rhadamanthys | hxxps://www[.]dropbox[.]com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School[.]zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

Resubmissions

22-09-2024 09:01

240922-kza8zs1gph 10

22-09-2024 08:39

240922-kkh1aa1bnh 10

Analysis

max time kernel
371s
max time network
372s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2024 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Extracted

Family

rhadamanthys

https://147.124.220.233:7843/0a493f164c8de167e156e/s2u8lic7.93tn6

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs

Processes:

Revocation of copyright for The Music School.exeRevocation of copyright for The Music School.exeRevocation of copyright for The Music School.exe

description	pid	process	target process
PID 972 created 2672	972	Revocation of copyright for The Music School.exe	sihost.exe
PID 4580 created 2672	4580	Revocation of copyright for The Music School.exe	sihost.exe
PID 2616 created 2672	2616	Revocation of copyright for The Music School.exe	sihost.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exereg.exereg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint"	reg.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4856	972	WerFault.exe	Revocation of copyright for The Music School.exe
5044	972	WerFault.exe	Revocation of copyright for The Music School.exe
4956	4580	WerFault.exe	Revocation of copyright for The Music School.exe
1224	4580	WerFault.exe	Revocation of copyright for The Music School.exe
2500	2616	WerFault.exe	Revocation of copyright for The Music School.exe
4656	2616	WerFault.exe	Revocation of copyright for The Music School.exe

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Revocation of copyright for The Music School.exeRevocation of copyright for The Music School.exeRevocation of copyright for The Music School.execmd.exeRevocation of copyright for The Music School.execmd.exeopenwith.exereg.exeopenwith.exeopenwith.exeRevocation of copyright for The Music School.exeRevocation of copyright for The Music School.exereg.execmd.exereg.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714693399437208"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

chrome.exechrome.exeRevocation of copyright for The Music School.exeopenwith.exeRevocation of copyright for The Music School.exeopenwith.exeRevocation of copyright for The Music School.exeopenwith.exe

pid	process
3352	chrome.exe
3352	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
972	Revocation of copyright for The Music School.exe
972	Revocation of copyright for The Music School.exe
2196	openwith.exe
2196	openwith.exe
2196	openwith.exe
2196	openwith.exe
4580	Revocation of copyright for The Music School.exe
4580	Revocation of copyright for The Music School.exe
4084	openwith.exe
4084	openwith.exe
4084	openwith.exe
4084	openwith.exe
2616	Revocation of copyright for The Music School.exe
2616	Revocation of copyright for The Music School.exe
3436	openwith.exe
3436	openwith.exe
3436	openwith.exe
3436	openwith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of SendNotifyMessage 58 IoCs

Processes:

chrome.exe

pid	process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid process

4156 chrome.exe
1164 chrome.exe
3704 chrome.exe

pid	process
4156	chrome.exe
1164	chrome.exe
3704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3352 wrote to memory of 620	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 620	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 1468	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4840	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4840	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe
PID 3352 wrote to memory of 4380	3352	chrome.exe	chrome.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2672
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb70f6cc40,0x7ffb70f6cc4c,0x7ffb70f6cc58
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4844,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5240,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5384,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2376 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4016,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5732,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3304,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5964,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6084,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3232,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6096,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6080,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6472,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6636,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6744,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6792,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6344,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6348,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:376

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2208

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1992
- C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
  "C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 464
    3⤵
    - Program crash
    PID:4856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 372
    3⤵
    - Program crash
    PID:5044
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2400
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 972 -ip 972
1⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 972 -ip 972
1⤵
PID:4944

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3580
- C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
  "C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 440
    3⤵
    - Program crash
    PID:4956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 436
    3⤵
    - Program crash
    PID:1224
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2404
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4580 -ip 4580
1⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4580 -ip 4580
1⤵
PID:4768

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2696
- C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
  "C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 436
    3⤵
    - Program crash
    PID:2500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 432
    3⤵
    - Program crash
    PID:4656
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3224
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2616 -ip 2616
1⤵
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2616 -ip 2616
1⤵
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\31f20ef6-6aba-4fb1-9f08-6d84a0e588cc.tmp

Filesize
10KB

MD5
e1b35557a07370a62a09fc06f882725a

SHA1
a4a4c0929de085bd758ed96f4b3629434fa4ba33

SHA256
9bb80cb37e90214e0bfcca2b26cb2584e32b6238996a43ab46a5a1e428e1ef64

SHA512
6afe265effa2edcddab38a7b88644a89ffe78d530e46403c72852829be48de24df663287d4c9d2ef98839e446ed863b7f6a1bbde89f33d20ede6abe88b942d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5a57fb1cf49deaa2296468ba98b77921

SHA1
2f6bf2d3f75a44440e8069cab98b89b4f54e188c

SHA256
1656664f68c7bf41f9b77b061da3414d1e54b4d7d9ecb98115e7fb55e0e9832e

SHA512
500a443cbd43fab4b4d88b95187bb056f5cda210e0c93e6e2e634a5658883f4b9a5d46ba0d9f5e2389a4bccad70cae787246add531b36985d7ae24ea7ca6a5b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
90KB

MD5
48743a670fa866d07b162f046726b2ec

SHA1
5f180be674c56c4519f531f0796b5b958c20127c

SHA256
9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966

SHA512
cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
78KB

MD5
ad53a6597d77a7fa4bba74af404a5627

SHA1
2316afda7f86ae61220e5f804987ffc90d8e5972

SHA256
fa12a613bc086a19f2303d929a6943da8b8f3f75e2047df01040a2703bdda485

SHA512
d18a0bf3710d36efac0fe7d83e660214293e099c0b0cefa276df14cdd1512b2791a12bff01b45ae19499a9957228370f19b20dadad8ed5bf084bea6a0f331ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
94KB

MD5
15bfb0394e5bae8d693e743337bbaf6c

SHA1
663b7b8dacddf432ead620d7fab8629c5c50eeaf

SHA256
efafeafb612d3745d108ee70cde4a17127db8e334e29bcb635a148793a6a5c87

SHA512
f90894e9130217f34f9c40b27f45fbe1eddfa706e2aead1d99963fa522e036db744650d3c81f3b2f3228d6a3c0f324267b8d8ceccddb8e20842ed125ab893276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
1.5MB

MD5
fd91b53c4a62878e592cb2cbfe909e11

SHA1
1ca9a8865efb94e1d6809cb558acc5f59f95a5f1

SHA256
a2903017ae6d8a2e02f2205df637ab5f1a99401b4ac668ea02762652b95c127e

SHA512
ece89edb4ceacba51f091cb137fb1cecd06cfbb3f0e11659a89d20a0df80536046c625ba850c08570c70f090b6f77508c2a21b23c092d2df301f128f81d95e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
28KB

MD5
0cf073ce762780b25ab047b7bd97a1e8

SHA1
be0c7a673506bcd55bf1822c764221ed40030ac3

SHA256
5612e9131414c70749cd41849fc05f52803ab4638eefa88edcab8719c2816619

SHA512
7dac21665988e09c74ebdbf85da4a69208cc167e807056da03936bf5899e78d4dd2b7e2ce302fa559450c9df33483bcec316995be19c8adcc1cbc46a67d0fa91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
96KB

MD5
5c034f6ea77c94cea42a2c6a104c96c5

SHA1
8cdd02dba48bfc9ba263c91fd7ac311783e50f5b

SHA256
9fb8530058b0477178e0290a2cce25c25e04ad0e3b86df0227f490198847b0ad

SHA512
dcda00fc9cd3c0371f7f482de17cd2ad4f73d83452dd2b6362343431e6410c94f051ad8acb3c9381c9d7588de48ab9ba4ff8fcf5f61777d3fbe29baf76b0d32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
36KB

MD5
e6d5b5fc3025ed5445db4405f1d80d6b

SHA1
703536f74a7b6132844c9c8bf8bce847105ffc6e

SHA256
460cc6876c723e6d7a174a0e0e0f3e136e3b332f2c93b56958ebb48608fad9a1

SHA512
9dd2d6df34cfa9528daabbf46034b413f08b2c27d85a5def6d30dbbce2756a3728999f429c37f8ac7f0b9924aa9f1349a53735506fe679509367c8319a2dd425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\033b1994e07850fb_0

Filesize
283B

MD5
387e60f0d6f2bf62b538149fcd876119

SHA1
e772b3634322a818bd0b34a3e0d489a67eef6ac6

SHA256
a61e77c922426a9e6e11262f4ee92adf44b7b4ed03b86e9be9ecdda5429e9769

SHA512
b67ea46bc8417d0edd9e1c757c5e338433d01738605dadec2c1abea50d9b31042f33da21822a7915709f0c9dc750bd86072db5e7e877b0bee66718c15aad9dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1787089cacbc2a76_0

Filesize
19KB

MD5
e949dc8ec31ea386987f7a7ea4b3be22

SHA1
0db875328d6da57d3bd92e0d7d06584fa1351e3f

SHA256
c30dc8dba37732d5a5228e7295d4d7e1fb89a93aa6d3052809f50e1912e1d545

SHA512
440aea48865bb657e1fd120d35abc384ee29b52105825d39a045f63a369bad3ef0c5ba9044ae012dd9e4f22628c8463b4797d98a3391e412a71db8c6a16beb11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
e4c54bb1fb23c8dcddbe7a8719b5048e

SHA1
affa4346014d0b08a03dcec35b3e51ab7044fc34

SHA256
5e7f72af4effd8e430690249dcb1c31bdef7018fc99225cbf6013de6854d19b2

SHA512
b5cec04fdbcef21e0569604c20d7d35532e133206946986a90d14ced0ee00a2f2a5038cd1f1ee697c43d370625677f3e27e3a5a8775b1b5ba142b18f32636add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b446ad603135dadaddd5b219d6efc19d

SHA1
e3442c5a3d29dcf387bb32417e5fb49dfd66b906

SHA256
093ba5ea80118b5c84c7393206e37f188830dd33eb35c4e886ccd7bc0b14dbea

SHA512
17ae4524ac5e82b8d8119ae71bdbadd91cb3afba87fc8308af4963f0377094db68e735ae6d3a427fedbc2ef63cd009e7fac4813d1392e25d553a8953a8ed4abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9bfb0392e2bbea09e80c7e777a8baedc

SHA1
ce042f92015fb21cd7ec305664647771b5cb7b2b

SHA256
8e8ea442059f0d0ff7d987513cba790a5578373b0e44f08897f132151093d602

SHA512
5df9a3b6178a78036d7143fb7a8d3dfeb3553af8271f39edeff35c020b9a268b339af99e1aa30997b793dfc6b890e9fbf8c9816ac3c106700de054fcfce0c0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
213a0b6a2af0a61588970ffb55ce25e7

SHA1
87b3803039b60a9efc6744b700d206124edbb076

SHA256
074b36e9e01ee6731150f89ea0e24d462fdbe06b7475c0c7cb2c4b05c89591e2

SHA512
7dc2fa9bc94f2a797425f15d886fb9968bb9b49c1c2b322a8125e23e3682abd24a5d05eb1a647536d9e737af8ae6d897ac0a2356fb7c9658bb80226c87ffd1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cab8f8074806fa29f74bd8f28ff27785

SHA1
de588c8d4271f34e908ed4cb2a63ebee53174ad5

SHA256
64b67e35ce1c35a5f44e535367b82df7b0a2eb6a66be91ecc467e12fa6e5a4af

SHA512
8394fe9f185019f459245d5405f9a0820f97b0c700bcf38d3a83d059e82c2bf2a1410bd1128fc04fee7d85d27347b7711006ad013ab35835b16637643761aa93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb832699216f87bfbeb63b3f23027a6d

SHA1
1de2066929569dd69cc490b18102323b52ea7f54

SHA256
7fc0e5600052bb283c7b9540ff8f8454b9f6dd43321c061d328c9209b514f338

SHA512
55e9057863204ebe981f63c1ada150a2f12582b78cff93f21c9fb14f4e8fca1bbd4133bd64fca47f5b635d3d97ec3e6181baa8bb4bcb89b5967c1091e21f9471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b3af959c4cbefc07bd79db39f5139ce2

SHA1
1b5170eaaae99d88b52a6732c91f4ef78c626c61

SHA256
d7a36b4acc03e63ec4e0fd6b610b996f3923d449af28c7ec122378caaf5411ef

SHA512
cbcbe426467dc9b40a7b059d8f4fec7373b27fe6191e20c969279e7d47bf250865441e3cce1bb7b57a02318033eb583ba6371a515dcc04a31b64ffbc1513afd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd56f163fd2be83a36f4ed95f49c1389

SHA1
6538c0accc8dd130546127718be8bbbcb051c76d

SHA256
592fa9f9adeee5ca5210e02019bdd71e6d0a75a5f81e2406b675ffd8fccb9c11

SHA512
95bfe156914991c578cff1ce1081d80fe52aea2d7415886c1467d46074780a08eb56af2e9b2d698ed413cde7a0f875026c17eaff50351312ce0a37d8f83328c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03b9611b840ba379432fa64d3a764e0e

SHA1
98df675800f60e641d50d0c6ae29803280dabb46

SHA256
cd6caf95377188f9703921ed6e5f8037150570fac93a9d285545913af99c8564

SHA512
0c52b122c940feac04a387244b5b6d76c134cf25ab7fd75595d3d9dbfa944e60532037154a76e1a4d865b83f47e36d2d0cca2882a48e9bec5b8d96a74d40beb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b5f73607dd4d46b5bdb364937ea58d8

SHA1
52d78eb3d1383e9c4286c6ddff59716ece93997a

SHA256
4cad6c94972d5edb1715859222dc8eb38c3ce4ba6f32ace5cd5db59f4643a5bd

SHA512
0898297b0d9ffde28c7d7d9b6cecd8605e30e696a3361e35222cb89440c5239e98c599683bef8abce924743bfd4d388e034ed97ea990248d1f5579023af5e3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89adc96373ad0e9d4b0359dc3f3800f7

SHA1
7b5b8ba2ea1848dff4fdc69aab4fc56d39fa8bbb

SHA256
dbcda4aaee8d8b74fff2a23c6d6b4cd187069ca071d63a384613054b48828838

SHA512
8deccaa7c0f2d5d932298d802f1863a1e53ceb8d0db485396f31e318e18df08bf783df73353045553e02735eadecaecf6d667af7daf696eca565dd178e3ee988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbb74ac15026d8a283dcd97a1a871879

SHA1
e4932ad575c82f83c016448bf5df42dbe650c8f6

SHA256
dc7b6551afbe1005432c99ec97f6046d47bbb746728c7edb3f506a6fdc40c0a4

SHA512
c6b720cf2ba1fa28011c2ef1d43c4c5af6d2b5cdbef4881c5ff0ed6dd74695070c9a2dbc09955da53841da7a0e9fbcbe35738f79c70ce803834b08016e0793d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c07ddc13f361a63e24965b09c99b8254

SHA1
b960d7bb872d893bab675c45b0d8b287eceb81bc

SHA256
4b0a3892158077109d1b47b74c4dfd0716facae670ebe2288955082a6d73f70d

SHA512
1531c7e3f46e96cbd36e27a181c48841d874b89db679263a4b058957450711555b4213b412159d82c6055b6de557e42ee47be4ee7dad4764eeb15e5f2c713219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27893f16036287301b9184307eea769f

SHA1
d51cd0766ce40eef5a4490ba0f3865e596d704a7

SHA256
e75d65008adc9eea346db10f5b0e0e37e6bf32cbebe4fd948b5e78772cbe19b8

SHA512
ec7cbf963e23db76ddedffb5146607d3aad8957217e2cc4bfd04f21993da089ed715370cbf4aa0afc4129c153dc6e2c42caebca247ec086e6d35678f99aa8307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
683736fc55bcb5cadb2077998682a751

SHA1
8ddc94324a78c0faf1e3bd8687d32dbc19d5ef0c

SHA256
4d04b8e8daec5f0ee4675340ddd519e9d85d1ec0b5e3158b923353800fe86628

SHA512
938de1bee7e985dab0c2080498b3079c2be0e867a3aad57cf2758b276a64f66b9248bd0eb478a1d08bd13892679df5632334bb0c486aa7e2fa8492fb8dbe937d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65043829e7a093e1f01de0bc881f70b9

SHA1
5884aa39639c5b94760aa8c278f1473b4844fec2

SHA256
b734f678ffd1ca416c96c9481b818fbbd1f1e693c3a3adf854e611170347847c

SHA512
a688a1552082be66db0e1562d9355091df719ffaccd114c9e79486a8cb5ccac716f5186a54d4d0a96a3907c2e2c9b49dc3a0224410947257fc7eedc0effd2873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8120759547cf1e60d896d27ada5217ef

SHA1
6ea5fb15e9014d0f53d222221ac3e148ad3b912a

SHA256
766f079cde25a725927e65a696d218e9c3f82bedde194ba99df13e6ee63051a9

SHA512
cb41de7f64161cc65b754245f67f0139684a70ea6b89c5a691db205f3741c42cabda8d20ffda51896263fff06ccff8857f50a1923fb99f08ced0312ea9da2eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcf7ec0f5c3e0865d915443a99b18f6e

SHA1
f0ae8e5c59d2edd349b37fd58e85eb291e04a84e

SHA256
dcec42f17235c9e9a464b9df8ea3e056f0643e3d14ed7743d9b5f13abf058107

SHA512
973d62ba67d8e40ea288e7be0d3a42b3dc02ea0ad0fe581fd81e491b81e454ce8d3e3d188a54ee75c24ebc28e916fd0d6b171260cba69c1d85fb09183830b4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09703913c389a80372549fd7f35a5b94

SHA1
046043bd5f6ceb5032a5edf14c4e0e12931310e6

SHA256
c244ab3d059285593c93e684a687744e66b8b6057bc6ea0c0402b9b15bae64d7

SHA512
796350248011eb3b88d5d6ddaed99e5734372072cd9dc2e9dedd6d5c3655634e57034948173b0cdc57b111759944c32c327094ecc594309972bb50dc18d6eb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b2fa6de40e1c0559a3d4cf047c3067e

SHA1
b3c68f7caf7f20c2dfe443f77ce4b9a91a2e26eb

SHA256
82af55e63f4b7a94b0aac7412b2b721a3b73052664a9dcbdfd6035850e768e8a

SHA512
82c67d38afbac33ec3ed13e92d113d67bf8fd93456df90993842703f7ebcf4eb2edc9b15207735b302d62d02aac2be54122495490675510f84952e68b509ff31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be4469038b1fcbb1334f82b3e17fca3e

SHA1
09e4a3f3287bd6ad4f7a21decbffab2a75a82291

SHA256
5b08c2263324cca43fc020253cf04fba32bda591fcbf8ddd0dc10cb2045392dd

SHA512
b7dad4aec864706f22f1a8bf247fb3448d39bfc14a0551358c45a8bce0d8edffd42f82a0e004d31ab55a5701e58303e338ae95af89f5e5679d587738071e6711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9496ef929ee89af5abb8d2394b981075

SHA1
cddd99178067959b2589a69e81eca53fcad09cb3

SHA256
c3ae9c9a17afcbd50dd90e8b6fa3e552d9eca26577a9e02563a52e1da30440d1

SHA512
29dcaa1146d5d149b2b499979f5d93e592e4d4c787eef9f0cb8a74506446e49c8ff90883019cb2428ee11eed3c67ec7f7f790a246cbc579897c4d8a07883ff80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bc50d11f914c2ff777ad0f6b9152240

SHA1
aa864763bcef012f2b1d4b1e6bbe1420d8200640

SHA256
44aeb97f39468f65f578b1936900ee6d595dd5d1e29cc08ff3ff09d664ddbe22

SHA512
c5ac41cc608504d8f83f28d5c568fbf430d6fe44fa4ac47f04525df5957d85028ef9bd8bdbe0349b378e01973abf630b79f98148b7081d01a7efbd76f79bb3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f75aa81fc6c7a9082fcfca5d6a8c9cef

SHA1
b3d5feef223498e586d646e1bf6b9fbe06ffb195

SHA256
b03e641f49a9da189b616a3663533ca1e57d416d2db606d78cd92c0d470f1e44

SHA512
8bb479f40d1b18f777b5cbf679183694aeeda1cec8b82e3850d8c3d559826e389018a9b59fba2a56f9a595ee87daeae437976c794f6f3690a24196271ee36179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad8f4220f743081bb9e5ed52fe77ebcb

SHA1
5cc63897f34c4d61620f5ba84617d3d2ef001bad

SHA256
75f4723e4668fd81d554a35d616d9ae609c1755b68bf4bd42e970e398a3a51f7

SHA512
7164e097d12a15ee3eb08544d1bfe4967e5d86f213457590ac23aa863967822da698471bf45f18abe050a8ceca6e3cf318793eca9697002b19201a981725a73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24770a01298ad2f1456c6c4cf4366817

SHA1
5dc34a78cc770a2a24cccdcfefb34050e2ad82fc

SHA256
5cb1aeba53bcf006320634c8c0985b41713ea029decd112979d2c4920f6b7713

SHA512
f79130a303a9a299df1f58d1bc2d8079e130b798325130f3a83864660679d166afa6e5954ecef2f26280ee098389d31775633b88e95c8b481a7936b37e67b41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
465bfad9973089e66e8bd60bb20fb878

SHA1
f5baf4013e7ead222b3e0ec9ec5ee7dd4661bcec

SHA256
9fb10235928fc69a6529a844e3f54cd744c3cf92abb976656c205b99a4b3a0f3

SHA512
666cacb4193275dd8afa80d4ac6d24a5171997352011c28ff7e892306d4043cf2d3c18548882cb644f55b47a6c227fb6deb6c63c9dfbcc45aa1efba743c6b28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a08bbea3ed2e8b033cace2e8b4e02a6f

SHA1
0fc42749f25a2e610b6641aab200f9462f9c3901

SHA256
dc58cf88428cac351511d01cbe4a4a378c685975ff73b03dc027bb3ea8d7df09

SHA512
262fffd93a13e3707881b4e5e0028de851a35b2bf3c3650737559af9bbb7645cc4336fec462469cc950318f6fcd503a89f1994aa04c3f4c0e8216a4464256ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e50aa1babed5acb6661e68996a915e65

SHA1
8c7e1e693fa440f744a42dce44601f104538b5f3

SHA256
bbee94f8012ad75d660385e1d48326371ae76ae7c4c1ec66ee637a4dc04da630

SHA512
ec8333ce20fa89e4a31f71e5874b99627cf877753afc7b40fd0f0d2019c951973452106040a1c0ec084f6814fa0494aff3943dd0aedcb4bf3e452db87499aa5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b32f8f0d2858ea458312e5d72aadcdd4

SHA1
0dbfdad688098f072ac4867df419e90372372ce7

SHA256
7f0189c0c49fa6d0a03487e2be8f9c13f4081bfa5b5bcb626d2e7a41c7430cf1

SHA512
ace85b2d674e60975aa945a8329a47e928dfe1ede9486a53c7a738131c3cd60c0349d373eeaa9b2de327bd964cf083f562b845727893ce58a8be1787ca1eb966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37cb6b6f13b6d26da36095f6f5cdd744

SHA1
388fb16248c6fcfcc4ca355724e3229c926b76b4

SHA256
5cbc6027c7e77179d307ece2a2267da48539e70ee5a0afddb46fb75ec477bdc6

SHA512
cd4343381820d67cbe8bd290f9c0f1c4060422c54a8b0e6e03073b587068686aa39ca6cb2326036cb4341789bbf41281e19d845efc1e8de1d4b9304462b12d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
067fdf8df1167c46dca808ae895bbf53

SHA1
1a7c58bd1f6dd32f1b9bf33def8ea895ef518d54

SHA256
1d53f0199eee8cda8a111c07fad1faf9664397f4c2c86fe0d567a15d58a98dd2

SHA512
64729f4ce6fd9f2af74fccbb4d46caf8624d16069425827c8d7888d506511ff12be13b898086e07f106bbf878a786658f7d546577f5586e1d711a0a5839e318e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
11b0da58c72a87cb4a00b536b3dc037c

SHA1
c0bd2a4bdbf7b6402949b121eaa108b646309803

SHA256
fcde76eaa6182a4b2b69871c1b931b74480c08b9fb3d2deff0db536cb12f38e0

SHA512
5b001ffc59be46596a195b76aa157fa3886d32bf63bde95d6e9158a297cf401121de3ff840898a779d69f8c96ffab011144faa1d1a6de8d875f94d2dee6a09f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ee8d4e7e50f18b97e7b3b01d8b43c09e

SHA1
54762edd57f00ed30c6bcaf6b28686cc1deabce5

SHA256
8530362e2f467457e3151284c53969efac8613dca745b4c5dd533b5dbc3f7b1b

SHA512
905ea9829c623ee9ac6d34cf8305c460a9a93ce32a0d0740fbd1635e22325b905a216525865769393cfcc2e4b1b5ac5aa0a519c3c403d30077eeb2fbc0181ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8753b8935b982693c1dbb951e81f1253

SHA1
42dc146d3720337c16411be7d90d33b1d35ea58f

SHA256
53a644993406c948b5a869afd205a086c88349eecc5ccae1252783e05f6e23a6

SHA512
f53b585ea2613fe3dee4996a1c47dfb4797a7df47a5cc3f34a821ae6ab2b5a108d40ef007509f7505ef5ca5922b06ca6aafc78247a72d7b96c5ea528a7638a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1b52fae7557f110ef52aa060a831a6f0

SHA1
e35b3c5ad3ecd896146b85b1f5999ff5385ac01e

SHA256
50a600e8fc7ed1c9e238ba576b0180ab22a912bbf29bfd653ca8385dc10fb948

SHA512
32b514748a49d3e76818f7e4ac5e652c130f5cb4db08f03c8c8c598416b8cab8d314053b48f8f8fee1c49086db889eb9b90ed875515f1c34c83186fc5bead453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f4761aef5a58858bee335c03dcd9426b

SHA1
4344fd819721786133e5006c281c7901b51416f4

SHA256
d30347685d2195f2e9549e11756704b223ed2aac087fd16eb3b626ce52094563

SHA512
0958b5e22d03c89f183864bcd8d106d8c390d6652376e24b5cba4ca988b46ab383aa40f4eed6964a8b464848d19ed4676496b45b87890dfb6780af3c1c8e59c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
66b062542d590ea804747a7fddf7f2c1

SHA1
963df5151a8c720f525bf608757148c48cb18478

SHA256
05f5445b4850b2aea80c33522fb9ca882804d2a73e7548213fe02f575d819d3d

SHA512
09ed337d23c26f3d4ef3b3e8ba0d40c3c3def136a6f45317e77c7e8c2afadb64b78a5735cd6a3679f9ab26a4f6b18fe5a46e102bf8005fcdf940f4df59f3b29a

Download Submit
C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll

Filesize
949.5MB

MD5
8da23dbb8f4b718bf99600febd657bfd

SHA1
2bb78d79d2137460b7a969d7b97fe8fd7cae54c1

SHA256
c345eded871650d87eb8961d4b1fa59c76160d89045ef49a0b6239bfb7ab90fe

SHA512
113805bed2e98f0307299071d0c2d7cfaacc74478d306309927b27f8251fa5c6657e8f1baf69dd3a1131b9664a6d4f18191b2079605cc48bb031df66a1e5a1d9

Download Submit
C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe

Filesize
6.1MB

MD5
4864a55cff27f686023456a22371e790

SHA1
6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

SHA256
08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

SHA512
4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

Download Submit
\??\pipe\crashpad_3352_BVBHGNFIRBEBQJWO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/972-547-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/972-553-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/972-559-0x0000000075230000-0x0000000075445000-memory.dmp

Filesize
2.1MB

Download
memory/972-557-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/972-555-0x0000000003820000-0x0000000003C20000-memory.dmp

Filesize
4.0MB

Download
memory/972-554-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/972-552-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/972-556-0x0000000003820000-0x0000000003C20000-memory.dmp

Filesize
4.0MB

Download
memory/1992-548-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1992-541-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1992-546-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1992-542-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1992-539-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1992-540-0x0000000010170000-0x000000001017B000-memory.dmp

Filesize
44KB

Download
memory/1992-551-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1992-545-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2196-565-0x0000000075230000-0x0000000075445000-memory.dmp

Filesize
2.1MB

Download
memory/2196-563-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/2196-562-0x0000000002060000-0x0000000002460000-memory.dmp

Filesize
4.0MB

Download
memory/2196-560-0x0000000000320000-0x0000000000329000-memory.dmp

Filesize
36KB

Download
memory/2616-650-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/2616-646-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/2616-649-0x00000000038F0000-0x0000000003CF0000-memory.dmp

Filesize
4.0MB

Download
memory/2616-652-0x0000000075230000-0x0000000075445000-memory.dmp

Filesize
2.1MB

Download
memory/2696-642-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2696-637-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2696-644-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2696-639-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2696-638-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2696-636-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/3436-655-0x0000000003060000-0x0000000003460000-memory.dmp

Filesize
4.0MB

Download
memory/3436-656-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3436-658-0x0000000075230000-0x0000000075445000-memory.dmp

Filesize
2.1MB

Download
memory/3580-575-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/3580-576-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/3580-581-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/3580-583-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/3580-577-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/3580-578-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/4084-604-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/4084-603-0x0000000002330000-0x0000000002730000-memory.dmp

Filesize
4.0MB

Download
memory/4084-606-0x0000000075230000-0x0000000075445000-memory.dmp

Filesize
2.1MB

Download
memory/4580-597-0x00000000037D0000-0x0000000003BD0000-memory.dmp

Filesize
4.0MB

Download
memory/4580-600-0x0000000075230000-0x0000000075445000-memory.dmp

Filesize
2.1MB

Download
memory/4580-598-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/4580-585-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download