32a7455d7c3d945aefb5a00fa5d8cbfdea1698224adeec0145c368e21763b083

Analysis

max time kernel
480s
max time network
493s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuseScore-4.2.0.233521124-x86_64.msi
Size

103.6MB
MD5

9e09b6c2f8459f05f8311306369239d1
SHA1

18c347b7d5c1153d65941c7e80fea205a8af273a
SHA256

32a7455d7c3d945aefb5a00fa5d8cbfdea1698224adeec0145c368e21763b083
SHA512

fd47feabb17c0d2006e8ecaca5e454b2e3f5ae51ea2761ac781846cc1c10c703a81d47e658d4986798334704ff58a92be2786463ecb12d7dc70cf0b8a7ce28b5
SSDEEP

3145728:rAiZeMkkbaAItj4rapMpuZgt8ynJXtr9UPhb6VOF:rAiZeRGaAItj4rQI1nRrUPhbV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4752	MuseScore4.exe
1168	crashpad_handler.exe

Loads dropped DLL 49 IoCs

pid	Process
2680	MsiExec.exe
2680	MsiExec.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
21	1484	msiexec.exe
26	1484	msiexec.exe
28	1484	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\MuseScore 4\templates\01-General\02-Bass_Clef\02-Bass_Clef.mscx	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\04-Solo\03-Guitar_Tablature\03-Guitar_Tablature.mscx	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\03-Brass_Band\META-INF\container.xml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\Qt\labs\calendar\MonthGrid.qmlc	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Dialogs\Private\plugins.qmltypes	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\en-us-interline.ctb	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\musescore_eu.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\Universal\CheckBox.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Base\images\[email protected]	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\CheckBox.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Extras\designer\images\dial-icon.png	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\es.tbl	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\instruments_af.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\qt_da.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\Qt\labs\calendar\qtlabscalendarplugin.dll	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\designer\ToolBarSpecifics.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\Universal\ComboBox.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\spaces.uti	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\musescore_sl.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\qt_uk.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtGraphicalEffects\ZoomBlur.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\Imagine\ApplicationWindow.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Private\SystemPaletteSingleton.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\03-Brass_Band\viewsettings.json	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\musescore_fi.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\VerticalHeaderView.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Base\CircularTickmarkLabelStyle.qmlc	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Private\ContentItem.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\Imagine\BusyIndicator.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Base\images\button.png	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Extras\Private\Handle.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\en_US-comp8-ext.tbl	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\04-Solo\01-Guitar\01-Guitar.mscx	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\da-dk-g16_1993.ctb	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\no-no-8dot.utb	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\01-Concert_Band\Thumbnails\thumbnail.png	msiexec.exe
File created	C:\Program Files\MuseScore 4\include\kddockwidgets\LayoutSaver.h	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\designer\images\spinbox-icon.png	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Desktop\RadioButtonStyle.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Extras\Gauge.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\digits8Dots.uti	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\pa.tbl	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\01-General\02-Bass_Clef\audiosettings.json	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\03-Chamber_Music\04-Saxophone_Quartet\04-Saxophone_Quartet.mscx	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\musescore_vi.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQml\RemoteObjects\qtqmlremoteobjects.dll	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQml\Models.2\qmldir	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Private\SourceProxy.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\05-Jazz\03-Jazz_Combo\Thumbnails\thumbnail.png	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Private\EditMenu_base.qmlc	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Base\DialStyle.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Base\ScrollViewStyle.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\TreeView.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\pl.tbl	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\BusyIndicator.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls.2\designer\images\toolbar-icon.png	msiexec.exe
File created	C:\Program Files\MuseScore 4\qml\QtQuick\Controls\Styles\Base\CheckBoxStyle.qml	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\03-Chamber_Music\04-Saxophone_Quartet\audiosettings.json	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\04-Solo\02-Guitar_+_Tablature\02-Guitar_+_Tablature.mscx	msiexec.exe
File created	C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\08-Small_Pit_Percussion\08-Small_Pit_Percussion.mscx	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\instruments_da.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\tables\kannada.cti	msiexec.exe
File created	C:\Program Files\MuseScore 4\locale\musescore_en_GB.qm	msiexec.exe
File created	C:\Program Files\MuseScore 4\plugins\tuning_modal\Temperaments.qml	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSICBC7.tmp	msiexec.exe
File created	C:\Windows\Installer\e58a267.msi	msiexec.exe
File created	C:\Windows\Installer\e58a265.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58a265.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{200A530C-A4F7-48BB-8A37-F5454DBCEE95}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000fe4aef237c2afe490000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000fe4aef230000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900fe4aef23000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dfe4aef23000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000fe4aef2300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz.4.stable\shell	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs.4.stable\DefaultIcon\ = "C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe,1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs.4.stable\shell	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.mxl	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.mscs	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz.4.stable\shell\open\command	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable\DefaultIcon\ = "C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe,2"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\.mscs	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\shell	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx\CurVer\ = "MuseScore.mscx.4.stable"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.bww	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.gp	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.sf2	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\shell\open\command\ = "\"C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe\" \"%1\""	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz\CurVer\ = "MuseScore.mscz.4.stable"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\.mscx	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.scw	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz.4.stable\DefaultIcon	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz\CurVer	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\.mscz\ = "MuseScore.mscz.4.stable"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.Url.musescore.4.stable\ = "MuseScore URL"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.ove	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.mscx	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.midi	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.gtp	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.sf3	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\shell\open	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable\shell\open\command\ = "\"C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs.4.stable	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.mscz	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs.4.stable\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.cap	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.capx	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.gpx	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\FriendlyAppName = "MuseScore 4"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable\ = "MuseScore Uncompressed File"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\.mscs\ = "MuseScore.mscs.4.stable"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.gp3	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.gp5	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.ptb	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz.4.stable\shell\open\command\ = "\"C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable\shell	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs.4.stable\shell\open\command	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.Url.musescore.4.stable	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.sgu	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\musescore\ = "URL:MuseScore URL"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\shell\open\FriendlyAppName = "MuseScore 4"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscx.4.stable\shell\open\command	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.Url.musescore.4.stable\DefaultIcon\ = "C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe,1"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.xml	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscz.4.stable\DefaultIcon\ = "C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe,1"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.mscs.4.stable\shell\open\command\ = "\"C:\\Program Files\\MuseScore 4\\bin\\MuseScore4.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\MuseScore.Url.musescore.4.stable\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.mgu	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.kar	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Applications\MuseScore4stable.exe\SupportedTypes\.md	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\.mscx\ = "MuseScore.mscx.4.stable"	msiexec.exe

Modifies system certificate store 2 TTPs 5 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	MuseScore4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MuseScore4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MuseScore4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MuseScore4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MuseScore4.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4752	MuseScore4.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3352	msiexec.exe
3352	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1484	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1484	msiexec.exe
Token: SeSecurityPrivilege	3352	msiexec.exe
Token: SeCreateTokenPrivilege	1484	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1484	msiexec.exe
Token: SeLockMemoryPrivilege	1484	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1484	msiexec.exe
Token: SeMachineAccountPrivilege	1484	msiexec.exe
Token: SeTcbPrivilege	1484	msiexec.exe
Token: SeSecurityPrivilege	1484	msiexec.exe
Token: SeTakeOwnershipPrivilege	1484	msiexec.exe
Token: SeLoadDriverPrivilege	1484	msiexec.exe
Token: SeSystemProfilePrivilege	1484	msiexec.exe
Token: SeSystemtimePrivilege	1484	msiexec.exe
Token: SeProfSingleProcessPrivilege	1484	msiexec.exe
Token: SeIncBasePriorityPrivilege	1484	msiexec.exe
Token: SeCreatePagefilePrivilege	1484	msiexec.exe
Token: SeCreatePermanentPrivilege	1484	msiexec.exe
Token: SeBackupPrivilege	1484	msiexec.exe
Token: SeRestorePrivilege	1484	msiexec.exe
Token: SeShutdownPrivilege	1484	msiexec.exe
Token: SeDebugPrivilege	1484	msiexec.exe
Token: SeAuditPrivilege	1484	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1484	msiexec.exe
Token: SeChangeNotifyPrivilege	1484	msiexec.exe
Token: SeRemoteShutdownPrivilege	1484	msiexec.exe
Token: SeUndockPrivilege	1484	msiexec.exe
Token: SeSyncAgentPrivilege	1484	msiexec.exe
Token: SeEnableDelegationPrivilege	1484	msiexec.exe
Token: SeManageVolumePrivilege	1484	msiexec.exe
Token: SeImpersonatePrivilege	1484	msiexec.exe
Token: SeCreateGlobalPrivilege	1484	msiexec.exe
Token: SeCreateTokenPrivilege	1484	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1484	msiexec.exe
Token: SeLockMemoryPrivilege	1484	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1484	msiexec.exe
Token: SeMachineAccountPrivilege	1484	msiexec.exe
Token: SeTcbPrivilege	1484	msiexec.exe
Token: SeSecurityPrivilege	1484	msiexec.exe
Token: SeTakeOwnershipPrivilege	1484	msiexec.exe
Token: SeLoadDriverPrivilege	1484	msiexec.exe
Token: SeSystemProfilePrivilege	1484	msiexec.exe
Token: SeSystemtimePrivilege	1484	msiexec.exe
Token: SeProfSingleProcessPrivilege	1484	msiexec.exe
Token: SeIncBasePriorityPrivilege	1484	msiexec.exe
Token: SeCreatePagefilePrivilege	1484	msiexec.exe
Token: SeCreatePermanentPrivilege	1484	msiexec.exe
Token: SeBackupPrivilege	1484	msiexec.exe
Token: SeRestorePrivilege	1484	msiexec.exe
Token: SeShutdownPrivilege	1484	msiexec.exe
Token: SeDebugPrivilege	1484	msiexec.exe
Token: SeAuditPrivilege	1484	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1484	msiexec.exe
Token: SeChangeNotifyPrivilege	1484	msiexec.exe
Token: SeRemoteShutdownPrivilege	1484	msiexec.exe
Token: SeUndockPrivilege	1484	msiexec.exe
Token: SeSyncAgentPrivilege	1484	msiexec.exe
Token: SeEnableDelegationPrivilege	1484	msiexec.exe
Token: SeManageVolumePrivilege	1484	msiexec.exe
Token: SeImpersonatePrivilege	1484	msiexec.exe
Token: SeCreateGlobalPrivilege	1484	msiexec.exe
Token: SeCreateTokenPrivilege	1484	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1484	msiexec.exe
Token: SeLockMemoryPrivilege	1484	msiexec.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1484	msiexec.exe
1484	msiexec.exe
4752	MuseScore4.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4752	MuseScore4.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe
4752	MuseScore4.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 2680	3352	msiexec.exe	103
PID 3352 wrote to memory of 2680	3352	msiexec.exe	103
PID 3352 wrote to memory of 2680	3352	msiexec.exe	103
PID 3352 wrote to memory of 3096	3352	msiexec.exe	111
PID 3352 wrote to memory of 3096	3352	msiexec.exe	111
PID 2680 wrote to memory of 4752	2680	MsiExec.exe	114
PID 2680 wrote to memory of 4752	2680	MsiExec.exe	114
PID 4752 wrote to memory of 1168	4752	MuseScore4.exe	115
PID 4752 wrote to memory of 1168	4752	MuseScore4.exe	115

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MuseScore-4.2.0.233521124-x86_64.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1484

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 98A0B604DC5103EEC16CD6FE57A40C90 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Program Files\MuseScore 4\bin\MuseScore4.exe
    "C:\Program Files\MuseScore 4\bin\MuseScore4.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Program Files\MuseScore 4\bin\crashpad_handler.exe
      "C:/Program Files/MuseScore 4/bin/crashpad_handler.exe" --no-rate-limit --no-upload-gzip --database=C:/Users/Admin/AppData/Local/MuseScore/MuseScore4/logs/dumps --metrics-dir=C:/Users/Admin/AppData/Local/MuseScore/MuseScore4/logs/dumps --url=https://sentry.musescore.org/api/4/minidump/?sentry_key=933cddd6c36e4e768be159c15c254dab --annotation=sentry[release]=4.2.0 --initial-client-data=0x48c,0x490,0x494,0x484,0x498,0x1447d7f58,0x1447d7f70,0x1447d7f88
      4⤵
      Executes dropped EXE
      PID:1168
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3096

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x478
1⤵
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58a266.rbs

Filesize
133KB

MD5
41d53640e1121374025f182cce7fde8e

SHA1
ee09f1d48f511bf55ba5b857ecb67e32ff04da9b

SHA256
bbd24fd71d2e27fd4b2d061c0612d564246873bc328d57ed42f49b86f5887c25

SHA512
88a9925f6d0255dfc75df02525757044bc7c10992eabc2b4e173c738613f3c93738052e59592b7418c97a4e7e3daac7f7667e353c88da6022133abd5b1b1a67b

Download Submit
C:\Program Files\MuseScore 4\bin\MuseScore4.exe

Filesize
194KB

MD5
1740fdc30dd65939360c45a2df5e0174

SHA1
969469a45dd6ed1785c85f2f3a35979e5caf40db

SHA256
d5f53faa52d1be45ac9c3e02839afa9cb76a131e7c673bbfff2cb7e15f552892

SHA512
fb85ba271cafbceaede00d7e39ecb5e33c6b2a89d20cf1c626b8f224c7bbbaa4865e3ef94b73310d9120673e19c654cba9692323c038c17448abe73cc540f155

Download Submit
C:\Program Files\MuseScore 4\bin\MuseScore4.exe

Filesize
318KB

MD5
fbe5bd3f39c7f5c71c28ba245c9ab401

SHA1
e26cf8a62df24a31f5bd65b432d27b6b80e545d9

SHA256
441c75618e2edd95d8eac2da9f52eb62d5611f8a1de2acea931a779beb9a7598

SHA512
6a0d2585def5e921bc4ce614203e42d166e83132c93292004dd1ac891c7b5bbdcfea4c9ffdb4370aa8e9766f51859a450a6677034cf8dfbdbcf06a9740c7ab51

Download Submit
C:\Program Files\MuseScore 4\bin\MuseScore4.exe

Filesize
40KB

MD5
cc5cae6c17064afd6f1ae00d4f4dc554

SHA1
9e2c58d2d6d5a9d5c071d25a0a64365831a6d65b

SHA256
2190f89a574dc5f7cdc4921e5fc67a8fc07ea471ad9351efd7b3c129c8ce75c4

SHA512
262c031383aeda5d559caf008d26730a85a18fa15b821e8f4011db229bfff41e0d8e408648aab69c24a552a222b5fb325599d9e30a6ccde59f0a423eac5a7b06

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Gui.dll

Filesize
21KB

MD5
4b0cea345a0e25d55f70c50f60e74a68

SHA1
67bf2282d273a06d10e4a681f10f1468bb51f7fe

SHA256
afe414d5712d0289fd002d52a1a3d404d7e5a40d9c59a99d006b96189e738e23

SHA512
daf5eab0fbb7f4e5544871cac36a040d3c3e52bdf565a58d1f17c9f89499202a372a31056743ac602c2131eda7906681d4063b8cdf91ea2c4202b559ff372260

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Network.dll

Filesize
86KB

MD5
48dcfde78edcdeb6115a80006c4ec8d6

SHA1
4f676d996a57de389b996fc62a09218fec6710ef

SHA256
ca0bae56c2a0ee80d090c33b1dc3785bf04f6e9e910457d25b43817444f1fbc6

SHA512
58bf2b9038ac799304989dd7cab61398e9ac7009d3001c0502d036238d264c0c9e6f409b6d2fb2b8f8c2115223ae724e8c6c89b5cce1748e64bb14292a0fccc4

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Network.dll

Filesize
87KB

MD5
51d80a1d49f1971c3a90e19914c1220b

SHA1
14fc47112aeeb2e4f1e2d1247362c47a895d7d00

SHA256
ed8d9421fdebf5c9654d9b5b8ec944e2cdd28a842a696e19ef0eb370619cc32d

SHA512
b17bd02e8d5ac1ce8d89f8379c9f49fce6997eaf21c7d27c1151d88b85a87dce568303a45178bd882aeebc22e678dc1386c176a4d3d40bee63572844b2a4dbfe

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5NetworkAuth.dll

Filesize
154KB

MD5
fba122a1a2dc82c6e72034b2eb4a4827

SHA1
13f3eda75194cf5f7d03009d29d2cbe6b815ba90

SHA256
23e2402246a97ecd69beaa93a9d219d9576256a7d8d01fe3d48553b8934380a8

SHA512
13865841211ad968fe7e5f40e77974e08cb6bfcef496e70eb266b43687b4834e548d64ef68d473cee4b2bf50ef8663bff78fe632e19905e1b50f22b34f277502

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5PrintSupport.dll

Filesize
92KB

MD5
b52d8241eccd59b992ac5f684452e881

SHA1
6a3129445c338df6c15869bdb379b5fca452b18c

SHA256
156e7b6b2aa7a5f44787c585d02d610a81ebc2261eda6e5262aa7a3bfc9d7125

SHA512
8d56286fd1b49f7a8a9be03d875eeef91fadaf49d1bb10fb5d8b7a74471f2b3cd5e303d6ca1b41eb82171c1d80628900b9d68419b6588e7efa496286b494ca29

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5PrintSupport.dll

Filesize
38KB

MD5
70ddcb4ca84940db1cc739c461d8e6c7

SHA1
59da15fcfa918fc948cf8848213ebae99895a969

SHA256
696c995056cc04d6bce036bf8ab5bc336625e0ce0de0461ad2e57e1ee885bc6d

SHA512
aa3f266032893ba140543c04d474dd3707fdc71443f95259e8bd2fb46bb33c2b2bcd54a879ce4e937fb97dfdbd7643cfe6dadbaf5550a3e213ea43a780f2bb9b

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Qml.dll

Filesize
109KB

MD5
5391502d495cbecdaa4fabd5e86de526

SHA1
bbc90bc5b2d786030146687474369eaa41577ec0

SHA256
74e87a0d122575d79a97108c67cb70eca4424356d5e209eeb397fd60683f3692

SHA512
6ef7db1b80bd0807e39a115de1390da86fb00c9f187e8d10479026aa0ac361b9e5bc3053e1249f23f660d7626f404d286740ca010adf16b0073f4b83e1d09ca4

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Qml.dll

Filesize
357KB

MD5
ed5148f4b230a8645f54574748c4c1ca

SHA1
8c5a74ddeb28fdcba5578d36c575c37533f254bd

SHA256
bc5c6aa1aa917bebbf3614211bfa8c97518654840202cc0f4d41823c37c65212

SHA512
65963dbf57561a1c532a69e7d8e7225ce9ab68a18980766bbe81b926314a8335b2098cc927079df9d726fdd4057ab51c6bec00eeb27a3fb07e64aea5e24b2c5d

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Quick.dll

Filesize
196KB

MD5
401cdd24729d282c5da6e93f87a4c303

SHA1
4e1df10356e1b54d923a4e7cd08e35ab69837134

SHA256
66d4b404daa953a11ae9bba5c8c09e3c9ec88ce102562669334e2536cdf0ade6

SHA512
3c8f1c13b6859c836c76cdc9fb97d0a0d767e028e0e7f081b87af780af039f3b7e65c6c6a6deff088cf8170629f98930cde10e6dca15029bd4f1902caefcc877

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Quick.dll

Filesize
239KB

MD5
43f71b9e6b469b465628c5d9f581bd8d

SHA1
fc6c9481d193f32e2aa360f299b0b9257991aac3

SHA256
69d17606cc2306241e4d30e0616ead8e8a5c4da3063fe08ba8b27fb4a8a3d6e4

SHA512
8e6f03d7655c22e7dbb8a18e240f567787502f15b623511e52615576e70cd918b1f3d4a43bfbff1718572acd7ce630d0636e1d042972fa697f1478200135eed8

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5QuickWidgets.dll

Filesize
80KB

MD5
98ef5971f86fb44ca9b1968189ce6d93

SHA1
3d90381671497ace9aed530e35bb68f4f747acfb

SHA256
d82e8df844ac7b1d0a71a897ce7c93ba8601bfee6413c8a1206b0b7cbf69d02f

SHA512
fbed6e3cb76e5f3919b799d53b955e2b77cdd00aa0e75b26715be4bc4be744a51ed8aa2fd22f21d9865cc8e1940cb7f0fd37da6b804e95a5456d7f0f1331f01d

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Svg.dll

Filesize
81KB

MD5
e4d2e90b6f7bba8a49fafd4bf4f19a26

SHA1
20ea64009c635bdf8ae8ebca83c61adcf689ead1

SHA256
37368c63dbd6e999bf47b5f23b3def69d5be53c6e009e7abf105c017d4fc5510

SHA512
33b058ac24101153487371d3118c14f64b2f5a0fbcad83dec059565f71d1cbf6814d5f695b53d015d9343b2abd80dba18b0b9974655f83a24fa5be252c807d4f

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Svg.dll

Filesize
47KB

MD5
17716c6b22524a9e1f24f6a75946def0

SHA1
0c20f90bb71a7049682ff7b55445029145b980e0

SHA256
a142ee05275c27c5dd11e43333ef05d27c3ff8f0dc4a7d2eae82921cc9e34439

SHA512
4d5b685f1e3068b3d6085cc3fb3841f3e35736abea45d0db24ff691a81dcd91e23e4918f1e67e7d06054642b827f5471dbed5352db9f50924814a02b97e3f807

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Widgets.dll

Filesize
38KB

MD5
d49b4d9576210785c04c03378b70c191

SHA1
39bf5bd1e7c205248a206a0387f030538f076b7a

SHA256
a847edb3e0aac37a7aee86cd14fe8199473381daa29a45d9d4a090de48429e5c

SHA512
1734a892fb5e324ae31fe5a218127e1e1e51935686f1079f1a0dddb508b9105940ecdb7f08fbb9c3f5513e296b72f862c96565014beff519a09960c5eb51678a

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Widgets.dll

Filesize
90KB

MD5
62d56b7724b33b752254a1e16e4eb134

SHA1
c52dd6dc4419e5bedb0e6dce7d1d1fa0aa48d1b9

SHA256
035935a3fdf4d60951150cc0238f9872c717acdee19eb44f296d5790c3d833d4

SHA512
5341cce54bd905e02a62c82c18f3314ee8c8e56a70711892098ba011ffee73fe7f180ddc83b72f5100ef003e2486e3c011edd748da8f7b7adfb1a5cf2aa7e8ea

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Xml.dll

Filesize
168KB

MD5
b637dda80b936623def9a91e2702b2cb

SHA1
2bab6242b346ff1e8d8ba88e4db32ae113e03238

SHA256
aae3059c64377a47cc927334ae1edb407bb534b98f39ea175a8fd3d5f45226dc

SHA512
26a02fa34fde9717484c55adb64d5e41c7ed0d937f851dba2546c698dabe50d5a4faa4cf06f4762d8884200e96295ccf7ce0586e4e69cce4efc22a1a093d09e9

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5Xml.dll

Filesize
110KB

MD5
067d508e2129b2d93f9542f9ccda50ce

SHA1
838a37f8050a87d4d0f088fbcc139777af68f631

SHA256
96a87fe90b93f5dea877e5094eceba5672f1938a6bc883b60a20099d01a5a4bc

SHA512
6815a9d430fa019a3b205155e671392448d7e5b4c9be61a3486a8b8550a6fac7cc8de5d420c7f5be4f8ede36225e553cb26335e364bb0b1ae049c6491623dd38

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5XmlPatterns.dll

Filesize
282KB

MD5
9bce2a6834dd709f11a64ea1db42cf7d

SHA1
a168630fa0fe4038cd2c8b1306553a0fa945a33a

SHA256
58a3da9f5c5dcab11aa31d70c0261e2fa90e21cf8035beba39078b3138298551

SHA512
ab59a75421d89db277c7bfe074de48dd6cf7cb61cffa04acbdd2c7f23e812c594594c169e443cec915d7b9a49227db184a3f5473d9cb51d0e38b3a592b7386d8

Download Submit
C:\Program Files\MuseScore 4\bin\Qt5XmlPatterns.dll

Filesize
126KB

MD5
9b95c3e798d2162f4019ad81f342b223

SHA1
af42009ef46bbba7bc72da3ff6043fdb7945ddf3

SHA256
650602d52788e5dc427eb3f57d48b78d3f3f08c5c48ea484d97f7683fba20ae7

SHA512
df37e07e17345d5e39ca8c310992c4ddcc1cd677e3652c420a9b2d15042c3a728c376e79b386d0d49f4c87650428efc3ac0604a3649aee2e4955ef96b2a4ced1

Download Submit
C:\Program Files\MuseScore 4\bin\libsndfile-1.dll

Filesize
271KB

MD5
83e0472ae271d0d9e2f979cc95bfbac2

SHA1
e33afe11e387ad4f6b1012c2927711fabc276c95

SHA256
dc3e89da211ca975ad05117b80e63595fff67aa4e8411512496969862253b07b

SHA512
47161ec4c828ae84bff6317b90eb407666b92e06b61d19ffd03fca21d734bd6acd2f618611bb658b8d08cebfca6814ff84a80dc9a94e4db891c8e2cfa70989f2

Download Submit
C:\Program Files\MuseScore 4\bin\libsndfile-1.dll

Filesize
347KB

MD5
f489341d685da617fd631e19887f77b2

SHA1
b4a931277ae1eed4ddd855bc480349673e05c02c

SHA256
395002cf6a74fd20f2158d27b16a76c0a09ed9a3b3da151f4538703ae5d9fb59

SHA512
f2d812642d627dea17c7bf31882f3292a8e0a0e20be8de2ba7c9f4c30ab333e001feb1be30a42b41e34f336b6a44640804470097a30234016be27ebd1c59b48c

Download Submit
C:\Program Files\MuseScore 4\templates\02-Choral\03-SATB_+_Piano\audiosettings.json

Filesize
3KB

MD5
31d84d097e1386f6cb76da3663149f19

SHA1
588c66425a7ff583b059ae7adfd6f0aab1897482

SHA256
a128d59f809327ae396f37c60888a6b93347603584f9246e39e33fc9478a5742

SHA512
5cb49691ce0b2a7e2445b45e6bea0085603f959f2f00d581d3cf2dc2f279462412674d6fc1d477100e926a8a613836ca0648538e202f6f2c5c08b3250c75fffc

Download Submit
C:\Program Files\MuseScore 4\templates\02-Choral\07-Voice_+_Piano\audiosettings.json

Filesize
1KB

MD5
6ccf513e4cd4cf25ce2c56379fb5d126

SHA1
15125b430176e8ce8e16ba006888192cf31c2587

SHA256
e2f263aefdfe1713eead1202090821273b6db29d546c452c83cef06c125e52a9

SHA512
a3c30b08d36cb0e4da5110e4942f563badc9ade8c03312a4ca53beddbf6a20204ea9cd3d6f44af1f04717511e1e9f017276cfb5cb953fbe9510afeb1bc33b881

Download Submit
C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\04-Marching_Band\audiosettings.json

Filesize
14KB

MD5
73e3d13fec9a1c07b665fd272a2442bb

SHA1
d7c56b99c61b4fe63fb5927e4df2220ffb4b2c33

SHA256
5fc7dfa6f5ed00bf3f85c18a49a97723424de9d2c8c9d91bf2058752d84f9848

SHA512
4a989389248b693a6e84849d6b355c85ec3a9d09f2186f0383da88e3abd88b2a993cebba6def8e74437f93d38d494100ff93eb1c024085f7b53f2dfe499c70e3

Download Submit
C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\06-Battery_Percussion\audiosettings.json

Filesize
2KB

MD5
32ee7f25a860404b6222436d7c2a86a9

SHA1
3445deeb1a8f537b27bc128da31e9b5470c6e0c7

SHA256
5391d6d5bb47a683349bbc902539b2e323ff053a9214f184616d80145833c226

SHA512
3a649d4716e9f5123bdec2e5d7b37d98c3c39f0cba8af8de5a85d190b820543ad990fbb3e830d955f471c446165a54d59af66c96d713b5bad119d0f9ab85cc16

Download Submit
C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\07-Large_Pit_Percussion\score_style.mss

Filesize
35KB

MD5
e3a03e4ee6613e9eccb68afd07104d26

SHA1
53b41876eef9f5997df26f7c9ad8f6457c58c7ee

SHA256
81a772b5c5780da0e79a4dc80e67ca1191ee01418eba99f31332404988d16ecb

SHA512
914e68efc09292d2902a04bb000b19e9b01789bac7205675a23642b2eab26a35c600df32de874b27a7a32e048dd5c71aa8326a0ab938026ef887745076afbc8e

Download Submit
C:\Program Files\MuseScore 4\templates\07-Band_and_Percussion\07-Large_Pit_Percussion\viewsettings.json

Filesize
60B

MD5
4676645873ac45dddb7aa7fcad09e99c

SHA1
20435d92a4e1f430926ede7ad9bb0617cae275ef

SHA256
17dc2f059786a40b21a4f3375d5a528ecb6b4d897a3d67b7242fec5e7a4d89f4

SHA512
4e4bff01af5ad83bd731b6fde9f2b8633ae52250dc3e89fd7cf71bda478dcb58645611034e9723573b50e9c84393cdd040c63ce933157e38ceb52292a9039a51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
e5809f0a9c7bf9532daeb55a66c3549b

SHA1
5111a5ab7d1411e0912ecb06c0d4abc22d18f17a

SHA256
4e70c74d82809cbf40a625ccf86b7ad7843a435ae7f70629f84de4f0808990ed

SHA512
7ac24f8479802b46eb3ef97a22a18cdf3755d757995a2b4667825b858954ad6cb32190317d8fd55dc8042fad0d0dd1357bb284b3e1c5b9d591309d1b79958373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_531F413CD255D6CEB446C3171E8C165D

Filesize
638B

MD5
2cdbada13a4d7010ee9ceb0ea60d9940

SHA1
81d6b009c12dc80c0a84663eab684fcfa83b69b4

SHA256
b900fcdbd89480f93fa1371288d6fb9d7948eebfc631265247bf3a32699a9858

SHA512
45ca6fc7098bedabc50620a32969e210646b6c886c10f13f5b79502fdb9778d76f67d2ca7ff2f6992e44c33f55c56c55d0f63b07ebd118268c4c812f5e6c802f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
c8523dfe4fbdaeb5d0239d353b05d32a

SHA1
b726b6a22e835861c1028755f63cc9d7ef995648

SHA256
c4135fed1c60c91c6a8a79cb2cb4b167fd5bc61e28883e62e1c489b558058cc0

SHA512
5226a02e0df8b858bf2c01a150617554850987c525cbd565ddc69811587fd718dfeb66e896d9d36834918b29cc9e8134d88a6b84af95a7f0fdcfa3c1fc4c6f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
115efda6345b787616eb1e5c8385ee6a

SHA1
62545945ace304d313404c2298697dcf4e7d1cec

SHA256
e4969c3cb87a1cfaf7bf84aced397b6c4617f0e6bd9079bb105eacf7331f4de8

SHA512
52469b9028bef2121a252f414185a3ec1472d6a5a13247556b88e10226979c4e76182f73c0e084d4bbb5e5716188b34b45b87556b2a0c33c33cf34608c0be315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_531F413CD255D6CEB446C3171E8C165D

Filesize
488B

MD5
34cc595cb71d814fad6d3071d1eee9db

SHA1
35cab93a7d3553412959b98d969b9afce0f095b2

SHA256
c5788dce5e1f7a347387dbef07b3ff5e8c4b683668398bdba56f2ec60bd43fdc

SHA512
6932f2a8ee4d2f4bc03f11273aa99cb7a5216add268a936491bebb5de423656946d7819a37710a9aaff2e2de2667cd4aa1d57639ebca75f809812f013688afbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
75a0ba08d98cba815ffb5c92c9844042

SHA1
c500c693d64d9964d0da886727f843d2f416f213

SHA256
61a8cc81a3af8a9746e2083723c3583855a874d226f3e3fabf625d27e640dca9

SHA512
b6b7b5dd2934b90557bece00d2ae62832ff913bc68a8b31ad2e15164d030b40f7674adc88e3344e0564066c253e8fb762d5f311430ee063a94e7021bcc0d33e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI27C7.tmp

Filesize
52KB

MD5
8a648628a2e859c7cc78d276395efeb8

SHA1
6f2848a3baefb2d932f3513de0ff6c51596b0a2a

SHA256
6d81c2def8c5920560ed57bc8d41eee52b4d027903108bd4fe5d6f61709192bb

SHA512
88325c7b2977f49641533ef9fa42a1bd2cf8b935dfbfe3deb886cc5781953a9b89b2b60c291d830bcaf8f3333d812695eba62be5bb1003c19c800d59b2d5b733

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI27C7.tmp

Filesize
87KB

MD5
28f831c76d12f2ef42197cf141b05fc6

SHA1
cadbd879f0bb1a361ecef8d1ab6cd09659bb7406

SHA256
72e5fc957b3e55d8463a8fb7464ab96c9a5f27b853d1b80de1b4dcb05588201a

SHA512
c03cd023b2a12106547d587d4e84fa1775f0b191235faeb1e3ee65f754600c60ad32027d1f74feed4c94b9ce1e309ffa6dbc530a0bbb49d33bd02c5634095707

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEA77.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEA77.tmp

Filesize
185KB

MD5
81a25a15d57a0dbe210c8fc6707a4dc6

SHA1
e89b29567faa58b943e1628e705604139af0f7e7

SHA256
ba07a249b3fdb64202b0d1218bded38c45e0a3757a6f78068e3ceeb5eadb5ee8

SHA512
da45ab36d92fade6f2ef14764404af8b3aa80b749c6e7565cc2d3fd22cd7a18ff3cf2015ef1e1c1363090795d3e1b3c63180d18befcb2c3216f976249616ab4a

Download Submit
C:\Users\Admin\AppData\Roaming\MuseScore\MuseScore4.ini

Filesize
426B

MD5
f74efe4450aacd2eeb2b48366a5e9771

SHA1
5e741a0e9bae42326998009b4c04db29f2ed9637

SHA256
9924dae727e01d3b18ba553396214a04964cc5bd647b192c0ca16c95a5216faf

SHA512
a45a2cc3598be84be5d5dc1771ebcb6c2a746c5c2b63467a5773a20070a02d6b70a018944e4ab644f5f155a3b7719d06bd6f2523f0f738b337912a98226f91be

Download Submit
C:\Users\Admin\AppData\Roaming\MuseScore\MuseScore4.ini.lock

Filesize
63B

MD5
b9f08d297263462ead694e108d818b48

SHA1
0d41639506ce70a343c72da05c9be1f86d0ad409

SHA256
d1e635db3f3a3cf8fb39643b0b0e1001234c3828d24ea5289cb8c3cf4fac7fc6

SHA512
7e567f96835e962b9c7178182c334a8240eb34bab43cb01f78deef6f15730b48c1126ecb389674adfdb07e2382a1fecd85a5e609da785da93db015f537f1125d

Download Submit
C:\Windows\Installer\e58a265.msi

Filesize
44KB

MD5
b09b26b685f4bcdcb138cd340a75de83

SHA1
7b0791b533de5359fb235f28884c095c0cb3ddb8

SHA256
629de208dbbe725ec877d601d77a1890cc23942da82582b00525e2f4c8051095

SHA512
3867aa704cb265b6c1e555d621c19ee4b0f5fa4d0841396e84610a65fa2dcca04dc9ca46e7f0a9206bae51da24867f0d69ac636e84c1ce369341537d82f2358c

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
61KB

MD5
9918e4adb5e3f21c8b50cf50d958b631

SHA1
0915aedfdad0e1ca055f01acff9e48448ae8fe58

SHA256
c055c9b430751e3b6dfe3528c37c4d0e0b3cefcc32c3233b69a0b089bfcb544c

SHA512
3d994307db4bc173dece9ddb058fa6ea4b4760836f5199218a46321dadc448440d328081917afa95eef9e9098035b6e4c9be7cbedbda115fbcd4bedcb1d244d1

Download Submit
\??\Volume{23ef4afe-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{19b00197-b46b-4e2b-a5a1-1e7ca12fad33}_OnDiskSnapshotProp

Filesize
6KB

MD5
441fd59cd0bafbf49b44720150bdaf24

SHA1
d8918a7575fe8d326e146709d07a14254b6ba9e7

SHA256
e30c72bd132c78e858ff0174f78c863fcd3e5cba95f5e86514dd452bd6302349

SHA512
c1321966dd894059002cdf26aee886980e2163faef8b5d0e3db8aaa663bebf3da39f92e13c34d1cad1209667a1c879e8e0de34ef8e5e2d58d4537ddeb9381e2e

Download Submit
memory/4752-2188-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2230-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2182-0x0000000007740000-0x0000000007B80000-memory.dmp

Filesize
4.2MB

Download
memory/4752-2184-0x0000000007B80000-0x0000000007D80000-memory.dmp

Filesize
2.0MB

Download
memory/4752-2186-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2167-0x0000000000990000-0x00000000009A0000-memory.dmp

Filesize
64KB

Download
memory/4752-2190-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2192-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2194-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2196-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2198-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2199-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2202-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2203-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2205-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2206-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2208-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2209-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2211-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2212-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2214-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2217-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2218-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2220-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2221-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2223-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2225-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2226-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2228-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2160-0x00007FFA4C3C0000-0x00007FFA4C7B8000-memory.dmp

Filesize
4.0MB

Download
memory/4752-2232-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2231-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2234-0x000000000BF90000-0x000000000BF91000-memory.dmp

Filesize
4KB

Download
memory/4752-2236-0x000000000BF90000-0x000000000BF91000-memory.dmp

Filesize
4KB

Download
memory/4752-2238-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2239-0x000000000BF90000-0x000000000BF91000-memory.dmp

Filesize
4KB

Download
memory/4752-2240-0x000000000BF90000-0x000000000BF91000-memory.dmp

Filesize
4KB

Download
memory/4752-2242-0x000000000BFA0000-0x000000000BFA1000-memory.dmp

Filesize
4KB

Download
memory/4752-2237-0x000000000BF90000-0x000000000BF91000-memory.dmp

Filesize
4KB

Download
memory/4752-2235-0x000000000BF90000-0x000000000BF91000-memory.dmp

Filesize
4KB

Download
memory/4752-2229-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2227-0x000000000BF80000-0x000000000BF81000-memory.dmp

Filesize
4KB

Download
memory/4752-2222-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2219-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2216-0x000000000BF70000-0x000000000BF71000-memory.dmp

Filesize
4KB

Download
memory/4752-2213-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2210-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2207-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2204-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2201-0x000000000BF60000-0x000000000BF61000-memory.dmp

Filesize
4KB

Download
memory/4752-2197-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2195-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2193-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2191-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2189-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-2187-0x000000000BF50000-0x000000000BF51000-memory.dmp

Filesize
4KB

Download
memory/4752-3783-0x0000000000990000-0x00000000009A0000-memory.dmp

Filesize
64KB

Download
memory/4752-2162-0x0000000140000000-0x0000000144B85000-memory.dmp

Filesize
75.5MB

Download
memory/4752-2161-0x00007FFA4B480000-0x00007FFA4B9C1000-memory.dmp

Filesize
5.3MB

Download