0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990

Resubmissions

Analysis

max time kernel
519s
max time network
533s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
14-04-2024 16:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Muse_Hub.exe
Size

38.2MB
MD5

113b0b7cfcaf7b11d541d6860534ce2c
SHA1

443a0f24974652fd2d081b952061a5e0f386e71a
SHA256

0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990
SHA512

78f09c46d202d73194f7c648effd03c250a20dc280e07bddb9380128c6077ce86d78da1ce22be1fcc14024a09aa35bd23f9288f1a650d66233b21ddaaa93c9e4
SSDEEP

786432:mt+ooIxXSZFxfPfRLtX630iml6R/YwsNnoPv7pAMVUZ4HG04Rgrk:mt+ooIJsxn1tq30iu6R/vsNnCVUZ4Hl4

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in System32 directory 6 IoCs

Processes:

Muse.Service.exeMuse.Service.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\9bb3edd8-51e4-4173-84d3-78d81cd2ea2c\Logs.db-journal	Muse.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\9bb3edd8-51e4-4173-84d3-78d81cd2ea2c\Logs.db	Muse.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\9bb3edd8-51e4-4173-84d3-78d81cd2ea2c\Logs.db-journal	Muse.Service.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Muse.Service\Muse.Service_Url_zmbqaeottvmi12bkaynsf5cuhyatvbia\u1iefh1g.tmp	Muse.Service.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Muse.Service\Muse.Service_Url_zmbqaeottvmi12bkaynsf5cuhyatvbia\u1iefh1g.newcfg	Muse.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\9bb3edd8-51e4-4173-84d3-78d81cd2ea2c\Logs.db	Muse.Service.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

audacity-win-3.4.2-64bit.tmpaudacity.exe

description	ioc	process
File opened for modification	C:\Program Files\Audacity\lib-project-history.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\msvcp140_1.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-UDKGA.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-MLF9Q.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-EQ91J.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-36HD7.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-UEFJ5.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-mixer.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-983QH.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-VUBIS.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-BNS4C.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Languages\lt\is-LL38A.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-HB9EJ.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\portaudio_x64.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-4DFS2.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Languages\sv\is-KTFJ9.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-3A6BI.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-theme-resources.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\opus.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\vcruntime140_1.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-0K1AH.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-N9N4O.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-2LL59.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\unins000.dat	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-ipc.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-channel.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\wxmsw313u_aui_vc_x64_custom.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-FVUOD.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-K9IFM.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-sentry-reporting.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-theme.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\modules\mod-aup.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-VFQFH.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-MPC9B.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-basic-ui.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-3EMQI.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\modules\is-VVABE.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\FirstTime.ini	audacity.exe
File created	C:\Program Files\Audacity\is-KHDQP.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Languages\da\is-06M7T.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-VCDST.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-wx-init.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-GSRTM.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-V306F.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-audio-devices.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-D9JT7.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-QNRJ8.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-lv2.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-graphics.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\is-P8OHI.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\FLAC.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-8N3UP.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\rawwaves\is-RP9GV.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-33PLK.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-GQIJO.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\modules\is-BER2S.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\modules\is-LFR08.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-command-parameters.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-math.dll	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-utility.dll	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Languages\hr\is-I0K2M.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Nyquist\is-VD0JF.tmp	audacity-win-3.4.2-64bit.tmp
File created	C:\Program Files\Audacity\Plug-Ins\is-5FVC4.tmp	audacity-win-3.4.2-64bit.tmp
File opened for modification	C:\Program Files\Audacity\lib-vst.dll	audacity-win-3.4.2-64bit.tmp

Executes dropped EXE 9 IoCs

Processes:

EXE_NETCORECHECK.EXEMuse_Hub.exeEXE_NETCORECHECK.EXEaudacity-win-3.4.2-64bit.exeaudacity-win-3.4.2-64bit.tmp_setup64.tmpaudacity.execrashpad_handler.exeaudacity.exe

pid	process
1784	EXE_NETCORECHECK.EXE
4144	Muse_Hub.exe
3932	EXE_NETCORECHECK.EXE
3196	audacity-win-3.4.2-64bit.exe
5016	audacity-win-3.4.2-64bit.tmp
2264	_setup64.tmp
4484	audacity.exe
2332	crashpad_handler.exe
692	audacity.exe

Loads dropped DLL 64 IoCs

Processes:

audacity.exe

pid	process
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe
4484	audacity.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 27 IoCs

Processes:

LogonUI.exeMuse.Service.exeMuse.Service.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "124"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	Muse.Service.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	Muse.Service.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	Muse.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	Muse.Service.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	Muse.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	Muse.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Muse.Service.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575864768881716"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	Muse.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Muse.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	Muse.Service.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 22 IoCs

Processes:

audacity-win-3.4.2-64bit.tmpaudacity.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\OpenWithList	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open	audacity-win-3.4.2-64bit.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\DefaultIcon\ = "C:\\Program Files\\Audacity\\audacity.exe,1"	audacity.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\shell	audacity.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project	audacity-win-3.4.2-64bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open\command	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity	audacity-win-3.4.2-64bit.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\ = "URL:Audacity Protocol"	audacity.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\DefaultIcon	audacity.exe
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\shell\open	audacity.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\shell\open\command\ = "\"C:\\Program Files\\Audacity\\audacity.exe\" -u \"%1\""	audacity.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\ = "Audacity Project File"	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\shell\open\command	audacity.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Audacity\URL Protocol	audacity.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP\ = "Audacity.Project"	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP3	audacity-win-3.4.2-64bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP3\ = "Audacity.Project"	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\OpenWithList\audacity.exe	audacity-win-3.4.2-64bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Audacity.Project\shell\open\command\ = "\"C:\\Program Files\\Audacity\\audacity.exe\" \"%1\""	audacity-win-3.4.2-64bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.AUP	audacity-win-3.4.2-64bit.tmp

Suspicious behavior: EnumeratesProcesses 19 IoCs

Processes:

Muse.Service.exechrome.exechrome.exemsedge.exeMuse.Service.exeaudacity-win-3.4.2-64bit.tmp

pid	process
32	Muse.Service.exe
32	Muse.Service.exe
32	Muse.Service.exe
32	Muse.Service.exe
32	Muse.Service.exe
32	Muse.Service.exe
4736	chrome.exe
4736	chrome.exe
3632	chrome.exe
3632	chrome.exe
3068	msedge.exe
3068	msedge.exe
3308	Muse.Service.exe
3308	Muse.Service.exe
3308	Muse.Service.exe
3308	Muse.Service.exe
3308	Muse.Service.exe
5016	audacity-win-3.4.2-64bit.tmp
5016	audacity-win-3.4.2-64bit.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

audacity.exe

pid process

4484 audacity.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe

pid	process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Muse.Service.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	32	Muse.Service.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Muse.exeMuse.exeMuse.exechrome.exe

pid	process
2012	Muse.exe
2012	Muse.exe
2012	Muse.exe
3080	Muse.exe
3080	Muse.exe
3080	Muse.exe
4756	Muse.exe
4756	Muse.exe
4756	Muse.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

Processes:

Muse.exeMuse.exeMuse.exechrome.exeMuse.exeMuse.exe

pid	process
2012	Muse.exe
2012	Muse.exe
3080	Muse.exe
3080	Muse.exe
4756	Muse.exe
4756	Muse.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
3672	Muse.exe
3672	Muse.exe
2524	Muse.exe
2524	Muse.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

Muse_Hub.exeaudacity.exeaudacity.exeLogonUI.exe

pid process

4144 Muse_Hub.exe
4484 audacity.exe
4484 audacity.exe
692 audacity.exe
2900 LogonUI.exe

pid	process
4144	Muse_Hub.exe
4484	audacity.exe
4484	audacity.exe
692	audacity.exe
2900	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Muse_Hub.exechrome.exe

description	pid	process	target process
PID 4532 wrote to memory of 1784	4532	Muse_Hub.exe	EXE_NETCORECHECK.EXE
PID 4532 wrote to memory of 1784	4532	Muse_Hub.exe	EXE_NETCORECHECK.EXE
PID 4736 wrote to memory of 4508	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4508	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 3720	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4680	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4680	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2424	4736	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe
"C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE
  -N Microsoft.WindowsDesktop.App -v 6.0.9
  2⤵
  - Executes dropped EXE
  PID:1784

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2012

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe"
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:32

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3080

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecc61ab58,0x7ffecc61ab68,0x7ffecc61ab78
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5088 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5080 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2548 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5040 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1584 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4688 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3080 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4368 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1940,i,15461463248013479636,10653469464033824822,131072 /prefetch:8
  2⤵
  PID:2404

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte909ffe0h547fh4301ha1ffhab07f6383b19
1⤵
PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffeccb446f8,0x7ffeccb44708,0x7ffeccb44718
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,16295117052343129603,2370975099713758315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,16295117052343129603,2370975099713758315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,16295117052343129603,2370975099713758315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Muse.MuseHub_rb9pth70m6nz6
1⤵
PID:2580

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:468

C:\Users\Admin\Downloads\Muse_Hub.exe
"C:\Users\Admin\Downloads\Muse_Hub.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4144
- C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE
  -N Microsoft.WindowsDesktop.App -v 6.0.9
  2⤵
  - Executes dropped EXE
  PID:3932

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"
1⤵
- Suspicious use of SendNotifyMessage
PID:3672

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe"
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3308
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3308 -s 2724
  2⤵
  PID:3756

C:\Users\Admin\Downloads\audacity-win-3.4.2-64bit.exe
"C:\Users\Admin\Downloads\audacity-win-3.4.2-64bit.exe"
1⤵
- Executes dropped EXE
PID:3196
- C:\Users\Admin\AppData\Local\Temp\is-3LKJC.tmp\audacity-win-3.4.2-64bit.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3LKJC.tmp\audacity-win-3.4.2-64bit.tmp" /SL5="$3029E,14705999,956416,C:\Users\Admin\Downloads\audacity-win-3.4.2-64bit.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- - C:\Users\Admin\AppData\Local\Temp\is-AHSE9.tmp\_isetup\_setup64.tmp
    helper 105 0x4E4
    3⤵
    - Executes dropped EXE
    PID:2264
- - C:\Program Files\Audacity\audacity.exe
    "C:\Program Files\Audacity\audacity.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:4484
  - - C:\Program Files\Audacity\crashpad_handler.exe
      "C:\Program Files\Audacity\crashpad_handler.exe" "--crashreporter-path=C:\Program Files\Audacity\crashreporter.exe" --crashreporter-argument=-u=https://sentry.audacityteam.org/api/2/minidump/?sentry_key=37e6948db02f43ac856bf7edcbe9731d "--crashreporter-argument=-a=version=\"3.4.2\",sentry[release]=\"[email protected]\"" --database=C:\Users\Admin\AppData\Local\audacity\crashreports\ --metrics-dir=C:\Users\Admin\AppData\Local\audacity\crashreports\ --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ffec7b57e30,0x7ffec7b57e48,0x7ffec7b57e60
      4⤵
      Executes dropped EXE
      PID:2332
  - - C:\Program Files\Audacity\audacity.exe
      "C:\Program Files\Audacity\audacity.exe" --host 62913
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x52c
1⤵
PID:2964

C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"
1⤵
- Suspicious use of SendNotifyMessage
PID:2524

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390f855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Audacity\Audacity.exe

Filesize
13.5MB

MD5
5e021c4deb4f1481610c60ecea0cce07

SHA1
cafb70589a6322eaef72cf12e5997f46242fa4be

SHA256
3a6149735bda9300862e16241e48177ae695fa1feb87e0de4ce30f5b88a3c0a3

SHA512
ecc2a71f5f2c018978474835f60634140681c97bf2ae2b87bbd090ce056fbd29832b3dedcbcf04c55d7b454f23f6c38c94439a3c257bb1b82dd679af75ac2ebe

Download Submit
C:\Program Files\Audacity\FirstTime.ini

Filesize
14B

MD5
95e15c085988c0b3a0435448b51e2198

SHA1
696863b3211762c9f2eeda7882e34e808eee95ab

SHA256
29e4d55e0c05be59bcbc7606a5bdfb3dfa54db83624323a72abec6800b8db97d

SHA512
edcad00dc92d3a8b2ce3707c38079570a43a93798d7bafd031cb99864f6f2ec2ac8feaea13b4830062ff9346fae1ea03bf680a55d0d379a63e47950cee11f143

Download Submit
C:\Program Files\Audacity\Languages\de\is-T5B7D.tmp

Filesize
355KB

MD5
2a05b378db088144c235da02e7afd8b2

SHA1
3e309f5e61563e9072480886ddf1df1fb0b2e3e9

SHA256
149db97dfa204f360bada9efd01d62f045470bf1c93ee1cf63e3b8887faabd48

SHA512
90a61362672132ca2503ab31779e41ab8fd0ec72cd9b30c32d1ee4ebbb3594532ecd09a1b7056d95302ecada8b722eee7868477b720626bf0423cbd9f2d66b3b

Download Submit
C:\Program Files\Audacity\Languages\pt_PT\is-QL9F0.tmp

Filesize
332KB

MD5
f34d6f76eefa17b6abc598800a1cb05d

SHA1
d0650d012b7be1c98997f544b05a7d5784a61115

SHA256
20fb4e6072120a11788f54ff6a3d2faf181f3ae5716cec59377c0149aff2a392

SHA512
6eca6aef645c88ff0c3f49ade28f68e60bea4bffe3c0e1e6d82cbb4a2f97531d2487b8e493582d9d19c8f4c047f084d331d2f5390e8655b988d79fcb6a9e14dd

Download Submit
C:\ProgramData\MuseHub\Downloads\.dlcache

Filesize
29B

MD5
940c647206a3a291b2c78d4526160d12

SHA1
1bc882d2066faa02a3ea2ca82d8642c71bd24158

SHA256
83f49bb1bdaa530ee856e148336427e1637ec115496a5e70595376051834b4c0

SHA512
817814adf10bf2cf1b2140b20ef04dfffe770dd6b8bc51e4174f455643834c15ae70b0403f9d5583424e517e8bdcd641c5f8f4d8f4dbc8100d5d8e6f9d257535

Download Submit
C:\ProgramData\MuseHub\Downloads\Instruments\.instruments

Filesize
24KB

MD5
1ca041c15d5ca53a7513d3d284006b79

SHA1
d355bf9bcc7d56f33ba10a5cf0c569ad83bb4247

SHA256
fd898d51113de30fe5352cce009679e87e51d5a8213f85162f32a3cb7c423f58

SHA512
06c860457df4fb60991cb1f7761500cb8e7389895036c434b180073532427f565610cf65614d77fa4e49316a8076c0577451a5d30495f343b40db1bcb9c23ad7

Download Submit
C:\ProgramData\MuseHub\Logs\current.txt

Filesize
5KB

MD5
2815c752f9100ccfe95387d038f43b46

SHA1
0a0dc68dcc52942b4d26897358534e93742e5ebf

SHA256
af5dd9cfe9dc04bf1e5bd3fb5065518312b07b8a54fdf093580a390003e13d9b

SHA512
68d79a3b064b3d4c5de24deac136dd6727aec864709c39ff0642a0eae7a5bd304bdd8a73c8d5ee04fb210c69165478f64aa42ffc2166d8b9fd8b3c33b9ea1774

Download Submit
C:\ProgramData\MuseHub\Settings.json

Filesize
443B

MD5
88e76f41904d534a36dc1bdbafe1301a

SHA1
18359fab25536206e6ed0a42417c49a36134c217

SHA256
fe968eb1b766e03bc92ea5a6e4705ebdc8823a21a62e7f892f589bf1de423d7b

SHA512
994d365d1e07645798f8bd3ce83585a974452631e983186fac7f58b50c11c77c9663efd4e41954dfd91814bc590fee77f33a8ac6eb972c13ad37beb202b4ffd8

Download Submit
C:\ProgramData\MuseSampler\.config

Filesize
45B

MD5
9a7b4299f5924a5fcc3daa5bae5ec6a5

SHA1
ec8ab14a67caf1cc51dcc94b20f9422c3e8426c0

SHA256
bc7535f865c16f43bae334e4ecb3ae4ab4cf943064b3caddc74695e5ed476a2f

SHA512
e4989e53987aac8389d574440b08a4c033832ddd73b604764943048f62a6f81b229d51a17e660958d6f6f4feb7343a013e59f3e4b6e136a962b2d8bb28531e2f

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp

Filesize
8KB

MD5
06891e0ad7313b1b40b63281ed733545

SHA1
ada823bcb5fa767a26c733ad8180da30f8f4abf1

SHA256
b98ec549c14065c0d28e533a87d1d6316b3209290cab6fa2ca5761b107e27a60

SHA512
cce82a7f1f0c62588691ec450c96668c52b5186a4b55efb1215bc3326fa1dbcb410f932fbf348e566cc71a4aeaf4bc231abec16a59a5b34a56e89ca5dc5f7e43

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
278c3f7a12242fab69d3928eeb10567d

SHA1
3d83f43e9bd843b68a9e79124693823e022434f3

SHA256
24e3194a9aef95fcd9c9f890bec45969b48842beef2671a0bd1ef2870d113aa8

SHA512
2049a81daddfc53c5149fa3cb5f92e0e544eb1b0dff1022b63f07dfbc489507893dc8b831c7f29c5de87a1efc4181894f3f20fc3f794f85ff2d9f64b83a4b583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
c4cb2ce9a19c4dfa7810dd4bbd4d130b

SHA1
6f4e9f94aa49a5edfb62e57f8abf6bb22077979e

SHA256
a8cb6bcad008359c7e31a32868be5a7f9573e967d0d4d9059a7f8f85ff9073e5

SHA512
5cc4e918d57eef4ea72797df4918fb2c3ae5706d2349919d73a427bf585e1cd44aa65c6e5664b5c3fd97343e4b59210d3b03a7ce66b338b11999d044523d360f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
0ed6cfb8790b15cd4c35468118bf2bc6

SHA1
ef77d7c587b3e5396f80dc24a2aedab3aa4eddc7

SHA256
469fc9af90933b10418e7ec059d13143a5d2cffaf144c89bc4b486af46bd40a5

SHA512
f418f5c531ac62417ba69bb23e3ce203f8c025fff2142cec4639f7e05da76a6f40f0cc522fe2c761279d8804c5bfc8d68f890aa70436c65b73fe3b00479ba1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
193b48ed364384fe841a7fb72df5bfd1

SHA1
249823c695d6f154df01b3d4181ff744ed91d95c

SHA256
737758b33fe839aaed5a6c81c9d3c936155a79b3322148722891ceccfcf03681

SHA512
0a11c67a4db86b34d7661fbbfcf813557bc4c72ee4a4a1f19fa44b770d87df6a5a40a001c25c2917d46b4d2ba7039d66acf66d278fcfe5334f14ad4985f4209f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a60f57b1a4dd4349ebe01924b446d386

SHA1
32e5cc359ab2d0113d3b4d2de018589eeb8af4f2

SHA256
35beb5b9a200f3ec81c6ccd5887c69a83ab074a4ea789bb5214b707ea97b3fc2

SHA512
36906185871adf94e455fafe24ba690a876e6126f1bb58d9bf15317eb6607e51cc1efb7f5dc04fe20964f8ed020413420da047f7f21560f1d4089437dffc4f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
10b1679e557edae90660afeba414c4ae

SHA1
b24a7ea4a66f0c05a34c11bdfb6b5a76ec5a0cc0

SHA256
9213bf6937e06ce9b37c67f460ffed93802998cf1a105e4b96fc1858c4ff8c2a

SHA512
617ff8954728b61f8471ebdc068ce252ac83ee00cb0e68410916d8efc06702ff5013880d30b7023f720a15a807e38ad442f6d02cbf05ad657acd344145603fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
88ba22a153519dbfb0edeec4acb7b5ae

SHA1
35f20edbc7306904f966136018297c8bd86ae351

SHA256
6b8da190a3b9a17c670b2682255a8dfb3e4591171abdcbab8dd01a05212428ea

SHA512
254219f2f115f642b219d9f16b89665f9395d2d1b08da4aee67616ab35897169427bc30adbf920ca551bbbea0b884149e21f9040d5c0ecf7de79801b1a4dfda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
ae07e02562003a37038aeadb27bc2fe5

SHA1
301429878880d1315737bb242d83ade2c50b5689

SHA256
d1645708e84d1da6a272537a90b4038333c21d8ae4db933097d37c5b23faa1a4

SHA512
4e5590703a6527a5a0bf61c5df1db510a8eaab39b82deebb6b44d89f714bc94419c7e0322c932b46e060cbced527ee75d0ec77412555180161bcd72e51759a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
dbc237e4836442d6238fc1e55a1f2575

SHA1
5e266cb365c60c7641408c0f7b7a85a24cd81b9f

SHA256
3a716809ca28ed89824255ba4449063795a819c9ca34396e98409c7ea488b817

SHA512
a0590e89469077d0bef50ec60bd169cd2f4b72fd24a92e3e2b20797dc27f9959f01cdbc66cfc6634207b6d30a9eb5aff9167281082b3ce3113e104e1e78bad82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b36367e5590a2f058f3a49125691392

SHA1
fb903c9fe4d7d551f5ffb6de453cb8f73aabd3bb

SHA256
64cd8e09981d0037d8ed6fee22c936e018e8b0315dfabac06ddd0d38a8b898a4

SHA512
0779431b42eef5c1307badc20fa3139494886e1a35ff44e5c90443cbb46c65b11d216d15368e06a52970337ff127f32fddd10ee0cf784807ff1cdcd143293184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
34ae40506a76d8ee674b7123a15a550a

SHA1
e4e742fa0838dae0397fcddb9389a9396edf97af

SHA256
ca9a09614ec30581daaa4f4d4a9c9b77a36ec0cb03b05c66d762ddc3888c351a

SHA512
e730e4b3614ccfcc5d6fff1af5c1ca622c0670b62b1ecbdc8510aefdd84f002e6457800896d639b104f2e71e95fddfbd951051d13307ceb0bc285ea71a35b454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
14607d44ce71eebce58459eecc76ffcd

SHA1
3ef7241ec94d31945345bc0fee3d07cbf34fa927

SHA256
bee122ce693a5504422f586c65ed4f1dec0b1ba032f1d95426ebe251754eb05a

SHA512
d47467370d44934bed6fb104125243be38699c62e08783b7f4266b06a2b49266a93cadb5d5676538251a9e8f8958d1ddd2d931332e1843a943783804d1a7a857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5fe227701ae443da5c54673fbb4c2649

SHA1
2409ad0e2dad6a33440a82dd1fd9ab80b16c020e

SHA256
1f40845f8452391ebf4bd9c4e4f57b9ac7989d59c700122607f43cfc3a670664

SHA512
4b7dd8d826c76d351ec442154c73c0f6c9308309944bc977b8a46cc9ec0a78f4c050aead83b0e025d9dbe712834a9a927d3dc8e1f35439f00ffcb5e214200283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9e561f44d25117689a703f5bb95bce59

SHA1
3efba5c708157cf3806c44c0b1c7b60c650da9b3

SHA256
e584a15c83c8234ffb4fd19a64778f3d4a9d9c1326bda05cdd0910f406e83ecb

SHA512
00fd6abd1b6e266d3dd672960e935e06a5a3d2747e0205e83544647d99b59b5b2789f056681024eef7f2764862bba0d6cbf51f07e263533f68335d198914df79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
89ea98ff2fdcde29e2a5d32268cf8ca2

SHA1
63fc54b518f4af8259da59bb7cf1197cece2eba0

SHA256
9ce12a89c5f938f6b3ae993310d1a32e10886b9b6d2f1a1de96afa641e5d18e1

SHA512
57d5f780c8b70f922aa185e80801e2b776a0d2273a506f00ae8b5728fbb836ef74436a6cabe6fca7d61c11f67bd96ffba6d550aa648ef9a71808881f9f72fe4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5acdb1.TMP

Filesize
120B

MD5
cbb7df2c2aeccd4ab3dcf5e70cf294ca

SHA1
8fe2f033281f6f7b69909eaaea7ae09778871609

SHA256
6ce8b5193de0eb499bb5f57b234a92bb030236d26f09005fce59d834a560582c

SHA512
9006a2239728818fabacbb86deddf80a7ccd53d3668a4429f9fa397eea21cca6cd1229b4faf494b3063bfe5c3c731ef59f4ade232d3cdb6908b8366312c7ad53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
8bffcb193775b4e3505cefb114fa1bde

SHA1
e9922c7f767364b3268041352c1be636301eabf6

SHA256
bb39e6be50ce6e137ad62fb085ea7b8852a53d67e0401c5989951e9ddcf39a54

SHA512
1ec7edd0e997e075923922c7dc2defee094addccb8202109344606c3a56f39b218cb75a985904a2cf9e2bb39e58511d7885233d8d9ae109a500dccabd3e648d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
d8574c32303f1e5d6dffdba045db024b

SHA1
1c7a26c4425e568ca73c87f16271133ffae22e97

SHA256
8fd8e7819e9fa9e4207d0439cd995f39901102aed197cedd594b79f331861596

SHA512
19bcc7ebb083000600a3e5684b54bcae915b42506d5bbba9760bd200be23c440e507f913d113d4b07ad9d0f9651bbb961bfcdc1eddd990be9274e7f15ed61620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
6e89a1757e20ec528a0cf82abeca8ad9

SHA1
401bfe6b63dc3c1913e6089f45cec980b8c0bc74

SHA256
3e109fb923759596275eac88c02c576b2571e6f049646710da5deae752d00d30

SHA512
435371984a70ff2f986f6650000e170e8af38ad3d0ba4d3eee1d8d5bc77984b910ebf0506b7ec0c76a92915cb9562d89a126cedfc65996cbb275bffb8ff0e2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
22fd8668493a5952a0ccce02477cafd8

SHA1
7f12b14a0de36d3fa14e37776ec8bd16b5689b3d

SHA256
f34ff8b438fcdc0ecff106568f4684192690098b2c6b7425c6987075b1354512

SHA512
716f63da19b8536f10a8e98c3aa242ec827511db5d23bf577e012c92abd3f02817497e6607e368b5b9b9a9852b3a4d7b032be7f3c10d918d33919123f10d4c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
18a0a38f5ab6f6cf378476478d36f4ef

SHA1
10bb14542c3a0be607e390110826c539ed09a7d8

SHA256
389e1b31724786ed86b3668fae60d9061e985c8fcc5b40e18a987944ad54790e

SHA512
b6f637f0294e2c467d10cbd340e036db8cac3d1a3db197408157486122362242108cf2f0c795b261027ce3f72e56d1a454fc7002decd7c9d22354d7ed5ad27e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c4a30.TMP

Filesize
89KB

MD5
4d0ddd7b333c89eefee48342b83dbf89

SHA1
d2ed2705da1bcb4f2ca7119f1d3d2dec0be93b08

SHA256
1347a16f838f42b3f360bf55b6d69cb2f68855393f359a1db13a2f5dd6a6c957

SHA512
06eec9af0c5d8f3fcdd51166c381216e147d4f6eaa612bd96331027ed67c6c3aec4c6039a16d732095177e0296b6aa595c9dfd9c2a9591db3388cc4ef165e6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e67753679f341a2e274311c6282e70ec

SHA1
2b30785919aa049c09c6deb04fd8a2010de8f3e9

SHA256
7f5040d3ad78264550ce6b34b42828e495f8313a667ea6ae91becab8d0d2030e

SHA512
97d70d55db1cee983a3829944e7b32a794919b33f6c28e4edda67bb1f1c9503c38ef26291c95b9ccfd82ba78f0493d943813dc83a5a0f426a5d616dccdaab310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\AppCenter\d0b5f3cb-b98c-43ee-b798-bd11783bb367\Logs.db

Filesize
12KB

MD5
ec23fe7868e842c0b6e13a1afe4fef6e

SHA1
7b44849d35f3d43bc1be173f8271a9196f6d20f3

SHA256
8d1ad9ec4325a8431faf8ce9faf0171f28e5bd5e652f935c59efd0d5343a5c8d

SHA512
365a5c7b8aeac7a6cb80d694501681cbb522a9d974f92efad5c961015fb6703eaa8e1dce17940aa0c7e31a1edf70927507626a2c69cf13fe9929eae576335f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\AppCenter\d0b5f3cb-b98c-43ee-b798-bd11783bb367\Logs.db

Filesize
12KB

MD5
3f98e8bac51dd063c36f551ce5933185

SHA1
9469dfaa01cf0bab80badd43c6d01607dc9f4cc1

SHA256
f0c8628b8a70a546d9031b275d45116f911fe9b9fe20c18b1aa79280be8563d4

SHA512
c77b7db70fd6a7cfdae3cc63a0e7005be041e853ea41ce00e39a44de17133c9f2e4f3b4d103ce99e0032c30d685d1cafb5953b6420459a08a41652dce4c45bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c81a4a4f88768df5aa7436a1b9afa64a

SHA1
c4b1031516844514d7fdeb85d363f61a5e8476c3

SHA256
4612503edd7d8e7acf91f9fbee36b332920b7ee8b8ce9518c4eb3d784bd04302

SHA512
bfef511e21ec221e94a9fa4c9f1a0b9b9ae6a36f2ad11bbabdca2d2cf695ae87a4a0fefba9b220c7032d98fa5ca6cf19a9240aed7b0526155ed0db4e6dfa669c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4b51ad9f72b83bf41de7fd4694d67245

SHA1
6d630cfae4d67b2cb43892c9f8786cec74c8ff10

SHA256
53618397bdc7876877825ebaeb5037e5ce94c02739ffe2adce2f499c82c1eaad

SHA512
3e93c1e8e9f8fbfcdb46eaa6214d358a16f9cef528efc1526443ed4b570df6d86726bfeb895eee2dc40b4eaa4de9f6ef621df1c16658708ada54d77fa4a179f6

Download Submit
C:\Users\Admin\AppData\Local\Muse\Muse_Url_y1g3x15nuysbi5vd1kytm3liz5eysqbp\AppCenter.config

Filesize
199B

MD5
8fdfc50a52282655338ea1d628a272b8

SHA1
9575acf2f091d4ea9c4c042f93b3010de071ce20

SHA256
c50e2dcc6b751f89335abf1b5ee8c5b7fcadebbeab97c29e13a5ffefad8d1198

SHA512
18ec1b586aaa3947334b51bfcb39e5626d6124da76fd1fba03a98b65d484437f1624a944e939e6ae698c8acc713872956d33415b2f64cd25139e9d1c7c0accb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Muse.MuseHub_rb9pth70m6nz6\LocalCache\Requests\home_apps_1.0.2.800_prod.json

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Muse.MuseHub_rb9pth70m6nz6\LocalCache\Requests\home_apps_1.0.2.800_prod.json

Filesize
2KB

MD5
d4687bf20a43b340da98b9542d8705e2

SHA1
150498ef520dfa6c2829aa14fffd76613c162bf3

SHA256
84e45fc00961c2f422b7d52f735ae0d557fcc5ab7fc21720284c3b99b4bfabcf

SHA512
d2bd713f8bd1fb533f10627e1317d8de0a50bd8874155461046abecd5c22b94df8d7cd3a0a4654f782d2c714fcdad7c14be7266c0ab6bd7515753156d37fe0d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Muse.MuseHub_rb9pth70m6nz6\LocalCache\Requests\home_hero_apps_1.0.2.800_prod.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Muse.MuseHub_rb9pth70m6nz6\LocalState\Logs\current.txt

Filesize
4KB

MD5
466f40b90c90b6e6a55756915e9485ed

SHA1
ef06c7965fb0a1a8c50bc24887ab72d674b4220f

SHA256
fcc1dd1e4da29a82f583a14b710d324a813e70a0f564f442c33c03b2a881c526

SHA512
fd993f0879dfb25f4e05875b7be03056dc5deab0feb76c94a5f51cfac9e8b346c925b0fac6cb36e335488f2abf3548c7efa750c433eea9dc5731445cca264052

Download Submit
C:\Users\Admin\AppData\Local\Packages\Muse.MuseHub_rb9pth70m6nz6\LocalState\Logs\current.txt

Filesize
8KB

MD5
aeaa0229b3dcef8c7459d1e128c15b33

SHA1
4f48ce2800b5f6efe5400e095594157af4ecc5fa

SHA256
4dd213d5a34afb5b3426d19da6ea02120a8c193080fda416a4723d4b74fa1f66

SHA512
b31c0efc761a86fb3d104348909915ddb7caa92b894ac8ef7b4001c4a6460f12c94481dd3a76292ab1640b14d7f6c55b64a2407a76294125e4ba744206c174fa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Muse.MuseHub_rb9pth70m6nz6\LocalState\Settings.json

Filesize
45B

MD5
562b412a2e8f3eb12aeccc624ea7f5e6

SHA1
1783851eef9cfa6b3156c4b1fd678910448a75c4

SHA256
30368e7b285063a5ff0f84525b4bdf2b059f04e9ce003e6f1ef239dba4ffdb89

SHA512
4fe70f932fdefeaffcdc5a406a33f73307eff279f71ab155575ac6f9bdbdda837ceda1dca70ac8fc1b0244617dc2adc197c6fa822dc7beda320cd02a6b669eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE

Filesize
142KB

MD5
3dd50757e38eed3ac598debec6936915

SHA1
ac54862b4de18850d111fe7e08a075f0e812cc89

SHA256
8d8f90ca3adc53d7862e82c72522674d4fee14d2b08566d378e46371d5db7f2a

SHA512
ff84fddf871f660b2b25e7f3b93ab01140d787a1fb167454cadad4e0eec25fd0789afee6bec3dea09de34343de7d3c4030e1282acddcda02e9f40784eb8aea88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\Installer.log

Filesize
257B

MD5
ed00d9c804daa3237e368f34fa5b3154

SHA1
1bde666b05f9bacf83fe015a448c21fbbbe21b3a

SHA256
656b96d4a217452006ce05eacc7924cdb85e5c02cc6f477c7f61ee6f54f11c0f

SHA512
1f438121e64faebaf53c284eb196c32406af3b3042f1994e62d55aa4d196a1299e136b71e71a83f37c6b958725db0995887a67f26ab46ee72b01948ed67f5d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\Installer.log

Filesize
1KB

MD5
0e9d50e17cae87a9f261a9a9fdc18113

SHA1
511ba094245f0e3e49870e63fccdc3030096e9e1

SHA256
b49d9b158abc89f0632571375c5c2de2f025b0011c7527c02f3f65f75d46bd86

SHA512
92c4b47d81755398108ac4b78ebe0cc77b1ff930e185bbafcecc11e92a3bd13bf4477ff57185c89f3d6afb8fed492c84e6bccb3f71a64d6f4f52d7a429536b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3LKJC.tmp\audacity-win-3.4.2-64bit.tmp

Filesize
3.2MB

MD5
0ec2f9743e205f176351957d3cd2958c

SHA1
a10e03f0587da963dad50b56472a968b5fcccaa6

SHA256
7611759f31404a0bad9a5d50d40e3f26ded4425de716ea86bba3d45ccb66c0b3

SHA512
4f8d5f7c96e0e9a1347a9a1c7e46af1b05453b9b8c766a82aaf475dfc9cadab844cea3a0e7c5957fdbf5772509c95f7af3d41ec035370c4c146af02b8fa07aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AHSE9.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg

Filesize
4KB

MD5
e82e38abd93f48f3d31ec8cb70edff76

SHA1
90ac66aeaa9eb69c773e2a03ac3487a70a919002

SHA256
298dc7127c8f59d71cb4fc4c9deb26f97caaf12f35bfb59d0e4de57b22bb1840

SHA512
179d3009e3b3607c7daee3080ee7308492da2e81dcbf7141616db389dbbccebc14dcb36a219fb11baa9d1e3333de4f127d899ce4d4963cd40685df2a58ac999c

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg

Filesize
6KB

MD5
86a68cb0119b21e8d006f27c87f93e85

SHA1
a053374eedc213bf1fbad1d4d4dcffcabb22746b

SHA256
44138a7318bae380738479a47468fd4d077a8f1fddb35ca99b516369d1a01c74

SHA512
baae6565e7660e8897726a6075096ff73cf0eb49aa77df5da415664aa884e0092f48605ec1725a45ac504fd2f6154328895009f0bba24685c35068cc7546ab9b

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\audacity.cfg.bkp

Filesize
1KB

MD5
8a98fafac77542b0ed286c6e7105b617

SHA1
41b653599cc5259d819291eded15b40268bd893d

SHA256
21b8f3a3a008bb5819757283b597351401bab3c40dede32a1b36f6f860bf0a15

SHA512
25d76e8a8727395c88d4bb83a21f464bf1e26d8a01a71b55ccf280757fdcba68f7cdf7147780b5185cf33a09e37f1bf83838e04362576aeebb60bde79462dfc0

Download Submit
C:\Users\Admin\AppData\Roaming\audacity\pluginregistry.cfg

Filesize
41KB

MD5
971a5349053b479e75f811f013473500

SHA1
49e896a7e39e24fb885f79a6d44e111b39a69825

SHA256
9046e0119f406d7e3077a9b1db8f1b6dc9a6f83419b11ac4b561c236ac925281

SHA512
3497aa4ee9d767907047ad9222b2cebdeee1a22a510d037c64c03dae2e9741ce7caf9d73f38e3cf3143c9b8fd6d3243ec746903a0d4a738088335d4a982c26cf

Download Submit
C:\Users\Admin\Downloads\Muse_Hub.exe

Filesize
38.2MB

MD5
113b0b7cfcaf7b11d541d6860534ce2c

SHA1
443a0f24974652fd2d081b952061a5e0f386e71a

SHA256
0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990

SHA512
78f09c46d202d73194f7c648effd03c250a20dc280e07bddb9380128c6077ce86d78da1ce22be1fcc14024a09aa35bd23f9288f1a650d66233b21ddaaa93c9e4

Download Submit
C:\Users\Admin\Downloads\audacity-win-3.4.2-64bit.exe

Filesize
15.1MB

MD5
dda7cce108c6076089c3e025d2e64bf2

SHA1
4307ba2ba0cb46a737ae8a8c83425cdc9b55e56e

SHA256
d7bd5ae775db9e42da6058da4a65a8f898a46ce467d9f21585084566213c36bf

SHA512
17fa6367d02c8722234fb3a986b2b516c4ab29c565a275baa71d28003abc6d3e4524a85a362a867382d470140db167d82cc3370e96df2fdd9afbbe85ac08d053

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\9bb3edd8-51e4-4173-84d3-78d81cd2ea2c\Logs.db

Filesize
12KB

MD5
2ce9365b180abe57f0dd5e95c527bee5

SHA1
4e6485ee4b718b2d9761c6808b37f06340820edb

SHA256
364cc9e37c3413ca4324d92524d615f0f00fb3df7d3812e748228cac16a166b6

SHA512
41805fd44ea72647eaa9f47da2c4944e8f091892560c2a36e63f04a05cfe3e9bac539778d38c2d822a80a2c1320dd878a9d83a619864a7f9cd3ec29f73a2ab11

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Muse.Service\Muse.Service_Url_zmbqaeottvmi12bkaynsf5cuhyatvbia\AppCenter.config

Filesize
199B

MD5
f3cfd24c02df9f2b5522b0210655d445

SHA1
9afb55afaaf13578f068acd2632d0e6a26a416fd

SHA256
212fd3b971a7b5a40245911e25d33a4868f1a6a236f0c16172efdc5de12cf2bc

SHA512
0ccdcfa660dbdb75840b1d92d15378cf1acd6e85414a547f9750cbbcfa78481892d42f902e11356a9f4667e59df19d4bd08e51316147abf5781ed1fb9564543b

Download Submit
memory/32-47-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/32-652-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/32-91-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/808-696-0x000002609AF00000-0x000002609AF01000-memory.dmp

Filesize
4KB

Download
memory/808-691-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-702-0x000002609AEF0000-0x000002609AEF1000-memory.dmp

Filesize
4KB

Download
memory/808-705-0x00000260925F0000-0x00000260925F1000-memory.dmp

Filesize
4KB

Download
memory/808-697-0x000002609AEF0000-0x000002609AEF1000-memory.dmp

Filesize
4KB

Download
memory/808-717-0x000002609B030000-0x000002609B031000-memory.dmp

Filesize
4KB

Download
memory/808-719-0x000002609B040000-0x000002609B041000-memory.dmp

Filesize
4KB

Download
memory/808-720-0x000002609B040000-0x000002609B041000-memory.dmp

Filesize
4KB

Download
memory/808-721-0x000002609B150000-0x000002609B151000-memory.dmp

Filesize
4KB

Download
memory/808-695-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-694-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-669-0x0000026092D40000-0x0000026092D50000-memory.dmp

Filesize
64KB

Download
memory/808-699-0x000002609AF00000-0x000002609AF01000-memory.dmp

Filesize
4KB

Download
memory/808-693-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-692-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-685-0x000002609B2B0000-0x000002609B2B1000-memory.dmp

Filesize
4KB

Download
memory/808-690-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-689-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-688-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-653-0x0000026092C40000-0x0000026092C50000-memory.dmp

Filesize
64KB

Download
memory/808-686-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/808-687-0x000002609B2E0000-0x000002609B2E1000-memory.dmp

Filesize
4KB

Download
memory/2012-68-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/2012-67-0x000001CB52F90000-0x000001CB530A0000-memory.dmp

Filesize
1.1MB

Download
memory/2012-39-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/2524-1542-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/2524-1547-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/3080-81-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/3080-69-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/3196-788-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3196-780-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3196-1313-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3308-759-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/3308-936-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/3308-1580-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/3672-777-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/3672-751-0x00007FFECAD30000-0x00007FFECB22E000-memory.dmp

Filesize
5.0MB

Download
memory/4484-1311-0x00007FFEC2530000-0x00007FFEC2FCF000-memory.dmp

Filesize
10.6MB

Download
memory/4484-1309-0x00007FF60A4D0000-0x00007FF60B295000-memory.dmp

Filesize
13.8MB

Download
memory/4484-1308-0x00007FFEC2530000-0x00007FFEC2FCF000-memory.dmp

Filesize
10.6MB

Download
memory/4756-82-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/4756-92-0x00007FFECB670000-0x00007FFECBB6E000-memory.dmp

Filesize
5.0MB

Download
memory/5016-1312-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/5016-789-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/5016-786-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads