080adb72558 |
| SHA256 | 7ad70bf75af74f31b46a9d6d0fee384fe192eea8288ac70de6cc11b1e8c0890f |
| SHA512 | 1986ab2694fb226727c821b0c94fc0e88d575ae67f045bee7d6b1434f18e509569f3d16d942025e5a7fc9806df779efcd616c3016fdd881f911097f674ad1136 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Program Files\KMSpico\logs\AutoPico.log
| MD5 | 7215d3613059fd574ba11e9199d12b0d |
| SHA1 | 7b802a708af18763d20e5b03844a56d61171502c |
| SHA256 | 7645565203cd64c0e7cf11484ed3363bcdd65ced1459e2645f03cc1ef3a4d2a3 |
| SHA512 | 9fb66898b3dd637cbc6529c6e3e39c323bb04e631974776e06eb701b3160838d4a6cb3aa627f7574258650dc263b543da3b23db3864631a2a7128a3b5cee2c4e |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 4b78ea595fbb31ccd695233717c5ab9d |
| SHA1 | 8c0e953807128d58ce82d67f97b3482111d2bf70 |
| SHA256 | 809e79c8ffcd971b588bc2507601299217261b67066df2157e622d5cb9801bac |
| SHA512 | ab33321b4d5871fb12a304b613b10994a659f992d6522f3e6f91975959d793fd8a6c18e1e0bda39eeb5343262ecb20105ab37ff55a8c11b03c12cf43ee20f1f0 |
C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json
| MD5 | 7af2f67e4447d6fbb5159546c5c764f7 |
| SHA1 | b73ba42e70a18a10a91951488afaa0beccb8203a |
| SHA256 | 1610d0bb4d427fcf87ff37ae50ab6483ae10e4da41ef31edbe5bcc1f59b95a86 |
| SHA512 | 3b4332487f0aaba893e822b170af7d55bbc47e28b636e7afbc635bca105d39f1b6c084e024dc91875e62f84cfcd069a6ea5614c5883c6fe7de48d48508f61d30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a16034577b6c64c4eee60e9968e8d2f5 |
| SHA1 | 167e43558cabeb5af215e5f8c3f2fa6da044009c |
| SHA256 | 84783700347c0a7e5a0bfd911e501ed1c9e7a1d457fd929fee8af7802dc8053d |
| SHA512 | 5378d8c4ad2927136e09e3229affe4afc47a268f32cbcf8be9b81dd43323853ea67f1cb6597f20c84feae4dd02d788fe23d660f42243525b075d7038c0c8ee80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d86a83c3d15aacd628e46e05af862bb |
| SHA1 | 332bc810251597df14c80e571d800d4418aa7f6c |
| SHA256 | e4bb390991530ff6a1bc551bf272ddb7d66f9033d7ae37625c78589e21c90a3f |
| SHA512 | 13672b5438c77ba1de0016416adc19b56298271d0d7c750a7ab4262b26b73ec2ac2c7a47b1ab035327c9dd1580c612b0b2add7c72bec25afa1576c1444f2dce6 |
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
| MD5 | 845f5e16a7cb826993eb62257cdefdfb |
| SHA1 | c353aa3e1e24d13a8e0d332df7f6a3313ba30a50 |
| SHA256 | 22ad2f954435abef2a14e42945fad5d803806ad744deff8b564575fcf68c944c |
| SHA512 | df6ff424a42cd699d0a39e77bcd01c6abb29190e13ad888810425c1ee09fc7dd7a9f5188df82d5b6db985b71ce97765191c9d79096226e9793734bd46b35c2af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e25c6.TMP
| MD5 | 35d70980a747f1d808494fe8d0b70415 |
| SHA1 | a9e34c3766233cd0df3e4875c6a617d80c958d20 |
| SHA256 | f8557891154a5f3237925a15f96087ae8dcecaadc6ffd63a88101f993335d832 |
| SHA512 | f013e74e34b7f0e9662a5753be299bc8279401bf1be4d822bde5198bab8053954d3c0b694343407fa57edc9a1a3381b9e801a39227b5e89288bc534c513cb0e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8c4eb768ac28ec32442338a33547a85a |
| SHA1 | 4364dbd278a8d8553e882683cd897097ff0f15ef |
| SHA256 | 6dd7de2c3a94cdde39fdb484ea84a14a9d3a2dfc7937463b508392dd7da14acb |
| SHA512 | 9084ac90caeb3e066b9d002a82d775aafdce386765488b8fff02ec26baeac43005ebb8103904ea54ac061bcb9c82980391044ba90f327a1ae62eb98726ff68c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7e30692a4e76c8eb8c6494e95123d66 |
| SHA1 | 3dc1d73d2bd2b73ab18766cdc7bbe6471cefe939 |
| SHA256 | 6a3aa5e1fc8c1d2c76953371fa34b410c2e0e1c6fec8e81e6caa684d8a38f0b7 |
| SHA512 | 775e6dd9c51158d29eee278f09c5c67bf1da3513b957daa4ca34bd5e4b3e1434c2b6a2a5e65e1ff4464c51e3c0aad2b7fafd8d48bcc827fb450e2b7a73c1ea3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 33ee971313382f0ce66c959636af3867 |
| SHA1 | 37914609a9b1a7c0ee99c75bfb23ea5e8f0e42e1 |
| SHA256 | f08528578ddee59a40057a0d28dbc2a199162c5b4d69e614068eed70816f8e69 |
| SHA512 | 15e2d15f1c7ee69a4b64c8675e0cd1d7f6097d343e1a43ebd200403c12df518f1171624d95a2163bf23875fbc5e984e2827b6e193a638c4366869ec2d7d89f71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | c499f1fc8cc86e175c90dccf1496d628 |
| SHA1 | 4bb890c851688d30adfc2bf6d49c0632576b7532 |
| SHA256 | 04976cdf025d802d79c84d75bd7b6dad1b01a3b654f79a926e09fbeef2191355 |
| SHA512 | 19c954536aa972c86af9acbe4475cec558f1a010bb67d65f30a615a5b2b7f5d22ba0430534c01d311b52145b9229dc43ab2fedbab8c00fa94a29a09541d86b5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 746d765d6f3d4e06e8bb95bfb5869bb0 |
| SHA1 | 984e0151726a57c46e0b524ba730a61f99b4fd9d |
| SHA256 | 2bcbfb4323dbf1b34d076856b459797de0905437b7ce580d357b1e2e0877e35f |
| SHA512 | 5e532bab47f986103a94a132d6d9195801096644de29b68be5c995d6c159a26e1feb0a8fcbaab7e49c34c0db7cc834980630a042f72ce8037d10f78970ec4331 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_535296543\manifest.json
| MD5 | c3419069a1c30140b77045aba38f12cf |
| SHA1 | 11920f0c1e55cadc7d2893d1eebb268b3459762a |
| SHA256 | db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f |
| SHA512 | c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | fe667aac020a2a9fb065318625a7b9b0 |
| SHA1 | f9378ed86f47ec10be516678c7e8c3a46b5600b9 |
| SHA256 | f9a06ceef537b566861dd2583cf6977c1d3adf2ab219e1e2cfd62e630883c44f |
| SHA512 | 4dfea990d94b16efdce44926bc374db4bda8a044a3434c0ecfc23b7c3f9036f00681c5334311150bf172c8db853a1c575050dc445a2edb7b75d3e11625f04c13 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_387712918\manifest.json
| MD5 | 89217e000f3145a2523e43f947208e79 |
| SHA1 | cd7915d003ee87f2babc9ee9add12841022710ac |
| SHA256 | 6722a860c855cf94a54fd1ffdd3801c4c949f5b67d8601ad300264931057f2bb |
| SHA512 | 385257ef9c67d80006eb350ac79718f30e08d810a1568454806f2505b482e0093f784d0d4cd24078317f863db500898343ce69391c0ae7fc767697f6da38eeaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.5.15.1\keys.json
| MD5 | 03f15dff10ac451682f8a308674ddf77 |
| SHA1 | c723e23c49bed8a52b8f947b2cb8879a110fc94b |
| SHA256 | f967e18d5b1839ba801212f032e7e6dd92f7ba6958bc3ae9b122d9fadf2b1bf4 |
| SHA512 | df8fdc89cc1e6f2edce49b41bd9f71dc7f7a8daab40f1355415119f9c0a0d5067337d966472ad49f855ecb9a89bee8d1711d8a869589a03e469530ee8d7e0f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\1ebd2abd20952511_0
| MD5 | 801cf0335c4fc29c37c854934475ae8c |
| SHA1 | a73da5fd28c410d28cf07bc5fc040ec5b6d698d2 |
| SHA256 | 5a874142c2d6aa91429b7e8a9735faefb3d5ba8524eff12cb7ea09a940c64c00 |
| SHA512 | 716fca0a58c165ee10da1652b7d567135a05ff5f06de5dfa72921a51b44923c099e21890b62811e8bd4f18b9ef7f0c2fd953069f607053f7fdbf8a6da4a6000b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d38d88125f9dfb6d10ee6bd2e59782f |
| SHA1 | f4ff0d6136cf20fa27fc3b5f53b4616de1d29e21 |
| SHA256 | be804dbbb423f4ccf3bff4e205727e6f7dd57f0b6183cdaa020f35670b4c4c3c |
| SHA512 | 376a7eb4a09586eb2c9db2cd1357af44b65fb814d478e491bb9facba90437e5f94f28a9d2a117dc2e1c54046033a8554b6eccbfe21cbbc624fdfb3e3fb16e57b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41ee5c9bcde24aeb6f202be50b31332b |
| SHA1 | ed97216fa6e705e16994b5034eabe07da2c838b5 |
| SHA256 | 4839194a8af633d2dac5215edfa2d7b8f84eeb172dfb399cff021a9879b38cf4 |
| SHA512 | 35fcca1038e7fcab6d333b95f8b99748c79eaff37ca3ed00a1c7d50331bdf7019a7823f40670f62204f7cccba01b6afeed5e86ace8eba18f4adaf4bb0c05f93e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47a8cceb594e9704e241893a2ad52bb3 |
| SHA1 | 560c0db1be023c179ff872c2f5478c201d99703f |
| SHA256 | ffff2578c929f70893b21f425d22c8b392cc8c5a88d3ad3537f2ef063c9fd8c6 |
| SHA512 | 243f0fd4ac09015d18937d70c795f8bda3facf3112e7d95800c0ccd9b6ccf97441aa63eaa26e89eb524606d89608f742ef1c700563e7a8de61faf904b29451d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | f447414bdc80bc0c3dbe879c831499e2 |
| SHA1 | b4563c893b82701721aea465541a5c01b456a287 |
| SHA256 | e2f51dc0e2dd0894d754cb9be8e072295bc564e846ca8bf383624bb700753bd4 |
| SHA512 | c0f499b5f64b6a95d1b5d4f551e3d38299108baaa58670fa3abb1d4b0666fd2bd5a3f65e99af14e5a76b8bf1a1286086a0637857d68ed3fe1507c8d5aaa52814 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23092c50543785e845d832afdaa35b54 |
| SHA1 | 762e2af6402cfa0070ba1ed4ef4205266bb4bf67 |
| SHA256 | aa679fa0bef6c1e834e25cae0b99795de41ddbebd0381fedf1378a6bfc667624 |
| SHA512 | bc6f7089540f8a5b01f068bdd19af409a3a9141e940926b7696ca03bc4183543540347b5302dbc6fc512164f7c50fbcd7ce4cc1ad5e4a10d9e2f77bcaf4c5f1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27bc66e247f8a868e7914cafff7ab95b |
| SHA1 | 90ddfaacec0ed2d261e2507a9a0d98db905549ac |
| SHA256 | 299570499d0b09b01309002e0296419a17893d78000f99dffea7a84d090b8c83 |
| SHA512 | a3a6810f23d0e4fcee0426a02280402d9311e387760435324c62038d6e8c4bb6ec40277a0ce64afb77953118bbc21844a8f22107fe4246f1c6cdb0ce7908229c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 9436affc97843765a966b3568fa7e5ec |
| SHA1 | 7bfda74bb30589c75d718fbc997f18c6d5cc4a0b |
| SHA256 | 7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916 |
| SHA512 | 473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 2d0021d7a4e87ce4760baf2120cc96d0 |
| SHA1 | 4526a9548e69d9cafa8b438fbeca54122e80d589 |
| SHA256 | c91fdaae185a9c1cecfabb2078388fb3c7e38f5dfb6d35fc5466a127f5090a62 |
| SHA512 | 43c8e4b35ad3e1570c7e1b419e3a10d6104ceece661874717da00f07bc96134ce33378ec8ca3d5fa8180cc4847c2982c7408f45a19e5c6d4a4fabc3feba75cfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | b9132df98b5513d561b5bc073b7149a3 |
| SHA1 | b80b365943601b191cca904b66bd9f367cfaae39 |
| SHA256 | 4ffe9446dd873ec420ca3397dfe970b2d8b02862adaa2567ae582aa9561d8009 |
| SHA512 | 4260de3cece0641df3e9d47cc1456cfc6effbb528506deef148b2d0b58a8c1d5daba84069343dbd372b9a23edf87c83c1b58c6d59a7cb69f6bfcdcc39e665811 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 5ca16ce263586f7811f2a4f54bd98713 |
| SHA1 | 464c41a76313a92e638a61652f2ce05282aff7ca |
| SHA256 | a6900da3c4db77ecd85801601d25600ea403ff584af0f9b09ffe3b0ad3c9cd20 |
| SHA512 | 9f2e3f53c87ec9b578e3926300e5a0c82a2b4748701c70f23b18eb4071f8f97d8512ad809a3132d8446005032eaedfa46a397a1de6df40557cd7a96e22b95346 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt
| MD5 | 568e7e61523398473af556dae2918fb7 |
| SHA1 | 4091b1e52408b3ab3d34683f0b442fa35e661f9c |
| SHA256 | 5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541 |
| SHA512 | e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe602186.TMP
| MD5 | 283c90462e85f0c45c70c553ab126740 |
| SHA1 | 7019e6fcde35b6235252415ea6545ea7628d6b91 |
| SHA256 | 351d961cbc900ae2dc45e657680d823a837db95cf7a454ada22c0171072124c1 |
| SHA512 | a1149ff41759355e70884d5f524c5ab56690122dd569a659f81754683b65e839b46a039322899361a020479a484d47256d48c8b8af23b28daf3bec86b758a79a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\edge_autofill_global_block_list.json
| MD5 | 83fa257627cb07f25d59201b73b39c90 |
| SHA1 | 4f0997b451e4c4a3b4d6b6641eb9ae27ef2b2e3d |
| SHA256 | dfe5c91426765e7cbd52598f2de41e5196cde1242dd941a824419ec94224a135 |
| SHA512 | bc7258fb88aa77a36f2145402b3fefbabf3e21473294f1227b0cd7f3a75ee9f1e77bd30e3d5df740340a7f66d25d5637c6299d3cd3c50181bf5beac4f6fb33e8 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1869597684\manifest.json
| MD5 | 4e81f856241f98ee1d9f66c50d82be04 |
| SHA1 | 35baa5754a213e3238d8827cf1bea868f9e8187c |
| SHA256 | 3cd3e4d5f61b46b8ce46662b10c6ba8fe34ac8e103e15f672fa7fb222b8416aa |
| SHA512 | 70643b61d2c7769af52a34c2d87f6230cb61985decb865ecf376855b3f1888fdf3aa477573f647e2e09c09ebf036a711b5a57f333f0285d05eae5972c7d31afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\v1FieldTypes.json
| MD5 | c1a0d30e5eebef19db1b7e68fc79d2be |
| SHA1 | de4ccb9e7ea5850363d0e7124c01da766425039c |
| SHA256 | f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1 |
| SHA512 | f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.16\autofill_bypass_cache_forms.json
| MD5 | 8060c129d08468ed3f3f3d09f13540ce |
| SHA1 | f979419a76d5abfc89007d91f35412420aeae611 |
| SHA256 | b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92 |
| SHA512 | 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2ba5c5fdbdf81608773db963386b2a9 |
| SHA1 | 5ff849b17c49d117907588c35109816a289ce604 |
| SHA256 | 9b67ff71a3ee5a713fcd1a33536fb001497dc52f832e99afdf9c3a4360aa92fd |
| SHA512 | 05c60a1b03089dee1182a07657576050a0e9ad2424962e3403bf7a3091c73d16a78ce1d9119501e1fc7f5763093cdb73f58ab0d36cd9f332c2433c232418817d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 592fcb5fa047d4d161981fb7bbe063d3 |
| SHA1 | 1002fb1843215f16cdb0ce8595efafdfe2bc463c |
| SHA256 | 7ddf90f5cd29e8270b1e2f2eca15abd4573ae55fdab0027a75ba54266ed6922e |
| SHA512 | 11ee5eed9ac175c38a5a218c0bdadaf562617a2a5911ef697f68c724ce891e0087cb735177d6fe1d99f968853b00c278006a5cd9dcab3b3a4ad7b1e521df2852 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7f206da9ed736cbfed00e58edc87800 |
| SHA1 | 8f8f0b7a94ee43ab94943fe8c8bd8b43072555c8 |
| SHA256 | 08dafd3ccaf92ec5ae6cd8cef5ac9d1e3dfbba3c93060aae0049832042d5959f |
| SHA512 | ba39bbebd9d8b2b0377780e82d2f6d076d44b4adff06b3f8da0593d1659e6cbc170ae905fa0aa76526556e3c09b32c21525ca63c1429e4473dd2735b1e12412c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bba7312b8792cf65a379e45b48236b17 |
| SHA1 | a15d108d2cb454199bbc234f59d3dc258183c694 |
| SHA256 | efb133d3475a40e8765d707e4d646439a4be8ad236bb6957e63ccaea6a3d2808 |
| SHA512 | 3da08f1c4691c39c3cb07fb5d05fd56e659abd25b6141dae16f619a147fa613b761aea2cc1ea4c18c4139c5c642f2a89b5c4c76ec77eb4d326fc0e04e7e33b30 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1014902142\manifest.json
| MD5 | 811f0436837c701dc1cea3d6292b3922 |
| SHA1 | 4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87 |
| SHA256 | dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d |
| SHA512 | 21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll
| MD5 | f5f5b37fd514776f455864502c852773 |
| SHA1 | 8d5ed434173fd77feb33cb6cb0fad5e2388d97c6 |
| SHA256 | 2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e |
| SHA512 | b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 888e4040ba885772176c3d66e74b9c64 |
| SHA1 | ae75869fc7f260bfedf715a8cd151ef32aab6487 |
| SHA256 | 8abc2bd108ea17745c5052f2c877c5121b6cff19ea1729525a749f21bff44e5c |
| SHA512 | 6a7ab9705e0ba64600f7c93b05950ee68fc8c8496689c89d174504840c55c8481c81cf1040f25b06ecdabc7171b5071a940faa2068c41419c23d3a22dd8e7fa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3a3d978f0835ff37c9b02f17bc3d7c0 |
| SHA1 | f8796a68bbb07b7b546a8ff8caee096b74968aba |
| SHA256 | ce373fd6b4062849c84d3648df8c9ea5675eb086900e7784e7b920057d76f07d |
| SHA512 | d84c362b6d852f8664ba343a23f5c2248904fda292a556af2e820a1b70e331048a10dfe342d15c9f061d5e3c575978fb0a334feb785dede31881cdcc88b9ad93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | cee707783110f88384cd7f467ed90395 |
| SHA1 | c54c0fa63162ab3ff2976e415546efb4647de24b |
| SHA256 | c646c3fb0b3b717dbc85080b481ca3bee439cb1b0197114ce32811214960bf94 |
| SHA512 | 0e284a710f2b9dd48560660edc91f0a5e5d6512eebf43ce50d3e8734ea4f63d92b296fa03e96b1786f0a1187d5ae39f16e72a20cbe45cd4d4b0e6426a5943b9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 954af218a25453e8251c2c0cb6c62b28 |
| SHA1 | 7dd77290f3f5d07934480a92e3dfe4c9f247a2a9 |
| SHA256 | 0b028893ef9f96bbf1128e72d62d9e9bb02df28f1c07f5dc72070691c3d06eab |
| SHA512 | 7e0958f84292a61e11fcebcd22bcf20bdb5fa60d6863583b269d852242bc7d67a4dd92ede53d56244f0c20adf3581d76267db0fa63a984303ded314075009717 |
C:\Users\Admin\Downloads\ChilledWindows.zip.crdownload
| MD5 | 5806c691583167135665b6aac348d3b8 |
| SHA1 | 34d14feafac0946097fbbc03e3be2b235392587d |
| SHA256 | 00cf66b0bab94b1ae74d534160a801315df8a7efea764cda906af49f99be54e9 |
| SHA512 | dbcda2362ba5aaba904087a512e3423e2356f0e824e4bd4de99f277316afb32e03d6f8ea109d4d046ba9f14fc32f21a5d80cceb982fbce529c6f15abd7c6fa7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a0113a259add1c66e018d442bea57aea |
| SHA1 | faafa32a40ad820f3910173ff727b609251ee3d3 |
| SHA256 | 2402cdfbfcd582e8cbfbcbb2804e585aa52a5ced1d54ca89e6b912ab4dcabb6b |
| SHA512 | 3dbcdd639317807bb585239b491828066813b3a25f9e0aab290349c0fccb313a487f1fbdebaa94ad7f6a99654630bec35464225aaddc7192f7d0d80286eaca7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9f2772caf89490d1306686649f52e32b |
| SHA1 | 8739cfed2e0095af8d8929e03ba28775310e6cc9 |
| SHA256 | 672b95def316c8368cbb7e310103820361e2777451df70594da0809b7aaa1bc8 |
| SHA512 | 663b22b1c5968d03b33794cd13ea223f362270438f1be8eb4139781fb9fc455746d2e557c62a521bda0d84fdb09b6f5ae7f220b25f4933c692c7ac4e52b079ef |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_527508602\manifest.json
| MD5 | b721bdf2924d658186ac8868dbd2c008 |
| SHA1 | 914aacc65bb7933bd73aa06f8bd2ca0b04de3858 |
| SHA256 | dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3 |
| SHA512 | 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 329a2b0c047c4ed509ed9fda25b38fb8 |
| SHA1 | 50c584ae5a5c308488c5c4ac51d29597308be49a |
| SHA256 | e81588b364e34ca98ccd8f26e04619e07fada8f2410984fc5c853e0d84bd227f |
| SHA512 | 09bebd7dd0ac712466d91aa49bd34c6d2649d0d6fe3a92330c20b1dce65453de701a20220661ca34aba7b79a8e4001ecd49b254008ec413a192e970f26b8f3e4 |
memory/11296-183442-0x0000000000ED0000-0x0000000001334000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/11296-183454-0x000000001C8D0000-0x000000001C8D8000-memory.dmp
memory/11296-183455-0x000000001CF80000-0x000000001CFB8000-memory.dmp
memory/11296-183456-0x000000001CF50000-0x000000001CF5E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 0a4c6d652e00e1532685ddf25ef21960 |
| SHA1 | d4938c4bf2e54d02889aa2170d416ff59a119185 |
| SHA256 | 85cd04956e186b37187aa5cf8cfd6f2d346bd9bd31d1c9a8fd8d1aaf56825cea |
| SHA512 | b0183f52cca8835cda4769acf9d477a732bc7175a44904bd7e36cd8c10dd5ff8634f6320e51bb7a504d0a70af504d35631048dd3fc3e6e8d6a6832f81d8049c7 |
C:\Users\Admin\Downloads\ChilledWindows\chilledwindows.mp4
| MD5 | 698ddcaec1edcf1245807627884edf9c |
| SHA1 | c7fcbeaa2aadffaf807c096c51fb14c47003ac20 |
| SHA256 | cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b |
| SHA512 | a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c4a5456dda0d2a5a5c1f3d123847afcc |
| SHA1 | 2f331d55edf5cbf12d6fd7ae85fe557b6986a29f |
| SHA256 | d8a557efca29080023d26f2f56b3b540836f553a5bb6fa43178800ee15f933b3 |
| SHA512 | ac6f9b4166849ffc96a7df2211607118c55cacb101489a1812bead37211fe6b840b045b87b941ff365be1f2013f551ad297a37506fd514cee7d4cfb11812f7a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | f12d8dde2dabb4f53b4c264b85619688 |
| SHA1 | d0d4e3bc98ccfb84719a40b47ab0ec7a386fa9a0 |
| SHA256 | 5df1578cc767ccac603861808ec82fa1a938003ef9018816e60e5ad35abddd70 |
| SHA512 | 1c67b2d2bbf87b9fa6e551f81827e4f0f5405acfb88d6d97157b0172488e1e42b41f3f2f613a0680a9acdd2a5e9aeea64c6037a80836d70021ffd2dffe4d1d5a |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_1066959321\manifest.json
| MD5 | ba25fcf816a017558d3434583e9746b8 |
| SHA1 | be05c87f7adf6b21273a4e94b3592618b6a4a624 |
| SHA256 | 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11 |
| SHA512 | 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a85f30f82a4bb2cb1fa6b5497956712 |
| SHA1 | 5b6ad152b160072e391fdafb5b481965d88c8d7e |
| SHA256 | b6fc329ce93efa61951eb16b8505f790e9ad0b1dc9abe3304297da8a6c669f0b |
| SHA512 | f0112d6efbac5c3cd8daf6679c8535b2bd57278caa387b671ef55116885c90712bf2963dd5ca48c780cc57ec3e7c5ff81a0a34befbeee397e50da9af361a020f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | b8daba8922dac43a85788c5d08e3883e |
| SHA1 | 21423f56dc5464742167f6d87974165e4a0ea8f9 |
| SHA256 | 34ce1e0962304d500ccec400613e5da2a30e470679c9b6a477a031ca4b6cbfa2 |
| SHA512 | ae0bebac7ca7b03c962590aedd293f58c14dd5beacfac785b7d8ee2f2f1d38f6c0a6b393491d6f8261c0fb0fb677d48e0c7c3fe8795d825a85c54eaaa9b41ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b7bc502c-873d-4762-b6cb-dfe2e898061f\index-dir\the-real-index
| MD5 | bdd4e2ef6771c880077f4d492c4bdc8d |
| SHA1 | a942b7d27f7818c60e49e8acd505a1b1eb5e3193 |
| SHA256 | 584174cdf2bf4d5b012dc2c9160295223ca8751b08bb7d336a755ac13740938c |
| SHA512 | 88cb3c980ae84a5f2ebe9005315965bd008f704467c54a09f405b09bf427240110127e11d6417bc4875d8d06ac741dd9fba88648a5ef9c5275231e7a80254324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b7bc502c-873d-4762-b6cb-dfe2e898061f\index-dir\the-real-index~RFe624e59.TMP
| MD5 | 71df510c4b55c19ba3df685fe84bca9e |
| SHA1 | d51d5ef73d8847022bb11389294ddd362267565b |
| SHA256 | 0d0972c16a1750a79453f5c2817c9cdc2b3e4c501a8cf97c847ca1a91b9094d5 |
| SHA512 | f45377214615511e56d871b52c57871ce6291e3aafd5561cab8fb17df753672ae490be6e7906280edcfc3fb8c0c860155a5af6585b96bc4f6dd285bfc3b55ddc |
C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\93cabfe024225a474280813904d8fa551c1af9f9ff31dafa9ca4a97f767da578
| MD5 | d59d2f4f53e3462939e0338b64acd0c0 |
| SHA1 | 9da3fb4d0faa27319eaf9f435de2ecfdc4977b63 |
| SHA256 | 93cabfe024225a474280813904d8fa551c1af9f9ff31dafa9ca4a97f767da578 |
| SHA512 | ac61489a7a883556fc221ee2e27b8233f552672f78e6bc7c9d2f8a1d7a65611805fdf3b620a92906737cfabd9158ca44a100ab9180ee8f00c7b24cc6831ec0e7 |
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\prefs.json
| MD5 | 505c73dc944c5a399cd9b4625a41fa4a |
| SHA1 | c8fad10f66bea618903021d51c2536e937c2a50a |
| SHA256 | cb98a4c8e87bd8233843f13a62f0632161b4ff6ea77646d66d1cb5a8a99a6622 |
| SHA512 | e78555246b2b341a39b306ef762ded0d07be9ecb6e57178370c0a670603ce8a5a1c3731e1e6b476fb5d4bd4bbcb9904d9c1f465b17614b7cb60e94052f20dfed |
C:\Program Files (x86)\Google\GoogleUpdater\crx_cache\metadata.json
| MD5 | e72a4234d0426f87334460ff30f2e1f0 |
| SHA1 | a6602792d9f14b76af3f8ba2176c9ae19b22d2e6 |
| SHA256 | 45dca77ec51d452e08dd8730bc8485a9604312a923d21a40cdfe93610f765c74 |
| SHA512 | da79bd1f38c7aeef26f2f225f82fca28673aa57246651d1c88e28fd2696c75f15e9937ad7466a0553dbfa814ea0b02e6e2446dba5ed0d82bb997bd9288e720fd |
C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.3\prefs.json
| MD5 | ff276934c029721d0aa99507d1a5a0f4 |
| SHA1 | 7cb7a06e88e1fa1a536fdc13b1f40c78d0638c36 |
| SHA256 | 22c5fd592e40b37d9d2cc458974e4c09986001c9780814a9de81ff5a68967725 |
| SHA512 | 531ded8289a79a187e48e844467de652b473377fef902679677f2ef2389ffed7d18121464589a36e0762c0ced6c738661a2448fd1029682bdd4b469a3ed38c5b |
memory/11344-183647-0x00000000002F0000-0x0000000000300000-memory.dmp
memory/11344-183648-0x0000000005100000-0x00000000056A6000-memory.dmp
memory/11344-183649-0x0000000004C50000-0x0000000004CE2000-memory.dmp
memory/11344-183650-0x0000000004D00000-0x0000000004D0A000-memory.dmp
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\manifest.json
| MD5 | 2617c38bed67a4190fc499142b6f2867 |
| SHA1 | a37f0251cd6be0a6983d9a04193b773f86d31da1 |
| SHA256 | d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665 |
| SHA512 | b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_381980533\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 497c169268de5ef20a39e1397eb2296c |
| SHA1 | 1951ba9f5608cd8f5cf5665f7490caa1330b74ff |
| SHA256 | f0cb1c7c124afe95b0bcf3327362cb801e76182bdac8dcca927c26c9e92a56c4 |
| SHA512 | 42cfd7f31bf9065c52a75fdd15480a7df02b6ed40972050eb44b8b27daf076a77378afeb8b32d195bd3315405c8faa3d4586fd088a26b5a1e313b6c4f093018f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 90e758b6d2647bdfc1e937348b45c4d9 |
| SHA1 | bb59beebcb12ea813d2510f5c68983e1af46e70e |
| SHA256 | 9d54300537aba11b0bc9f596551b805c1dfcb16b852dfec0f53b096f7de0f486 |
| SHA512 | fcdeea10faad9696c897b2066cf048c64e214b1916aef4e30fbc80d5e6152f52dfe6b0c40215d7578b01a996fe41a93160550132954ea0d5baac0f000b4d855e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13392140581584030
| MD5 | fbba78ba294e69e93dc0af1457697c46 |
| SHA1 | d6ac7725f05ff83834757a1a221b0a1bf4895f14 |
| SHA256 | cbe871d79672ad02aee4231364f4b58ea5b75ef5349ec3aa97655f0ecf8c6a6f |
| SHA512 | f7a41a786e3e105323f933badd39cbd98af84d75a7767b4507fca3574114788f5b8cd67ea451f4200ea3ebc6e61d185d8684760e48dd7b70f11c2b00f3b90e40 |
C:\Users\Admin\Downloads\NoEscape.zip
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0065959ab2224bd55d674ac4d74d254b |
| SHA1 | 717ade70fe043511da8c0c2a8e0abfac76798598 |
| SHA256 | 13e76dd8baed7e9c1e1b0360f360a81b03260790f30da89bd7ca0c76e248ec4d |
| SHA512 | c27003f2f8fc0118820abbb10db250df5131ca5753cb1b5119c1d4134f4a771333ea3c6ddf21598ebefcae2efaddb8f06a27b768bb3decb512d9a2672af60de7 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7060_59027558\manifest.json
| MD5 | a4edf901d950a9758ffe578ff1b03212 |
| SHA1 | cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5 |
| SHA256 | aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd |
| SHA512 | 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules
| MD5 | faf01ed2c0020f8fa512ff379d82c211 |
| SHA1 | 233d104dfe718231837e33c5543085b6dba5cd8b |
| SHA256 | 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750 |
| SHA512 | 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31 |
memory/7312-184075-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Public\Desktop\࿘⌗ᘔ⢨ᣟ፸ᑫൈ⊳ၺⶋ᪳ᡊᴿ⒉⦖ᇭᱧ⯄ᴤ⟠⤚ᓇ
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
memory/7312-184252-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\74bf91e7-4840-4259-854d-8196b9ccc9be.tmp
| MD5 | f07eb90d71896ca1ba79a3b5c3fd9ab5 |
| SHA1 | 63be865c9f21fd43e5f30d7cc8f408b07e221453 |
| SHA256 | 8a72f311885d776d2ec25ef80e646a960e91e8424da4952037192ac6ba85d2af |
| SHA512 | 9f2df6d7fb8644e626faefc9283665ce66489cbdb888524479e5904d56de4e0ea5d298c3e71779cf51dc82199176481b2aeb5b4104a5acfbdcc81ab770b681a2 |