hxxps://drive[.]google[.]com/file/d/1w73Tj2CNmWBL1YksudBVhMr4nrcJssia/view?pli=1

Analysis

max time kernel
257s
max time network
257s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-01-2025 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1w73Tj2CNmWBL1YksudBVhMr4nrcJssia/view?pli=1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1180	flstudio_win64_21.2.3.4004.exe

Loads dropped DLL 31 IoCs

pid	Process
4396	FL Studio v21.2.3 [4004].exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe
1180	flstudio_win64_21.2.3.4004.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Image-Line\FL Studio 21\Artwork\Wallpapers\Browser.html	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Channel presets\Automation clips\Gates\BasicGate7.fst	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\WiseLabs - Nahash\Bass 12.ogg	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kicks\RD Kick.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Groove Bias\snare 4 v10 rr1.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\MA Minimal Kick 04.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Hats\Clank OH.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Rock Kit\Snare Side HQ Rock #7.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Jayce Lewis\JL Snare Top Baggy 01.flac	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Rock\kick_oh 10.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\Power CrunchKick 13.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Impulses\Guitar Cabinet\IMP Cabinet Model P.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\Asher Postman - Future Bass\FLS_DontStopNow_Edit.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kicks\Minimal Kick 44.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Funk Kit\HH Pedal HQ Funk #2.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Cymbals\MA Bash Cymbal.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Percussion\Volt CleanClave 08.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Rims\Fracture Rim 18.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\Umziky - All the same\GM1RideBell_03.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Cymbals\909 Crash.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Groove Bias\snare 5 v12 rr1.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Claps\Attack Clap 12.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\Sacco - Goldener Schnitt\Toms 006.ogg	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\Attack Kick 39.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\MA Croak Kick.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Channel presets\3x Osc\Square.fst	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Hats\Stud CH 2.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kicks\FPC 3 Kick.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Groove Bias\ride 2 v5 rr1.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Metal Kit\Tom 1 HQ Metal #5.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Metal Kit\Tom 2 HQ Metal #3.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Snares\Chromo Rim.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Impulses\Real Spaces\IMP Public Swimming Pool 1.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\WiseLabs - Nahash\Kick 1.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kicks\Bracke Kick.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\Attack Kick 19.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Channel presets\3x Osc\JrBass.fst	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Channel presets\Automation clips\Gates\BasicGate2.fst	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Channel presets\Automation clips\Shapes\Triangle-8th-100.fst	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\Bombs Away ft KARRA - Awake\KARRA LEAD VOCAL - Part_2.ogg	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Hi Hats\HouseGen OHat 15.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Hi Hats\Power CHat 04.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\HouseGen Kick 24.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Groove Bias\kick 1 v7 rr1.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Hi Hats\Attack Hat 11.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Impulses\Reverb Devices\IMP Evnt - Cellar.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Jazz Kit\Tom 1 HQ Jazz #3.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Rock Kit\Snare Rim HQ Rock #6.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Rock\kick 24.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Percussion\Grv Clap 02.wav	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks\Collider Third Kick 02.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\Seamless - Menagerie\Hamor Bass 3.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Rock\tom1_oh 30.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Foley\MA KeyPot Shake 01.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Hi Hats\Power OHat 20.wv	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Kicks	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Artwork\Themes\thmLight tangerine.jpg	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Misc\Used by demo projects\Umziky - All the same\Reversepiano Penta.wav	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Jayce Lewis\JL Tom Direct Low 01.flac	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Foley\MA Ice Glass 02.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Hi Hats\Collider Tuned CHat 02.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums (ModeAudio)\Hi Hats\Hyper HouseParty Hat 03.wv	flstudio_win64_21.2.3.4004.exe
File created	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Channel presets\3x Osc\Brass 3.fst	flstudio_win64_21.2.3.4004.exe
File opened for modification	C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\HQ Jazz Kit\Crash HQ Jazz #1.wav	flstudio_win64_21.2.3.4004.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FL Studio v21.2.3 [4004].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	flstudio_win64_21.2.3.4004.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802542829379254"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Image-Line FL Studio Producer Edition v21.2.3 Build 4004.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4396	FL Studio v21.2.3 [4004].exe
1180	flstudio_win64_21.2.3.4004.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 2492	3332	chrome.exe	77
PID 3332 wrote to memory of 2492	3332	chrome.exe	77
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 4064	3332	chrome.exe	78
PID 3332 wrote to memory of 2096	3332	chrome.exe	79
PID 3332 wrote to memory of 2096	3332	chrome.exe	79
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80
PID 3332 wrote to memory of 4364	3332	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1w73Tj2CNmWBL1YksudBVhMr4nrcJssia/view?pli=1
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa748cc40,0x7fffa748cc4c,0x7fffa748cc58
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:3
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4560,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5344,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5500,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5116,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3672,i,4884751419948826,16044413053823051625,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3420

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2608

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3276

C:\Users\Admin\Downloads\Image-Line FL Studio Producer Edition v21.2.3 Build 4004\Image-Line FL Studio Producer Edition v21.2.3 Build 4004\FL Studio v21.2.3 [4004].exe
"C:\Users\Admin\Downloads\Image-Line FL Studio Producer Edition v21.2.3 Build 4004\Image-Line FL Studio Producer Edition v21.2.3 Build 4004\FL Studio v21.2.3 [4004].exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4396
- C:\Users\Admin\AppData\Local\Temp\nsqA73F.tmp\flstudio_win64_21.2.3.4004.exe
  C:\Users\Admin\AppData\Local\Temp\nsqA73F.tmp\flstudio_win64_21.2.3.4004.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Impulses\Exteriors.nfo

Filesize
29B

MD5
c9e2cc184f1dd73cd5a66abcd8c6e0cd

SHA1
ccb180bc3ef502a872f88d591a90571fd8c61fae

SHA256
c5705dd82713be76cc5e4c1930589106d67cab8b6e905768a21233c77387db31

SHA512
addbac550b8d084e8fb95cf82d7ccb13acdf434b2aaa63b8e7b8bc09a9cc0e5ecd8d8121762a0de6eb69d8ac4f07d7ae9b5b0969f72d36f5b042d76df181887e

Download Submit
C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kicks\Monster Kick 005.nfo

Filesize
36B

MD5
1406de33f68d12ff32f186da3a596309

SHA1
0d4c28f3f5a9290c553a33312bd0686ddda28eb2

SHA256
f55f810b44800b37393cc2a97d85595f2a0ea3cd9c4d4416dc00c9dc8badc3d6

SHA512
143282705c3c19a24b217653b8af2cdb5378a4adb0b5093fca2643a38be74f4fbc06e9551d75f854091855ddc401fb65ae4560aa865a638346a831e7b9100d0d

Download Submit
C:\Program Files\Image-Line\FL Studio 21\Data\Patches\Packs\Drums\Kits\Groove Bias\snare 4 v7 rr1.wav

Filesize
9KB

MD5
d786090570f1b09f694aef4b78b5fb44

SHA1
bb063717c78da303499bb0239ab6de0cd99ea079

SHA256
f8c31012d32c60da332a6204133b832e610a38ba9506e42606fafc6d9b77053f

SHA512
25cabe81af1c5ccfb45de1c37f2064a4784842a1c03513a6ac59d5e5d49de684961a683d2dafa269087fe5b88b7f0551448f5a9cbd8a490a81cd30822ba7aed3

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
30acf4291ff3fdb9a0cb2fc74376b0fc

SHA1
db0afef79a345b04a9cafc0eafc7cd15ba8f2867

SHA256
0fab70fefb102dc88124796bcb9ea6dc63670794eada7410b6040ea7edf8dedf

SHA512
7173ef2bfc123fac056826c7a4098c6ac09599e313103d23353f39ee0fee2ae5a8259a5d1b6a7c160b4b413fbe76ac77bb5ab53865c3de85415c5f51869c15d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4798a5ca0929492bc11f7d151f18084d

SHA1
7e3d113ae5cdab849b6e8a02728d7f1daea86b4b

SHA256
225db6bda0bdf2c57a70a596515ce843e34cf7045b4e72a0bfd0d993a442af4e

SHA512
e4dc5b3ed4958a3eac623a949d6f1ed49590acada4578c6c79ef1d3c3333a76c9f636e44ae564874a89aabe90a4fbd76486690df6383adad6b02bd7f08d27279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
980e727e57b132f312545fac5abfea36

SHA1
1fd0fa3f35524d0caa68b18f566e6e3dc785dff8

SHA256
6210f928906a8b1efa9fe61de73c189420648bec2174ddb9bfdc9a6c816d9326

SHA512
501a2ba3503192d7b76220cd3a0e53df37733cf13e99d67cf2182b2c90f5d4d2d8747eb108c58022d8bef6168d7975e2654e4de2cb001dbe31b686fcc567201d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f26330ffd362e63eebd76c4793345a82

SHA1
c870761ec17b7172e6084efe29b6c4c2b39f6367

SHA256
4306aab78b62901edea1141905c17ab68244ae6c120bd1aee4d16631a5a98cf5

SHA512
b94600cf1af91ed2ca60df87c49715e0d4d22c88476615d76aba7a0b122843848d30601b4630aab9e129bbacd1ecb9bc0735b20d39b1fafdb37e83230890e2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9aa0b74ad028ad9fff93343bec929817

SHA1
0ad92d37d6f0d29a54b35760c47500537eb883ae

SHA256
ccf09f2717f3ec19a0ddc3e9959e86850da36a0ae5c6407c9451ae47afcd72b1

SHA512
334bd7a9ebf5ad0de0450b398ea911312b035fa15f293d5dfc8f764b92f7b254d57a3d5a06d12610dc885889014481521bf89d1194d497b6701bd0ac51960e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1931589c6b251dc5f33fadaedb13894c

SHA1
78ae64ce84cfabc0be2d6da6a01e09408c1f0560

SHA256
5015daeff9c005a78d6c6422b9fddd450269ed3c9ea06020cbc7f27ca352c50e

SHA512
081ebc043a76f57f8cea19d73522c3b4cc93b35ffca331481c45c8f397579c155d680f3357da0f06e8f35ba40a09b852b770b778a8d259fe53b9fe7a74173016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3cddcfb739fd07e595a8b0cfb8bf3c7a

SHA1
41c55fea0a47c15a30150802904ff04b38e04e29

SHA256
4c5b9a0c0b0e1e1b873cc8292e982e7896d2671cdb67ca59db6504c3a0b2e2b4

SHA512
e09327f02b1c20acc67e16cd61d185abdb8c587ae374bcf2bdff3d2af26df512cf8494fe5c264d21d8ea1aafbc5334ebf845e7a99d76f7a8574ff1522326ae6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00f13105ccaa45cb1569c6262223c63f

SHA1
d1f51487b17a7b361a24abc489f2d513de0c58f4

SHA256
a99977426cfa446ffffcbd5746db9a0ce19d5d266e96f2aa9d3f9317eb1ae62e

SHA512
762a243d38853a6f88abd09b9bb4d27b12c1bec200af86a36944cc02b8edfe3c9a367a49d8020f83761dadd193b225e5fb094edcef282ed3a36c0a1979b78c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c16f5b4d5324f545cc43eaff8307dd3

SHA1
f3c0799f6515bb77a5b0ef90b06d66c8769bc0de

SHA256
5f09b58403dedfd3e4e02a61de51a37abda24b108f8fbceba4ddc6db3bdd9c59

SHA512
639e8a2a52fa0a3d1ece5a5f80b4b5d1d8307650ba37722844ff45878cce3167f13e986bdbcc97dcb72d14860cae127d2fbdaa97ebc34298b892419603b6b978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
162fde350661c96e223e20a2e9553372

SHA1
4428604255388e992a2661e0be2d9b15ce58a197

SHA256
b5d7f65caca60b7b79ec0724bdd7341071ce9110677de81885e89f1b93be5978

SHA512
299be5236d8219acd9453652da58877cc4c925566f8b5d698fa0f058b1cef9500654740a9af88ff143df52e019dcdc7b334542645e5d63d16c11ed0e97cd95f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb101e2543a197f69cee22edcef8f043

SHA1
3b1778b6f3a852171f6a4c832db6d67b3bf86f50

SHA256
4553b194bfdfdca804674ba8b56ab24268a76a872172e2236448276ed1fa293e

SHA512
64220c81b0e315561561661c32eb4befafe69f97ef8dd003980e4696c0c5ab9fca4ccef71c374fed5de59d515245c43f66f25046153e6938e92d5dfcb54982ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1575e53d094a6c53a299cd54b96f73a7

SHA1
10a694d58ff911f7a124a523dd0f6d2b7d705540

SHA256
ea0f00c38c4dcb4130e00ab31af3c2ee9782fafb5bb01fb04677b308754f77f0

SHA512
9d30f6a60ef56249dc0f6d52a09bc6a3ad9d5e4e195a8624dc99289c8e37a573efa14581a643ced22148af2af15a24313ae2602eb3c8fe764ed0166a13824eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b46868b3694f5d1a01e9cfcb4a8dd619

SHA1
23cf75958dfa6e2f95929874b1ef56ae5e514294

SHA256
0cd737af6ca22654fd501594f5f010fbe16962f015dd62383018615c2737b439

SHA512
d6234276ca62a831c23b6174ebbebb17e04c31caaefd03212984f219b192d72aaef1aafcda4c4c74129df89e82308028ae0413a26e4ccbc956f5e1998d9e1c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1aa8dbe661c88ad3b0e3b09bfc95d35f

SHA1
d74be779a84b21f0bfbb72de60635017ff77a2d6

SHA256
9a9d1e63257b1e9d52ce9db94c806318b52a64fd4f2b8d200d00a7b16419d2aa

SHA512
aa72a8995347457c4643e5bc8c9dbed865616fea04400bb4e1be526966917f4b6be8901f6194d0657d558a763685a953cd6cf0057d9cc2f53acd8fe7932296f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4d67faa9f496644feb3e686c1ad7939

SHA1
8c7aa76d603d5194bbe0ce34423f69433d78ef29

SHA256
ea5a9251113d1d576ebb6a07c965bbc77dfdfcc6828685d5165162db64f4be32

SHA512
136f31833a21c1193e1bdce4b3f51911881b03b9d152ba43cdfae72e9bb10b7f2eb33dc436632270849f8ca171a5a7d1a2b37d623d0c2323464eaf49a8667b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5237b3924bfef3b859b9353bcb07213

SHA1
ba096a8a9e1a79aaca39fd96f43f13ae2d5a3dcd

SHA256
db0b2033fa8fa8025d94f6f48da31624906446c05383681fa648a6743abb31ea

SHA512
b8f01b6fb81f2436c68ff63e18a41821d2dd7de6fc323f7eacb1dfbe3406c948f21fbe8359883c21c01f19736412417b6fd882c34987106da54b0776d265b3b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8dd9f2ec6b2869385de9450f834da0e8

SHA1
14ce7ddc09655b108e5c5bf31946e7cd5606c6fa

SHA256
af0fe1ad2326ed24677e45e4cfb5cd45b302c16a29be91f89c1fdd56e369ba2f

SHA512
771c25d0d9d05a136c39e23c584388c552e3f0b35445aa11ee0ad1b91e9f7319e0c58130dc102db90287a28f81cb081a2d7fbd95640441b3e31aa241641b2da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3535b08e9f90db1d2147b3f6799e8e9b

SHA1
f4e343235608e8b52601b853d70cb0161fa449d1

SHA256
3be81341d4a803469192b284e12efcfb30ced0b11dd471b210740f8722e79ea5

SHA512
6ceece199855f0ef6173ca8eb3c8149f24268d7aa851ec298f1a85a12c5a141762396e15f642109d799a73383442562f07de57cf22907c113c5f9ba811dc61ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2e452f3ff93ca0ac2a33f67bd21cc0d

SHA1
a3ec4147e59b9e02a908991bfb028a6edfb34577

SHA256
8514fe3c64cc4099c40624797c5633ad5b89166111addae8acde64e7a6db607f

SHA512
6bdd74fef8301c2759722d4a858e22cdda1ba14e309705ebf776236360a32c714f73cc3bf211ef963088a822a4e85648d3766de1cfe4ec00ba66d8ffa5f5d395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
279943a47aee40cb9d7df6eb872438b8

SHA1
eeb9f5c1dc7f901ee7a96a1cd56604dc5ff707c4

SHA256
7d22feb601f2a8eec70ecc5af897661889f32c165db0d3474cb43a6f81c2ed55

SHA512
d99dc27041e74a50b0dde9315fa7102e9612c175f56fa9f6a81a510f4c0112945fb4d16b73abfe2a70dfa489dc7ab1dcc8d5727420652028c01786206341bebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1eb40e34248af25358a0c85e18687698

SHA1
4f3c89f13fdc54d7015b538910f6b29b79f98a69

SHA256
e19b2fbded5386e87dbfb711723596aac0446a53581ad71b785eba50a76b2365

SHA512
d6f728ebd5536d9fa1cf0545c9f730828f5b0fa98c263b20307d2c9e86823f05c63164e708e84ba24be36a65859d9d68b81716963cefbb29b243cfeed9e32ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d0a03b3d26dbf8f5cafb426a0093125

SHA1
2492c780867defc385106fa12ff8c60b28f68759

SHA256
dd9b752e6f288e3ca20d2891058e0e7f77b446f36b9d3d9dea2709842e7fe2b4

SHA512
14761060054c51e9480812c48d8b0a66e0032673d0bd1db88b231fa5f88ca27970443bff032f6db82787a4d429d69b1c49b7f27135784e69313ee544db0f0d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71a0a911c93ca25dec928c6f895fbb31

SHA1
559ce2fbc4ab8d8726e95bbf218e253ada9e3de5

SHA256
b59094eb95f01bf11c7ba893bf708acf639e5b824240670ec3ab774eddd2d168

SHA512
65b377c2fc69ac4826efa9be2f54f968efcca061a6ee9bc01b7d9188c6e48c560b88c048a383087e02e415a5fbb2c689a6dbbf5c20f3c2fd587bb6f7bc4ceab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2e24d7264284476cc515c44b70fb1b1f

SHA1
8a72226e3c68452633a2db4acd5b9e8efee75c95

SHA256
c65294d09719c576948b8c04180dc7e5477854b0645fe4e5d5f95403441f7e76

SHA512
6c4ceb8b32de6845cde8f8b53895a3fd3db9b4dba1154b1126868439c6f56df10a1a5a7feee1320328cabd13125018dbd185da135d52744bdd515f00db2f6a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
af0a228f12d4a23222bc21efb84c8b4c

SHA1
c48c066d2718aea930a66effc1f048ff2a2f0946

SHA256
633848f685bf5df4d0b0d1178e8a304a9503652f85847854e910dcbdcf075f5e

SHA512
d50050e7c979cd3d2aaff75cd96124d25843ffd88309d169759d174ddcd2c9450aae2cf895b7ccac19cee9fbf1af5741f8030eb9d60eaa0c3f418bfd1053ee05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9f799ed134f731abc5359574968a411c

SHA1
fadff585ab1b3edac5677d4c98bba9ee92db0ffc

SHA256
4a6772f4e726ebfa429409b3c4c733580bb45e731ededc96e5aa3432d381ac73

SHA512
9c3c5504237c0e94340fe5b2d2cbd31a74668cbfcdc90711286869e450002253e58a1db0d5c7ffc987e076a9eb817b9fc6c50a4bf48d25e6b8c910da17e63a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
dc7401ea27d3a3291750ce95a5f493cf

SHA1
ebf6d422f869940722cef756f76761957b116a17

SHA256
af2674ef6846e5c6badd404cc5c40079f5f99b718dbf4815f2a3ca8a7b99016e

SHA512
33c2bfc0d2a227d79682b56b5234eff1dd6d3838ebc1110342b828faac5503edd1a9e7ac9eaea6475bb045ac49b61f225b4cd6f4afd7a38ca41980f5793653f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\45fc4fa4-d7e4-4959-bb9a-b99573585096.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\ILSetup.dll

Filesize
1.0MB

MD5
cd50c47c010aa1e6abd8bd8ce98fb8c5

SHA1
547e445c42b39041204c012f95e146ba7bb3442b

SHA256
1ea1404b5e14ee8572575d941ef27437a534b46aa1d23e112cf40f4144cbb7ca

SHA512
f4c54f3403633167572e36867a0e99164de2cafe873505922b055b65b63809729a89ab3df092a634d18fe2fb8d3d1060a908349ef61b88ff0750815347a4fa53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\InstallOptions.dll

Filesize
15KB

MD5
998189882c9f1be220c9faf0fd2bde15

SHA1
787d50c46c9a2a48565f684fabc7503aca8b0493

SHA256
f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990

SHA512
e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\System.dll

Filesize
11KB

MD5
24523fe14bb9ba400a3950016b187915

SHA1
6ec152b4e4ac04038d4608a8a206070185116036

SHA256
c4aaf80e3990185eeb5ea56bf841dbf5f3d02269d715f3bfdfe8b54aa797a7b9

SHA512
ae73351d27109187f7c4e312bc30a165202f29d74c65dd0feaee75dab72b97d27c6482b1e95771063afec7e9f2ca03a27a11cd25e39228072b69c33fffef7257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\UserMgr.dll

Filesize
23KB

MD5
9210597fba3dfab3c69b1eb490205419

SHA1
6e3ca39043756ed1cceaf2d4853e7cb6be1c64cb

SHA256
7696c255014a543f720e189ab3fe48f62fcf43435465062649c96138eedb222f

SHA512
4877daefdd34725791fba7c8cc2d85c4e91080ca7787a71ee9ffde71704ac40799b891f03d1f1805a31af6ddc35e335f74c9d620e87d517670a378c001cffb06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\ioA.ini

Filesize
1KB

MD5
4092a395cac42cd02d74f7a1dcade9f7

SHA1
f3397f91a6103bc5c16ada49d405b2e725099fee

SHA256
f7a956b91b3eb04f02541cfc6fbb98ff824b883673b457f99cf5f09acaf11f3e

SHA512
f638aac6e00c0d135d450442bfd833129566facc46bee8dc194f122f4ea76dba33a29e97a6ad7d235d82b5fe7a1d2576f5cebaae32d39cc1b9d0430d0ab85ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\ioA.ini

Filesize
1KB

MD5
823d395fb689a59f891f8aed36f8fccd

SHA1
1d93a665a864322ddb97d03d4b79a7d26ddc1934

SHA256
8c16f59e076b096e75bb7fd0c13dd4f1646cc8a76d0d7a5f780db85e9ba45cb4

SHA512
c6d5873e1a9720a13fbfead445a96ebcf174dc606a121c9c6971cefed10180b847fc1d6e23410210af60a08c8a31ef883158e8632a8dff88a6d4a013aec875a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\ioAllUsersPage.ini

Filesize
1010B

MD5
634fd2633a884035690fd3635c7ae34f

SHA1
91af7c2af8a41563d33f944868d22673c6116e2d

SHA256
c0313e195465e521ef5cbd94e19a1abe70cf0d564ec38b017f1e09a276e30c15

SHA512
810389998f4eb641228e5b4e2ec43849102d2d9e1890c17aff5067cbcd0e46bac7850f732815746cbdf62d4f698cc47002cad2aa2f3b442cec3a5652558b058a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\ioAllUsersPage.ini

Filesize
1KB

MD5
5f636f4c4e8ba9c2c45abc0ba80b8269

SHA1
e858c5fca302a7ea51b3e71dab060615e5e5b116

SHA256
b368f101380ab69cbcd314620734bb09ce81a82a81205e382b4c129d730dc041

SHA512
c480ae5ffced80c80541be4f56fe41b9571204517c5bb40d85b049f2cdc04f42cad5e82de030793bca270fce8ded37d4eaa739b19571f5e4b62f68146ede3991

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC5B4.tmp\ioSpecial.ini

Filesize
1KB

MD5
0baa5266457f034a26e5d70d90fdbc02

SHA1
d54c68b804b47bc235db5312ece3df9d9c708bf8

SHA256
4f594aba123600a3f3666f39652d01dce7dfa791a558135a9482f5f649eaa182

SHA512
609e15bd01d649ca5727fcf666db97c26e3fb2f96ebefc4e4f4fe8bada675111bc0dc4304d0a40ab7303f3780bec69c707f0eab238bea895643de1c9625a7cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA73F.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
C:\Users\Admin\Downloads\Image-Line FL Studio Producer Edition v21.2.3 Build 4004.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1180-550-0x0000000004E00000-0x0000000004F0B000-memory.dmp

Filesize
1.0MB

Download
memory/1180-736-0x0000000005040000-0x000000000514B000-memory.dmp

Filesize
1.0MB

Download
memory/1180-368-0x0000000004BF0000-0x0000000004CFB000-memory.dmp

Filesize
1.0MB

Download
memory/1180-312-0x0000000004AB0000-0x0000000004BBB000-memory.dmp

Filesize
1.0MB

Download