hxxp://www[.]mediafire[.]com/file/hnlxskdpxg4qq2f/Zecki%27s_drumkit[.]rar

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27/05/2023, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mediafire.com/file/hnlxskdpxg4qq2f/Zecki%27s_drumkit.rar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133296979936061861"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
164	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe
5028	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2788	2460	chrome.exe	66
PID 2460 wrote to memory of 2788	2460	chrome.exe	66
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 2904	2460	chrome.exe	69
PID 2460 wrote to memory of 3352	2460	chrome.exe	68
PID 2460 wrote to memory of 3352	2460	chrome.exe	68
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70
PID 2460 wrote to memory of 4580	2460	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.mediafire.com/file/hnlxskdpxg4qq2f/Zecki%27s_drumkit.rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ffd73189758,0x7ffd73189768,0x7ffd73189778
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2752 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2768 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4488 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5376 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5212 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5500 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5960 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5888 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5652 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6180 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5840 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4936 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4948 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6332 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6988 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6076 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=888 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6212 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5644 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5600 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7292 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7432 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7624 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6536 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=948 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=768 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7404 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=924 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7320 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7784 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4248 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2608 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6544 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7916 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4532 --field-trial-handle=1768,i,5140780608969561028,16544096935221375073,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96805b0c930a6ad8bec25c3982871529

SHA1
4a03b49ce220ddbcb2beb0016818f7470065ca80

SHA256
371165057745def2697b83863ef4c89518c294d00835310f795c262d9b291fa4

SHA512
f06f0ad81d065bcccac87150eadaf1ac56b553356c8383bd273bef654dc69c485e2a19941d8af1a9e3ba5f837601605d42c96be43f347321baf67112015ad029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
63ce459b7cb526b7e8cbd366eb098094

SHA1
e7d78d80542508362a5f74bd635db0dd7000ba55

SHA256
1a87e0c25dbb277780fcd761d548e2a5009e23d1e6d47bbc49b515a268f71c74

SHA512
9b0968e58dc2e54e8da72a3cb0c6536b9ebf9532d5eb7a5734701c18269746504212c6689c86bbb25dd3f8b339c5829df938f113ddcd87e9729319f42a421787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
5fa2e85034ead67c3f613cfc46063d64

SHA1
ad8dc613d98e7ad29f87faf96065ab928cc64e7b

SHA256
5ea4328a95bf560e3a2d06729d1041a840f07612048afc4513828f2ad3ce2c74

SHA512
69b7750b177ac3047e2607f1beb5ca48f58a0352b809234f3c921baca93a485bb84905b50aecea965b3fe2eaac709b7e3684b0ea07ff9aa9dccb15d903b49357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
22a0d744c7f0184f4577f477af9fe567

SHA1
622ade88c59a84bca9545a419bd21c02d3c5734f

SHA256
e593c5022cf35235f312a4a496057370683c27c142bf192c12615716acf28c72

SHA512
c5900348b8f8b8d9bd3fcffc96972302ff865c4097878297f6db7b06da8b6243c2ec1985b3e838cec074f416db064c6c2477dfb70aa8c7137a926ed00f6a4271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
562dd1a9476ce97e383f3292b86654c6

SHA1
09c79676d8a5b87241a4607b2bed902f3f123afd

SHA256
482cfac1829244a20945f10c9b683309c6e17ca25255ad515f5c6f070bfe68b6

SHA512
ff177f95845de63d700f01cfdb08ddf7add27bdded95f3333d3b1e35c90bdf13aa49dfbee06d648fb4bc5407b48e59a198352a076c1cd4a2cfc131cb758d24fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
06e30453b6de7d38c59814efd149c7cc

SHA1
a7de14be3800f46b39ff2505eadb01fe6b779ccc

SHA256
d2188dcb2918fe38c13f8a3dee63dc72af4eb565274ec5b7226bd12eda3f925a

SHA512
0d2a9b12d13fb75d9c48de38986d5b9f3e630e6cc7c1437ba2148b060f93e7cadfa9139f4491cc39d4c10c2208f739366db604c46ac4acbe07932f95fb58be94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6cd8c0e20aa326b8d45ecaf54a2e8534

SHA1
9a75984234cec83dd1b81898a1f1ac7258b37149

SHA256
8b2836e3b30348a32d2aa199c0849144902593378f740e5e767ab8ef89be3832

SHA512
0e61fbb304f33718e38e9ed23f8fe1226343864012ffcc4394bf1bec082fef8c02c677c386eb4d66e81c5a61ce0fb25ca22ff4e56c3fddd198813a2d9e2cd0ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b4c9e8831e5387892ad785da71f0ba64

SHA1
3f7b71f1a52289fd614d8f088621f49d72019de2

SHA256
742f8da7286d544da83d5c9b7d3eedba7357a759feb086b49be9abff9333a999

SHA512
0ad0aeb6fa993202248a33f89ea87bdc93ea4849300612f46333987276b363a28783eb85b8245264efb2746aad37144ea98fb905acf393b5870d4d4009b28a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4f5fa673a6d2056d473f37e20a779a8d

SHA1
df6ea5029e878cce2d9682e369da862b529f3f1c

SHA256
f8059bf3d079919177b8b29d3052f195ae2c68d53cc59f54e152c32c150a90bd

SHA512
1a09e77c26ec4357ab4c339db089a4446eb91db5472c777b014e8539c1250f1289ba2c004097eb036f28c09548dddce37efe824d725a212d5c91e8e36b2834df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d1fd677acc59a924a539ded750cea518

SHA1
c48e4d3eaf46fe85cf86c2c1af9af17f89d0e043

SHA256
2946c460cecba3bdb49e115ad99ed0bedfb9efe4e4cdf7f7a5b3ca3ae42b3b84

SHA512
51d9062072941f39a2a7e8415b203574d5572f939fbf93fa39a5fccc2faebe394b1e5bc1c7e7dd71bdad734712b9064e26efadb6030a0ca8c3f7bc1c0a84aa04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9830b4afb355c73595a4c98fa5fcd82f

SHA1
a37fd181c074bda5427c9b1e7e603dad1c05619b

SHA256
22be9b0f40ba13466c6ec5638eac97abcd3bb1c78f424800c16693206c54b2e8

SHA512
c78a2dd92575b077d927535bbc23168e48bb5afb5cfc27aafaa9a26d80333baacbff826576a4dae1c1ed4281c11413ff8c7a1af6cbb45b79dc9b24990efcb423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14b45d7da039bbddf7489d01f102a4a4

SHA1
742731a03fa9b4b69e46306e1c1b1f675b7d19c5

SHA256
7e14eab3162646a96e61ca466d4b4355fe2871c22c649a8e53f8214f50bc3741

SHA512
fd4f01d0b09ffd0cba516d290a81a9bf1b10b4b22ab06173f3fca818eef4104de9883f867650096d276075c5a53543b8b5856c8ade25237ccdee51790bddd59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d16a3d8556eb9d679e91569239b06e9e

SHA1
9a8ccf2a03ab880c1dba8b35260d05385b52b8c3

SHA256
b4c3767051dd8851370665795c82811ac23dbb79e5fde1508ebebce513cf1eca

SHA512
f09e3475b79a73b7b1093d8cc7003701b36a30cd67783329034eeab1ac41ac42bd432fb5e0907a9387f27b0af013faae28399911ae6b67cc4eda269bee2876ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78c14fa63702f7abb6c877be90d96cca

SHA1
b5e7f55617aa409af755df7c9ac638f199b28b73

SHA256
0f495ed7f06c26077d93ce8561d375384f93f7dce154d2480af298e622c5cd49

SHA512
0a80a1852dfa4a6d6cb2ea670f69c8176a2e9b8e55b4fc2d561f0acb674633fae6ac03995ffbdf2450059f942986733484695528514ac1578321f9ccfc9d642e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
45f9c8cbac6f211d344af26b2c75b6ce

SHA1
1c14df9f5d8c3e93dc1bb087945bf98176fbc631

SHA256
0a2e588c0a4271aca49c04c79a4abca3d1b28a1c3820207369edb28329094568

SHA512
f2238e0b4d5c666a6d61c41f71d37b55ad33943954e7c2b2715358be6a5bd889414d5aa85256387d07bff2aff07343c0d9a170827d5a3f8024fceedd7e146c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
57c53c974a4bb77bb6628b1a5289c1f9

SHA1
e1a785f424c026695b0c34452e27f3e21dbf76a1

SHA256
d1f5aad79f111892a967319ce7bd085791d285522bb76877ca9be1b0f39d0fc1

SHA512
4313e4ef215a8f23781933dba0f1aa8f04b9c44d1a793bd8d2f9e4768de495b58ab12ede2fb81217443d8f93513db2a6081e96b871dbf6440f3ab9fc1482ba40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
25b52e28cf82145c96c3ead6660f0dea

SHA1
420dffc53979696b042c886375fae3e4f963a859

SHA256
00519e5267923e789024939530eeb32be2a100ae70391de80061f1b0bf49d51b

SHA512
e90aa132e24a8fbdad1331d39b98db0e949ba0a805fc407fc34f87407feec8db849761a9b2e18c93c09184a56278f847e1caa25fe0bf3906889012c98208b141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
dfae8409d672eaf92f32917408e13120

SHA1
9c11d75201c49bde296b33d7faaf669a9d947548

SHA256
edf313a7256296dfaa0178f2e090b49f3f0b8d0a31777e03e64979155ddf5a8d

SHA512
107e8958af166553645871b69e7f7538a1de76b23a3d87447a837aa6cd947c3fa70443156b17c2ab45d4d3e0e8971d1c488e0fcbd3a15401407f0d13472dc3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58311d.TMP

Filesize
107KB

MD5
948e00d2a9f0f68d3094a4c6c8ea1e4c

SHA1
a84d022b7e08ba62625b1df5bc75728df9849e8d

SHA256
ebead37c820711d00f8db93e77dcc67bf4454792e7fd1783e12e9fa56f0e161f

SHA512
3cc66457ad542c2ce45b59b884de95beb99338fd3aaba7e34ba3cfa35b6277a3d7dfa5804b723e0a59fb7fe5c44ffe785315136cd5dd53b361c7dfac5e6e67a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
b2a1dbf048cf4d95e5aa7d13e914dd4e

SHA1
a29aab32552df876ffd78b30cda6c6e92b90df2a

SHA256
42dc60ee7afbdbaca4326780bb918ad15a9e17a4bf8ae0b34c891b3635f75636

SHA512
f9ccb68f89cf7114212cd2e7bb106118fe11645484db16ef875d3d4bba02dcef7dcc02848871eee5850410c54e557a69d4015fcd4855a4d5e33e9611b58460c4

Download Submit
C:\Users\Admin\Downloads\Zeckis drumkit.rar

Filesize
48.8MB

MD5
4d39e5010ace773ef20f1f5fb29e7552

SHA1
cd839f87ad7660a231e418b5c868e48ec9900319

SHA256
33616e080026ae83b335df6b42814ba56adfa7e4b4553525350e2b5cb02a6a73

SHA512
8d5bcfc892a63ff5798100cbe8d7cd1d1932a1b4818245aef7e5d0d8f2a1e8daf06e609a7395cbf81172473626c7a095d10e934e134423dc81df0ed70696dcf4

Download Submit