hxxps://drive[.]google[.]com/file/d/1xjC9O8xs3GK0rzRAEo4C23ILbeKSwk-5/view

Analysis

max time kernel
1050s
max time network
1018s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1xjC9O8xs3GK0rzRAEo4C23ILbeKSwk-5/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133480629837343720"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
456	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 4072	3920	chrome.exe	42
PID 3920 wrote to memory of 4072	3920	chrome.exe	42
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 4168	3920	chrome.exe	90
PID 3920 wrote to memory of 3248	3920	chrome.exe	94
PID 3920 wrote to memory of 3248	3920	chrome.exe	94
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91
PID 3920 wrote to memory of 3180	3920	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1xjC9O8xs3GK0rzRAEo4C23ILbeKSwk-5/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ff8d5f19758,0x7ff8d5f19768,0x7ff8d5f19778
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:2
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4876 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4032 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\FL Studio Producer Edition v21.1.1 Build 3750 All Plugins Edition.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3776 --field-trial-handle=1860,i,8697237503547738844,11120146124937824945,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
78714f0cc0652fb93ce3126c5f64dfb2

SHA1
64b138f8883816bef2e5a7601aca49bbda9649eb

SHA256
418bcf49216a6e4f23289dd6eef8ab6e3610be03cc167783eb1f5216d02d16a2

SHA512
92898723fee2b420cc033926a50107b131c402570107dbae536899d6a885e094cf6b0cc98cd12cc1275b1bfa95565ef90514afee5e35b978ededfbfc5edacd2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
32222d5f6a4c9ff3598c4b23b3a6ed46

SHA1
995a5d602ffaa693e7b3fae2092d6eb539106187

SHA256
ccef6db9855fea0656e53d5c24aa9535aa5b0d587ce99ebd63847eb0bfde5e97

SHA512
aee2c2ceeaaee82216dfc4215abb43b3e88e986a715f50a6f5aa579058300fa4ee39b3309e7731feea0c64251d0b7eaeadf1521b22837b58aadfc721664ae0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d315c3b8cbe04af7210479dfd27d999c

SHA1
36305f7d66888669d6f9cca08e3980509a3d32b1

SHA256
ee0d61cfb1a2894d7141326e6e4ce6594fa7f7be54826071c1c2683b4d158260

SHA512
ad1d2853186c863b2f5d6a2fd9079f149f4f80444522b5bc4a93525fc1e6aecb36f35a915a3eb516334179da1dd7ddc3cc8a1a37172c27027f4af1d4a250bbb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
15095241de276747e98443e16b346a94

SHA1
d389abd1943062b6d007faf9938deffae957da0e

SHA256
8bf052cfa0517c80cfa0e3abcda74943150d0f64cdde4536f1cb6c935d4eb048

SHA512
803eb088c6d99b6bc987ea0c679d2e8c2012717c05d8a095f56c9b3844c95e333edef93d6fb9b290f518d6887f4dd393c9e5bf5ed6b7e3316a5a1c8704304fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1a6cb706324a1d2b069b5f1eb7694ec7

SHA1
87d5bd44216d08153ced1d5a0bad062f6e6746da

SHA256
c47cc2102dd461ec9faa751b35b9a965163fb10c21128ae15a8e884153d4633b

SHA512
e28eb5916812577fa8b693246f1f5fa6771d893e905da866c91ec671f20ba40c2a124b3c8720bc3aa84d8b83c018512d73121d4046b78b23f5a57eec62b356a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44e433d2798479bb9e82265fcc5705a6

SHA1
f13a993c517729ebee28e5cd9ebe58187f2ee0e2

SHA256
4f65a353deaf6408a6ebcb62ab2d2181b4d4231380e6b912471607e4d1c36647

SHA512
b740337b4f26ada4fa4179912ce54fbf5d8bf9aec2719354de0ba7ba3b1cc5da3015522e76396c5bb750ba12b64fc60ba517c406db046ee5889173f7f4b44b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6135766121595238833278760586ab87

SHA1
b1197d973f82c51528d69a4d7e82653ae99d0e76

SHA256
d9bcbee992b4eaa31ee7907a391993f6c2043316fa5cccf5bd3ca13c79229348

SHA512
5f07e428af6b642da33adaa854bbfa8f687598ffc33fa1683e9d271bb55273946c678561b8e7f5eb02c848f1ac7b1333b0c2c9bb27a04b4244fc193a9b028289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ded192f1bfc16a6f20b9100119504ff

SHA1
0b4be31de72e4f6f4a4c265a1eb7d50a7d19513d

SHA256
43c2196002edbf79e259fba14f0ca47b961f5bcef0404f7962ff1cff66329ae5

SHA512
ef46625534893d6801b45e42df6159a10534940d5b7762e021f1c29eb3c595f990bdcf5478d353bf4ddc446e0516aa3b3565829dd6d1b7fcfd23bcf9e49b005a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce0c98339f68e50ca066b67fc1ae6403

SHA1
56eff77fc1123ead1abe69d4f5cc503e6c15acf5

SHA256
0ba582e3b441d73785c9c7e078a68c1be7c70dbef4291dad672e2235f9607204

SHA512
0ec221b07f1d1a8f8c37f40b0c5b681a6cf2a215c697c3496acdced5976ead8507e642ead9e99cb0e790475c88f4f6c22b4f1721c3604e1758ef5491dbe42689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8d7eac13ca9f20b0da4e92c7f9e88143

SHA1
66b7446db1800e94254b4db6865a64376b3fa74c

SHA256
e5b21ff91f06d951b92c5e42ad0b2dfa67ec2e5211a2415128efe49eb2acee3e

SHA512
6d94bdea5422fe826533d1514b24ac99a3a918253a5430c5a1e1d9c9ffa8f6baefeedd4a3b7504bc3dac838096df8a5f616a94d69ec34084da198074981458b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3cebaef1e94c02eb426b7ffd336c19bf

SHA1
20e4de4b14ff1aaa000ad27f393cb606db4a1651

SHA256
a42ad82110161541cf2491b6207b4807a0abe371b7d6e1035e036bcc486b5d08

SHA512
a9039feae110ee58471601565ea794beb5009c1ae1ecda53ca8837208c878046e09e2a6936d6bdf97865c25e83f96f6ab0788e6c387f0164d407c446fe1e00d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1e93744d6f3d0a551e1301d527b19415

SHA1
91886351b8105e0b057b898be81336e7a13874c2

SHA256
679635984fb1350b2ee085f32d95b31b1984836176597db6fd54ebec80de561f

SHA512
f84f01839ec25fc6a882076e422f8f1b0eeb13687540aa2676443ef69a54a809c5a0bb19a8933a481d780626abc31e79a3d516acd6ebb7e25e30907cd9bd0778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
70ef4852d31f69722002da83432e7b5b

SHA1
50bcadb33377ecbcf71798e25e5be327b23e352c

SHA256
65e77b487b5e92f1ed448e1901fb3d4cc7cd0da0b472afb2e6a486f72152b502

SHA512
2b4d884c8a015fab357e0e5c2749b8ccc1b1690e832da02dcbd1d5b6cec206685351b5f215661f68244979959a07a496adfaa0095670c78b0ff3afa27bd8e54e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dd7a.TMP

Filesize
103KB

MD5
ad58a4ae30c75a74b8c3870e1a2660cc

SHA1
30886f34771ebaae967dd8370b9eec2ec2a133f8

SHA256
76392d567edfb1bcefd33f19668535d0fee316ef4e0b10ff42cf683604b6ea09

SHA512
821c35f03234cd7821ce7a12c3396a2b550a80d7919b6a5c7f2a3db55ce1172f2df17a773d2720086bbec15c32029d4d11df0860b5c1ee97465e00fd3dfccaa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\FL Studio Producer Edition v21.1.1 Build 3750 All Plugins Edition.rar

Filesize
13KB

MD5
e533993589dc4932ff766d84e8480957

SHA1
ae05d844b68110ae74f98fb82a7766a9c2b32cc8

SHA256
9fd9b5dbd3703852f63a5aa6a8a7a46cab165289ee0672e63d9441033525736a

SHA512
19ab19981d0c4fc79750b1422be77be83303d90b627adbd5bb76344c0475c0facb3b14a091ecb0f5a206e8b62b93eb8cf2e7ad3ce71757f18434f65c15a02266

Download Submit