hxxps://getdstudio[.]me/2307?dpl=https%3A%2F%2F1soft[.]space%2Fen%2Fwp-content%2Fuploads%2Ffl-studio-21[.]1[.]1[.]3750-x64-portable-by-7997-multi[.]torrent&extra2=FL%20Studio%20Pro%2021[.]1[.]1[.]3750

Analysis

max time kernel
120s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getdstudio.me/2307?dpl=https%3A%2F%2F1soft.space%2Fen%2Fwp-content%2Fuploads%2Ffl-studio-21.1.1.3750-x64-portable-by-7997-multi.torrent&extra2=FL%20Studio%20Pro%2021.1.1.3750

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe

Loads dropped DLL 24 IoCs

pid	Process
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3296	3780	WerFault.exe	111
3380	4240	WerFault.exe	123
4924	3316	WerFault.exe	126
992	2172	WerFault.exe	137

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660484001979717"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe
2204	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2204	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe
4424	taskmgr.exe
2204	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3780	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
4240	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
3316	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe
2172	FL Studio Pro 21.1.1.3750[YZMu68213k].exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 4464	2224	chrome.exe	84
PID 2224 wrote to memory of 4464	2224	chrome.exe	84
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 416	2224	chrome.exe	85
PID 2224 wrote to memory of 3236	2224	chrome.exe	86
PID 2224 wrote to memory of 3236	2224	chrome.exe	86
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87
PID 2224 wrote to memory of 2824	2224	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getdstudio.me/2307?dpl=https%3A%2F%2F1soft.space%2Fen%2Fwp-content%2Fuploads%2Ffl-studio-21.1.1.3750-x64-portable-by-7997-multi.torrent&extra2=FL%20Studio%20Pro%2021.1.1.3750
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8291bcc40,0x7ff8291bcc4c,0x7ff8291bcc58
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4972,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4700,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,1308453987994820428,2492001548755607969,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1684
- C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe
  "C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 2288
    3⤵
    - Program crash
    PID:3296

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2116

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4424
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /1
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3780 -ip 3780
1⤵
PID:2544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4740

C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe
"C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 2128
  2⤵
  - Program crash
  PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4240 -ip 4240
1⤵
PID:4664

C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe
"C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 2160
  2⤵
  - Program crash
  PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3316 -ip 3316
1⤵
PID:1972

C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe
"C:\Users\Admin\Downloads\FL Studio Pro 21.1.1.3750[YZMu68213k].exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 2148
  2⤵
  - Program crash
  PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2172 -ip 2172
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
eca2eb6b426a81bcc497da2489de2f5b

SHA1
777f4c7d21387283ea0e24e94cba400e823cb44f

SHA256
dece780c90983f246b3474285c665a2cfa2d32eb0a29d4229225ca0734635078

SHA512
bd4b4466421bd6134fab9314b7e7c8115815d13c26b3e6f5400ba1e7095de15b6ed5602fea1fe391f93b773cc753868d3d564e44183ccb7606bcd59485365080

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
68810b67e17bbfae59f7900f10b42f4a

SHA1
90d5a7d868edaa5bfa63715cebb1740767990080

SHA256
63b810d23d6d66e6bf0a7c47adcc3f89852cda86ed34b9f09bcd8d539e18780f

SHA512
9a63de052d3dcb2d48267a7eb60e21f70e97e898fed33f115207fb6e012b720ca8f2a1011f0f0aec8c0bb736c682c132c90e6f03a3fbfc34c574b8a0fa8474e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1a5757cfc2fc0be67d5d6fe730643881

SHA1
63fc0a8d207922b57f65ba113f1652570388b099

SHA256
0c1baad93f3369594af33592fab3cd44d5b4cdb3a8656426e6ad2a646c077e7e

SHA512
61d615adb2490991a00b740387b5822b62ce8088d99b99dbf8e75dbaee7d91d2cb69e7798328eb4a76e9dbd438c949b4b4309891fa2f1ebed3c3848671c199fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c614afe3a2063f9eea9a13ebc1f70b87

SHA1
afa3b02a5423314633b9dc1619daa78390f701ee

SHA256
1b053e1b702691c8bbde01a857d8b99f5b2f5f1ef884c711c20d991711fd8359

SHA512
49d050f3e91552f07cf3af9b393591e48c0e931caff3b90486ef1a5cd719fff98e40068056024df82a7814c59d20a7c72e1fa9bf651d11304a88738e58c752d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
11322c5d09885503134d9600d3d8f0cf

SHA1
2e336b307d5e0e91813a6926e4bac85280ce72ec

SHA256
3c66611e37f754d7f0b20684e7d551c8e8bcd220c5ab81bec03c11309050242c

SHA512
57dd32bf1d695078bd90be21f497ed1d7ef6f09871d4d847d883dcacc4ebb2f22d53075f929e5b7abbfefbe0ef63374e5356f03e9f7b33326f003219695284e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eee30c93bf25f99920acf4fc06948210

SHA1
5dcfd739099a53274cb7724fd509548d1c462751

SHA256
897ff0850300faca6867944bd500dd2d316c99be0297cdc2b624c0e7ce10cfe4

SHA512
b70e04f25ab6139a87cda22f2fbbbe16cca0a517c51a8aa9b311cac2c9fa5b0b9b2e427f6455477efe9d184cbc3650763f8d38739b3a6a76eebf447d4d2d5534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63eb265f5effdc836dbf24d4a6dc1e15

SHA1
0db8a6b4e7b74528bea5ab6be32b63dab396746f

SHA256
5f6b9ce9a453770b947e3b4ab34a09f0bd9a241277300d6efb7ff3a8fd33bc68

SHA512
830c527c1b12147cb67e2bc7407337a7354deb1179cdd1f6a6ffdf91cf969997eda1ef1924736abd25b9e0e95081b2e0a2dfdd900bb1b3cdb144b05f5c37a20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98d9b7258b700b2a4bdf95fe74616e6d

SHA1
4dd46a5c5684624f25c14a916feed2a2e5f0859d

SHA256
61811fd8fcf4bfaf10ee6feb025a19799f299d0c5f15b56245caa7dd6767749b

SHA512
de589263e6476e8896f0435c438ba648c1754a82115e74d6e59c16fd4e714b7e3896e000c21e986467ef4183013c698ce132a87f5ae080bdf6574dd2a45263ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6956e98b8a00fdea3753db91ac18190b

SHA1
1e6947f768d6f1887ed360d81edbdfeed458565b

SHA256
d110158d8def3dc984ac6128074b1bcf39281fab76c82c619ff177672b1d2fab

SHA512
358ad6bce9de73c412889b72c53c00832676b25b300256d9a82dbbd0cab1d6a0276daf1706470cbe990f3b6c5cb0d662dc706234a956bac8dbc14cc600a758af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
8fd365e4a8cdfd43cecb1f1877a30bee

SHA1
87b96a2f4acbb8a5aad4062824203d101cd08d45

SHA256
080f3378aa97ef978c99c4fb504259a124490a51c480c9ead155ce592cf91318

SHA512
aa19ccc2a694d2a3c2dbbd36b82ea0f212e5fc4636658cd96a420c3b0a6864127cccde061b95401d033e528d01c3222b9ced0adc51c5cf30a45b96bca1005ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
f5f938305c5e46b069ae5e465d89c8e9

SHA1
2c516dd2cdd0eb7c404c842400fc070a7c7d90f4

SHA256
4a833505d7262adf6944fb9730a3739c37529a172182cb16864a3de39535a619

SHA512
78859c63bf8885b94f55fd1f15fcaf1d71db7eb054a480f72d54f1ce9275d19270e427a60184bfff998b3cfd9ac5b0c901bc4b61b31e96ead2bdb6aba1e55488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
b348fc5e3b06e4ec1e103af868624d81

SHA1
316cc8b9b21cfd342cee3fa5fe629e58827d0b20

SHA256
cf157e5f395cdd97aec5ee6295b5a680de1e410ad691869fc9e268972e801968

SHA512
95b003920da108e948502a2aea4dc92a6fa47847c9abfb33b0fa7c8fbf93ebfdd6dedbe30088ee9c2a661169c8590bd9e495d4f517b41e4b159b9ae137e589f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
58f113354b1cfb9af1ea419ddb4db2d2

SHA1
c0fe51f1b2ae27ae56286e3f2d91bc95076f1c0b

SHA256
820e4821cc4d4e04c453794e20e66beb391da28e0470c0902233d997c816355d

SHA512
95625432398c5059e2abdb3999d1a627e8d2bdb370ace33f50dcbc625132459f1c2a463e3d741281fc40d0e812faef87c3b7eb0b0934bd1cc8483febde8cda96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4FED.tmp\modern-header.bmp

Filesize
25KB

MD5
333fb48abff34fa90b58d069caf326f0

SHA1
096b152c02b507f048b4f1671679b0fa7f5ae0b9

SHA256
905126b967d3ed24cc54234487f99016167c61a9d66c433acae24a2b3880d44f

SHA512
f253331d55be6aa70477673ca8793a18170a0812b2aec25d4442254dc20846694c2061ed71cd7196b0fd04dc65b1267e6dde5323723a8d6aaefc1164b067a121

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\ButtonEvent.dll

Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\System.dll

Filesize
13KB

MD5
bc58b916e22d2be2e5f1fe7108df133a

SHA1
6b8c899e946e37e5c272bf09eebe51593f4a651e

SHA256
d287d15c333b18dc23377a03c6b3d95f0e8992ac2a05add56d5b82070eb8e658

SHA512
9a209591f70c8d3544a03f8e429a5a2aa576c8a36c588aca2a29877f041815bb7fe46467ae44ab52acb087011fcda77d89b01eb0dbe478be4bc727cbe8085851

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\WebBrowser.dll

Filesize
89KB

MD5
217d4d87b8bebfc483d9e3c19eb78603

SHA1
c91f732f8f779a5eadcd8cd250e0d0bdaf2132ab

SHA256
a2db50d7d93c1f6556a6c1574a712e060099e14638626493ffa8385602606043

SHA512
6ce02b74ee306cf7544c0d7b0e4ef9aefb7e029562d5388feb8b66c5490e57449a01ba6ea04202898ee5107d6afc779329c0b2ee26895c7d236c3edb0a91bf93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\index.html

Filesize
1KB

MD5
87dd9e85b862bdaaa3638d7d80aa2fca

SHA1
b963cf0c3169c2048c8226a72ff61eac1527c20b

SHA256
b336a9e296635fa1ac9b2b4466edf72ed2640d519b4974893a8ab37dd5a248e4

SHA512
ae74800ae5c8e900fdeafd40f0ebd9eee2ffa1ea920ea8519efe0b39d666b4ea2e56456d4bdb0dec98b5ecc4b41bbed08a878122f941f210de3b9269f355fd3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\nsDialogs.dll

Filesize
11KB

MD5
80ff0bfbf6863ff8ee124dabd18de88c

SHA1
c95a73a22459131f9e7fdcad16b34e29b4088437

SHA256
3668e66fa10df59db771ee6d81b8075a5e9bf591cced779bb146ff79e55c8e26

SHA512
8261fda3f5b93d8c788d2ab4784b6e3eab398122647be10ef2819e64a19e181ec63c42b29cc07e96592fd305e7d58ab385fa09e93b52c715568fb6da1fd3e41e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA44C.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx309D.tmp\icon1.png

Filesize
714B

MD5
2abecf83f367e5f015e6c1da85fb78db

SHA1
313ea4280e9362076a071f322bda3e1049758ea6

SHA256
d62325083cfa49297ed75df8928ad3010ef650f1fccd899000dc336e75bc8601

SHA512
b12d0bf87d182b6b6bd76b76cd05c917ef64828c91e8377acf5fead62dc638e845e1d64e7c45eefd663714ce688f3419dffb51818e7725f60e6ae658a812e77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx309D.tmp\icon2.png

Filesize
564B

MD5
643a1150e8eca4bf46a2ffb95cca3e73

SHA1
efdddc024d4918d6f4f78ae20256e260ed59d9a8

SHA256
854b0cd099e88c8309fda0ed6513f46c19c338627040eedfb9207dc16e465e4d

SHA512
c20df468d597a2f42ae1c5800c89bdb132636fd192bf5e79a7959489d292adbb600aa1eb7c9cfa002158b8f9012a4db56410f5791ad17af0ba534255c70a086f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx309D.tmp\icon3.png

Filesize
553B

MD5
be2b9bf2e907df8ac60d230332865d56

SHA1
0be743f70ec686ae1ecc44a13eff4134169b5d26

SHA256
471327883276ce89c0933272adb33afbd43d6c8f6cca7aa7be6542eb91f9f2cb

SHA512
59f16519d7be4c63b24bd8ae40633b49b4798d96be6457b3f9c6204dfd23962bde47effb910a673e9f8d073be301f8eec3d324484e568845770e49b4b910a8e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx309D.tmp\logo.png

Filesize
2KB

MD5
a7474995dd01516cea41c16f7594aadd

SHA1
0f16fe1dd1d5b4bbef066d66c7c34eb741f20600

SHA256
6a143a7e5deaf0f15616b89b3f22c96d053c7ecc89e178fb2c991fbb9eea5284

SHA512
780b480eb0ede1a1d30355cb5ab28a55e9ca7bb9a479a99c40685acf03c4ab33224b8d77c0b03563368679f10c781fbe503855b9c5a49e0a74e24a1ad1a90218

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx309D.tmp\mockup.jpg

Filesize
28KB

MD5
34bc65d661ab1f432abb5fe4b1991d4d

SHA1
3fd34094033a1579a55b52a99b558f72a5587f2b

SHA256
1e4f6573dec9e8d88bc3add573e1042fc9c4aa32b38ff3351a20be40b0e1ed60

SHA512
00e79640d8c234b097eb64fe5a5348c3b4d24de3f3b5075b19d77cf6ddf09ca7e36c0af2fd14b62a550fef7a19250fff005b49ca0e2eeeb79397dcf44dd43bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx309D.tmp\style.css

Filesize
1KB

MD5
0fa3fa896ac8466af8f924dd20b1c3c8

SHA1
dc30bbc463231b1c0e6c165aa2b1db9e2e687a5f

SHA256
42cc58c1fdf90b50d1d69424776377840301a4b20b35f4c00151903f0978d7ab

SHA512
e5a59ca224ca699479984afe4a1ca83f7f35f3c0b08a2ad3b35b5a02f2f196e4f2cd09520d853b34ce99bbeef5c4ed435a8375c5dcfb3f1b836c8af9b6d8b678

Download Submit
memory/4424-242-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-238-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-243-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-241-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-239-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-240-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-244-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-232-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-233-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download
memory/4424-234-0x000001FC07F20000-0x000001FC07F21000-memory.dmp

Filesize
4KB

Download