Malware Analysis Report

2024-11-15 06:03

Sample ID 240922-kza8zs1gph
Target https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
Tags
rhadamanthys discovery persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1 was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery persistence stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Adds Run key to start application

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 09:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 09:01

Reported

2024-09-22 09:08

Platform

win10v2004-20240802-en

Max time kernel

371s

Max time network

372s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714693399437208" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A
N/A N/A C:\Windows\SysWOW64\openwith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3352 wrote to memory of 620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4840 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3352 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb70f6cc40,0x7ffb70f6cc4c,0x7ffb70f6cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4844,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5240,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5384,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4016,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5732,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3304,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5964,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6084,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3232,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6096,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6080,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6472,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6484 /prefetch:8

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 972 -ip 972

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 972 -ip 972

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 372

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4580 -ip 4580

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 440

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4580 -ip 4580

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 436

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6636,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6744,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6792,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6344,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6348,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6632 /prefetch:8

C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2616 -ip 2616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2616 -ip 2616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 432

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 uce86376306243be9eb06789c9ed.dl.dropboxusercontent.com udp
GB 162.125.64.15:443 uce86376306243be9eb06789c9ed.dl.dropboxusercontent.com tcp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:443 virustotal.com tcp
US 216.239.34.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.178.3:443 recaptcha.net tcp
GB 142.250.178.3:443 recaptcha.net tcp
US 8.8.8.8:53 8.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.178.3:443 recaptcha.net udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 216.239.34.21:443 virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.178.3:443 recaptcha.net tcp
GB 142.250.178.3:443 recaptcha.net tcp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.178.3:443 recaptcha.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 e2c3.gcp.gvt2.com udp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
US 8.8.8.8:53 50.111.84.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 142.250.179.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_3352_BVBHGNFIRBEBQJWO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5a57fb1cf49deaa2296468ba98b77921
SHA1 2f6bf2d3f75a44440e8069cab98b89b4f54e188c
SHA256 1656664f68c7bf41f9b77b061da3414d1e54b4d7d9ecb98115e7fb55e0e9832e
SHA512 500a443cbd43fab4b4d88b95187bb056f5cda210e0c93e6e2e634a5658883f4b9a5d46ba0d9f5e2389a4bccad70cae787246add531b36985d7ae24ea7ca6a5b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1b52fae7557f110ef52aa060a831a6f0
SHA1 e35b3c5ad3ecd896146b85b1f5999ff5385ac01e
SHA256 50a600e8fc7ed1c9e238ba576b0180ab22a912bbf29bfd653ca8385dc10fb948
SHA512 32b514748a49d3e76818f7e4ac5e652c130f5cb4db08f03c8c8c598416b8cab8d314053b48f8f8fee1c49086db889eb9b90ed875515f1c34c83186fc5bead453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0bc50d11f914c2ff777ad0f6b9152240
SHA1 aa864763bcef012f2b1d4b1e6bbe1420d8200640
SHA256 44aeb97f39468f65f578b1936900ee6d595dd5d1e29cc08ff3ff09d664ddbe22
SHA512 c5ac41cc608504d8f83f28d5c568fbf430d6fe44fa4ac47f04525df5957d85028ef9bd8bdbe0349b378e01973abf630b79f98148b7081d01a7efbd76f79bb3c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b3af959c4cbefc07bd79db39f5139ce2
SHA1 1b5170eaaae99d88b52a6732c91f4ef78c626c61
SHA256 d7a36b4acc03e63ec4e0fd6b610b996f3923d449af28c7ec122378caaf5411ef
SHA512 cbcbe426467dc9b40a7b059d8f4fec7373b27fe6191e20c969279e7d47bf250865441e3cce1bb7b57a02318033eb583ba6371a515dcc04a31b64ffbc1513afd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 683736fc55bcb5cadb2077998682a751
SHA1 8ddc94324a78c0faf1e3bd8687d32dbc19d5ef0c
SHA256 4d04b8e8daec5f0ee4675340ddd519e9d85d1ec0b5e3158b923353800fe86628
SHA512 938de1bee7e985dab0c2080498b3079c2be0e867a3aad57cf2758b276a64f66b9248bd0eb478a1d08bd13892679df5632334bb0c486aa7e2fa8492fb8dbe937d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 213a0b6a2af0a61588970ffb55ce25e7
SHA1 87b3803039b60a9efc6744b700d206124edbb076
SHA256 074b36e9e01ee6731150f89ea0e24d462fdbe06b7475c0c7cb2c4b05c89591e2
SHA512 7dc2fa9bc94f2a797425f15d886fb9968bb9b49c1c2b322a8125e23e3682abd24a5d05eb1a647536d9e737af8ae6d897ac0a2356fb7c9658bb80226c87ffd1c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ee8d4e7e50f18b97e7b3b01d8b43c09e
SHA1 54762edd57f00ed30c6bcaf6b28686cc1deabce5
SHA256 8530362e2f467457e3151284c53969efac8613dca745b4c5dd533b5dbc3f7b1b
SHA512 905ea9829c623ee9ac6d34cf8305c460a9a93ce32a0d0740fbd1635e22325b905a216525865769393cfcc2e4b1b5ac5aa0a519c3c403d30077eeb2fbc0181ac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9496ef929ee89af5abb8d2394b981075
SHA1 cddd99178067959b2589a69e81eca53fcad09cb3
SHA256 c3ae9c9a17afcbd50dd90e8b6fa3e552d9eca26577a9e02563a52e1da30440d1
SHA512 29dcaa1146d5d149b2b499979f5d93e592e4d4c787eef9f0cb8a74506446e49c8ff90883019cb2428ee11eed3c67ec7f7f790a246cbc579897c4d8a07883ff80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb832699216f87bfbeb63b3f23027a6d
SHA1 1de2066929569dd69cc490b18102323b52ea7f54
SHA256 7fc0e5600052bb283c7b9540ff8f8454b9f6dd43321c061d328c9209b514f338
SHA512 55e9057863204ebe981f63c1ada150a2f12582b78cff93f21c9fb14f4e8fca1bbd4133bd64fca47f5b635d3d97ec3e6181baa8bb4bcb89b5967c1091e21f9471

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 11b0da58c72a87cb4a00b536b3dc037c
SHA1 c0bd2a4bdbf7b6402949b121eaa108b646309803
SHA256 fcde76eaa6182a4b2b69871c1b931b74480c08b9fb3d2deff0db536cb12f38e0
SHA512 5b001ffc59be46596a195b76aa157fa3886d32bf63bde95d6e9158a297cf401121de3ff840898a779d69f8c96ffab011144faa1d1a6de8d875f94d2dee6a09f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be4469038b1fcbb1334f82b3e17fca3e
SHA1 09e4a3f3287bd6ad4f7a21decbffab2a75a82291
SHA256 5b08c2263324cca43fc020253cf04fba32bda591fcbf8ddd0dc10cb2045392dd
SHA512 b7dad4aec864706f22f1a8bf247fb3448d39bfc14a0551358c45a8bce0d8edffd42f82a0e004d31ab55a5701e58303e338ae95af89f5e5679d587738071e6711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 6b5c5bc3ac6e12eaa80c654e675f72df
SHA1 9e7124ce24650bc44dc734b5dc4356a245763845
SHA256 d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81
SHA512 66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f4761aef5a58858bee335c03dcd9426b
SHA1 4344fd819721786133e5006c281c7901b51416f4
SHA256 d30347685d2195f2e9549e11756704b223ed2aac087fd16eb3b626ce52094563
SHA512 0958b5e22d03c89f183864bcd8d106d8c390d6652376e24b5cba4ca988b46ab383aa40f4eed6964a8b464848d19ed4676496b45b87890dfb6780af3c1c8e59c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd56f163fd2be83a36f4ed95f49c1389
SHA1 6538c0accc8dd130546127718be8bbbcb051c76d
SHA256 592fa9f9adeee5ca5210e02019bdd71e6d0a75a5f81e2406b675ffd8fccb9c11
SHA512 95bfe156914991c578cff1ce1081d80fe52aea2d7415886c1467d46074780a08eb56af2e9b2d698ed413cde7a0f875026c17eaff50351312ce0a37d8f83328c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09703913c389a80372549fd7f35a5b94
SHA1 046043bd5f6ceb5032a5edf14c4e0e12931310e6
SHA256 c244ab3d059285593c93e684a687744e66b8b6057bc6ea0c0402b9b15bae64d7
SHA512 796350248011eb3b88d5d6ddaed99e5734372072cd9dc2e9dedd6d5c3655634e57034948173b0cdc57b111759944c32c327094ecc594309972bb50dc18d6eb0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9bfb0392e2bbea09e80c7e777a8baedc
SHA1 ce042f92015fb21cd7ec305664647771b5cb7b2b
SHA256 8e8ea442059f0d0ff7d987513cba790a5578373b0e44f08897f132151093d602
SHA512 5df9a3b6178a78036d7143fb7a8d3dfeb3553af8271f39edeff35c020b9a268b339af99e1aa30997b793dfc6b890e9fbf8c9816ac3c106700de054fcfce0c0c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\31f20ef6-6aba-4fb1-9f08-6d84a0e588cc.tmp

MD5 e1b35557a07370a62a09fc06f882725a
SHA1 a4a4c0929de085bd758ed96f4b3629434fa4ba33
SHA256 9bb80cb37e90214e0bfcca2b26cb2584e32b6238996a43ab46a5a1e428e1ef64
SHA512 6afe265effa2edcddab38a7b88644a89ffe78d530e46403c72852829be48de24df663287d4c9d2ef98839e446ed863b7f6a1bbde89f33d20ede6abe88b942d1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 ad53a6597d77a7fa4bba74af404a5627
SHA1 2316afda7f86ae61220e5f804987ffc90d8e5972
SHA256 fa12a613bc086a19f2303d929a6943da8b8f3f75e2047df01040a2703bdda485
SHA512 d18a0bf3710d36efac0fe7d83e660214293e099c0b0cefa276df14cdd1512b2791a12bff01b45ae19499a9957228370f19b20dadad8ed5bf084bea6a0f331ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 15bfb0394e5bae8d693e743337bbaf6c
SHA1 663b7b8dacddf432ead620d7fab8629c5c50eeaf
SHA256 efafeafb612d3745d108ee70cde4a17127db8e334e29bcb635a148793a6a5c87
SHA512 f90894e9130217f34f9c40b27f45fbe1eddfa706e2aead1d99963fa522e036db744650d3c81f3b2f3228d6a3c0f324267b8d8ceccddb8e20842ed125ab893276

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 fd91b53c4a62878e592cb2cbfe909e11
SHA1 1ca9a8865efb94e1d6809cb558acc5f59f95a5f1
SHA256 a2903017ae6d8a2e02f2205df637ab5f1a99401b4ac668ea02762652b95c127e
SHA512 ece89edb4ceacba51f091cb137fb1cecd06cfbb3f0e11659a89d20a0df80536046c625ba850c08570c70f090b6f77508c2a21b23c092d2df301f128f81d95e09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 0cf073ce762780b25ab047b7bd97a1e8
SHA1 be0c7a673506bcd55bf1822c764221ed40030ac3
SHA256 5612e9131414c70749cd41849fc05f52803ab4638eefa88edcab8719c2816619
SHA512 7dac21665988e09c74ebdbf85da4a69208cc167e807056da03936bf5899e78d4dd2b7e2ce302fa559450c9df33483bcec316995be19c8adcc1cbc46a67d0fa91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 35a46116980c974751122a331d47fd84
SHA1 cd6e9014e38596c681641a27706124b5b69f86fc
SHA256 ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66
SHA512 aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 48743a670fa866d07b162f046726b2ec
SHA1 5f180be674c56c4519f531f0796b5b958c20127c
SHA256 9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966
SHA512 cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 5c034f6ea77c94cea42a2c6a104c96c5
SHA1 8cdd02dba48bfc9ba263c91fd7ac311783e50f5b
SHA256 9fb8530058b0477178e0290a2cce25c25e04ad0e3b86df0227f490198847b0ad
SHA512 dcda00fc9cd3c0371f7f482de17cd2ad4f73d83452dd2b6362343431e6410c94f051ad8acb3c9381c9d7588de48ab9ba4ff8fcf5f61777d3fbe29baf76b0d32b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 e6d5b5fc3025ed5445db4405f1d80d6b
SHA1 703536f74a7b6132844c9c8bf8bce847105ffc6e
SHA256 460cc6876c723e6d7a174a0e0e0f3e136e3b332f2c93b56958ebb48608fad9a1
SHA512 9dd2d6df34cfa9528daabbf46034b413f08b2c27d85a5def6d30dbbce2756a3728999f429c37f8ac7f0b9924aa9f1349a53735506fe679509367c8319a2dd425

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03b9611b840ba379432fa64d3a764e0e
SHA1 98df675800f60e641d50d0c6ae29803280dabb46
SHA256 cd6caf95377188f9703921ed6e5f8037150570fac93a9d285545913af99c8564
SHA512 0c52b122c940feac04a387244b5b6d76c134cf25ab7fd75595d3d9dbfa944e60532037154a76e1a4d865b83f47e36d2d0cca2882a48e9bec5b8d96a74d40beb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1787089cacbc2a76_0

MD5 e949dc8ec31ea386987f7a7ea4b3be22
SHA1 0db875328d6da57d3bd92e0d7d06584fa1351e3f
SHA256 c30dc8dba37732d5a5228e7295d4d7e1fb89a93aa6d3052809f50e1912e1d545
SHA512 440aea48865bb657e1fd120d35abc384ee29b52105825d39a045f63a369bad3ef0c5ba9044ae012dd9e4f22628c8463b4797d98a3391e412a71db8c6a16beb11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\033b1994e07850fb_0

MD5 387e60f0d6f2bf62b538149fcd876119
SHA1 e772b3634322a818bd0b34a3e0d489a67eef6ac6
SHA256 a61e77c922426a9e6e11262f4ee92adf44b7b4ed03b86e9be9ecdda5429e9769
SHA512 b67ea46bc8417d0edd9e1c757c5e338433d01738605dadec2c1abea50d9b31042f33da21822a7915709f0c9dc750bd86072db5e7e877b0bee66718c15aad9dd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89adc96373ad0e9d4b0359dc3f3800f7
SHA1 7b5b8ba2ea1848dff4fdc69aab4fc56d39fa8bbb
SHA256 dbcda4aaee8d8b74fff2a23c6d6b4cd187069ca071d63a384613054b48828838
SHA512 8deccaa7c0f2d5d932298d802f1863a1e53ceb8d0db485396f31e318e18df08bf783df73353045553e02735eadecaecf6d667af7daf696eca565dd178e3ee988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8753b8935b982693c1dbb951e81f1253
SHA1 42dc146d3720337c16411be7d90d33b1d35ea58f
SHA256 53a644993406c948b5a869afd205a086c88349eecc5ccae1252783e05f6e23a6
SHA512 f53b585ea2613fe3dee4996a1c47dfb4797a7df47a5cc3f34a821ae6ab2b5a108d40ef007509f7505ef5ca5922b06ca6aafc78247a72d7b96c5ea528a7638a0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4c54bb1fb23c8dcddbe7a8719b5048e
SHA1 affa4346014d0b08a03dcec35b3e51ab7044fc34
SHA256 5e7f72af4effd8e430690249dcb1c31bdef7018fc99225cbf6013de6854d19b2
SHA512 b5cec04fdbcef21e0569604c20d7d35532e133206946986a90d14ced0ee00a2f2a5038cd1f1ee697c43d370625677f3e27e3a5a8775b1b5ba142b18f32636add

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c07ddc13f361a63e24965b09c99b8254
SHA1 b960d7bb872d893bab675c45b0d8b287eceb81bc
SHA256 4b0a3892158077109d1b47b74c4dfd0716facae670ebe2288955082a6d73f70d
SHA512 1531c7e3f46e96cbd36e27a181c48841d874b89db679263a4b058957450711555b4213b412159d82c6055b6de557e42ee47be4ee7dad4764eeb15e5f2c713219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b446ad603135dadaddd5b219d6efc19d
SHA1 e3442c5a3d29dcf387bb32417e5fb49dfd66b906
SHA256 093ba5ea80118b5c84c7393206e37f188830dd33eb35c4e886ccd7bc0b14dbea
SHA512 17ae4524ac5e82b8d8119ae71bdbadd91cb3afba87fc8308af4963f0377094db68e735ae6d3a427fedbc2ef63cd009e7fac4813d1392e25d553a8953a8ed4abb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fcf7ec0f5c3e0865d915443a99b18f6e
SHA1 f0ae8e5c59d2edd349b37fd58e85eb291e04a84e
SHA256 dcec42f17235c9e9a464b9df8ea3e056f0643e3d14ed7743d9b5f13abf058107
SHA512 973d62ba67d8e40ea288e7be0d3a42b3dc02ea0ad0fe581fd81e491b81e454ce8d3e3d188a54ee75c24ebc28e916fd0d6b171260cba69c1d85fb09183830b4f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbb74ac15026d8a283dcd97a1a871879
SHA1 e4932ad575c82f83c016448bf5df42dbe650c8f6
SHA256 dc7b6551afbe1005432c99ec97f6046d47bbb746728c7edb3f506a6fdc40c0a4
SHA512 c6b720cf2ba1fa28011c2ef1d43c4c5af6d2b5cdbef4881c5ff0ed6dd74695070c9a2dbc09955da53841da7a0e9fbcbe35738f79c70ce803834b08016e0793d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b2fa6de40e1c0559a3d4cf047c3067e
SHA1 b3c68f7caf7f20c2dfe443f77ce4b9a91a2e26eb
SHA256 82af55e63f4b7a94b0aac7412b2b721a3b73052664a9dcbdfd6035850e768e8a
SHA512 82c67d38afbac33ec3ed13e92d113d67bf8fd93456df90993842703f7ebcf4eb2edc9b15207735b302d62d02aac2be54122495490675510f84952e68b509ff31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65043829e7a093e1f01de0bc881f70b9
SHA1 5884aa39639c5b94760aa8c278f1473b4844fec2
SHA256 b734f678ffd1ca416c96c9481b818fbbd1f1e693c3a3adf854e611170347847c
SHA512 a688a1552082be66db0e1562d9355091df719ffaccd114c9e79486a8cb5ccac716f5186a54d4d0a96a3907c2e2c9b49dc3a0224410947257fc7eedc0effd2873

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cab8f8074806fa29f74bd8f28ff27785
SHA1 de588c8d4271f34e908ed4cb2a63ebee53174ad5
SHA256 64b67e35ce1c35a5f44e535367b82df7b0a2eb6a66be91ecc467e12fa6e5a4af
SHA512 8394fe9f185019f459245d5405f9a0820f97b0c700bcf38d3a83d059e82c2bf2a1410bd1128fc04fee7d85d27347b7711006ad013ab35835b16637643761aa93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b5f73607dd4d46b5bdb364937ea58d8
SHA1 52d78eb3d1383e9c4286c6ddff59716ece93997a
SHA256 4cad6c94972d5edb1715859222dc8eb38c3ce4ba6f32ace5cd5db59f4643a5bd
SHA512 0898297b0d9ffde28c7d7d9b6cecd8605e30e696a3361e35222cb89440c5239e98c599683bef8abce924743bfd4d388e034ed97ea990248d1f5579023af5e3e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 465bfad9973089e66e8bd60bb20fb878
SHA1 f5baf4013e7ead222b3e0ec9ec5ee7dd4661bcec
SHA256 9fb10235928fc69a6529a844e3f54cd744c3cf92abb976656c205b99a4b3a0f3
SHA512 666cacb4193275dd8afa80d4ac6d24a5171997352011c28ff7e892306d4043cf2d3c18548882cb644f55b47a6c227fb6deb6c63c9dfbcc45aa1efba743c6b28f

memory/1992-542-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1992-541-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1992-546-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/972-553-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/972-552-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/1992-548-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/972-554-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/1992-551-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/972-547-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/1992-545-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1992-539-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1992-540-0x0000000010170000-0x000000001017B000-memory.dmp

memory/972-555-0x0000000003820000-0x0000000003C20000-memory.dmp

memory/972-556-0x0000000003820000-0x0000000003C20000-memory.dmp

memory/2196-560-0x0000000000320000-0x0000000000329000-memory.dmp

memory/972-559-0x0000000075230000-0x0000000075445000-memory.dmp

memory/972-557-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

memory/2196-562-0x0000000002060000-0x0000000002460000-memory.dmp

memory/2196-563-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

memory/2196-565-0x0000000075230000-0x0000000075445000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24770a01298ad2f1456c6c4cf4366817
SHA1 5dc34a78cc770a2a24cccdcfefb34050e2ad82fc
SHA256 5cb1aeba53bcf006320634c8c0985b41713ea029decd112979d2c4920f6b7713
SHA512 f79130a303a9a299df1f58d1bc2d8079e130b798325130f3a83864660679d166afa6e5954ecef2f26280ee098389d31775633b88e95c8b481a7936b37e67b41e

memory/3580-578-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3580-577-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3580-583-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/4580-585-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/3580-581-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3580-575-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/3580-576-0x0000000010000000-0x00000000101E3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a08bbea3ed2e8b033cace2e8b4e02a6f
SHA1 0fc42749f25a2e610b6641aab200f9462f9c3901
SHA256 dc58cf88428cac351511d01cbe4a4a378c685975ff73b03dc027bb3ea8d7df09
SHA512 262fffd93a13e3707881b4e5e0028de851a35b2bf3c3650737559af9bbb7645cc4336fec462469cc950318f6fcd503a89f1994aa04c3f4c0e8216a4464256ad5

C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll

MD5 8da23dbb8f4b718bf99600febd657bfd
SHA1 2bb78d79d2137460b7a969d7b97fe8fd7cae54c1
SHA256 c345eded871650d87eb8961d4b1fa59c76160d89045ef49a0b6239bfb7ab90fe
SHA512 113805bed2e98f0307299071d0c2d7cfaacc74478d306309927b27f8251fa5c6657e8f1baf69dd3a1131b9664a6d4f18191b2079605cc48bb031df66a1e5a1d9

memory/4580-597-0x00000000037D0000-0x0000000003BD0000-memory.dmp

memory/4580-598-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

memory/4580-600-0x0000000075230000-0x0000000075445000-memory.dmp

memory/4084-603-0x0000000002330000-0x0000000002730000-memory.dmp

memory/4084-606-0x0000000075230000-0x0000000075445000-memory.dmp

memory/4084-604-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e50aa1babed5acb6661e68996a915e65
SHA1 8c7e1e693fa440f744a42dce44601f104538b5f3
SHA256 bbee94f8012ad75d660385e1d48326371ae76ae7c4c1ec66ee637a4dc04da630
SHA512 ec8333ce20fa89e4a31f71e5874b99627cf877753afc7b40fd0f0d2019c951973452106040a1c0ec084f6814fa0494aff3943dd0aedcb4bf3e452db87499aa5f

C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe

MD5 4864a55cff27f686023456a22371e790
SHA1 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
SHA256 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
SHA512 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 66b062542d590ea804747a7fddf7f2c1
SHA1 963df5151a8c720f525bf608757148c48cb18478
SHA256 05f5445b4850b2aea80c33522fb9ca882804d2a73e7548213fe02f575d819d3d
SHA512 09ed337d23c26f3d4ef3b3e8ba0d40c3c3def136a6f45317e77c7e8c2afadb64b78a5735cd6a3679f9ab26a4f6b18fe5a46e102bf8005fcdf940f4df59f3b29a

memory/2696-637-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2696-642-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2696-644-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2616-646-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/2696-639-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2696-638-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2696-636-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2616-652-0x0000000075230000-0x0000000075445000-memory.dmp

memory/2616-650-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

memory/2616-649-0x00000000038F0000-0x0000000003CF0000-memory.dmp

memory/3436-655-0x0000000003060000-0x0000000003460000-memory.dmp

memory/3436-658-0x0000000075230000-0x0000000075445000-memory.dmp

memory/3436-656-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f75aa81fc6c7a9082fcfca5d6a8c9cef
SHA1 b3d5feef223498e586d646e1bf6b9fbe06ffb195
SHA256 b03e641f49a9da189b616a3663533ca1e57d416d2db606d78cd92c0d470f1e44
SHA512 8bb479f40d1b18f777b5cbf679183694aeeda1cec8b82e3850d8c3d559826e389018a9b59fba2a56f9a595ee87daeae437976c794f6f3690a24196271ee36179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b32f8f0d2858ea458312e5d72aadcdd4
SHA1 0dbfdad688098f072ac4867df419e90372372ce7
SHA256 7f0189c0c49fa6d0a03487e2be8f9c13f4081bfa5b5bcb626d2e7a41c7430cf1
SHA512 ace85b2d674e60975aa945a8329a47e928dfe1ede9486a53c7a738131c3cd60c0349d373eeaa9b2de327bd964cf083f562b845727893ce58a8be1787ca1eb966

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad8f4220f743081bb9e5ed52fe77ebcb
SHA1 5cc63897f34c4d61620f5ba84617d3d2ef001bad
SHA256 75f4723e4668fd81d554a35d616d9ae609c1755b68bf4bd42e970e398a3a51f7
SHA512 7164e097d12a15ee3eb08544d1bfe4967e5d86f213457590ac23aa863967822da698471bf45f18abe050a8ceca6e3cf318793eca9697002b19201a981725a73d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37cb6b6f13b6d26da36095f6f5cdd744
SHA1 388fb16248c6fcfcc4ca355724e3229c926b76b4
SHA256 5cbc6027c7e77179d307ece2a2267da48539e70ee5a0afddb46fb75ec477bdc6
SHA512 cd4343381820d67cbe8bd290f9c0f1c4060422c54a8b0e6e03073b587068686aa39ca6cb2326036cb4341789bbf41281e19d845efc1e8de1d4b9304462b12d67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27893f16036287301b9184307eea769f
SHA1 d51cd0766ce40eef5a4490ba0f3865e596d704a7
SHA256 e75d65008adc9eea346db10f5b0e0e37e6bf32cbebe4fd948b5e78772cbe19b8
SHA512 ec7cbf963e23db76ddedffb5146607d3aad8957217e2cc4bfd04f21993da089ed715370cbf4aa0afc4129c153dc6e2c42caebca247ec086e6d35678f99aa8307

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 067fdf8df1167c46dca808ae895bbf53
SHA1 1a7c58bd1f6dd32f1b9bf33def8ea895ef518d54
SHA256 1d53f0199eee8cda8a111c07fad1faf9664397f4c2c86fe0d567a15d58a98dd2
SHA512 64729f4ce6fd9f2af74fccbb4d46caf8624d16069425827c8d7888d506511ff12be13b898086e07f106bbf878a786658f7d546577f5586e1d711a0a5839e318e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8120759547cf1e60d896d27ada5217ef
SHA1 6ea5fb15e9014d0f53d222221ac3e148ad3b912a
SHA256 766f079cde25a725927e65a696d218e9c3f82bedde194ba99df13e6ee63051a9
SHA512 cb41de7f64161cc65b754245f67f0139684a70ea6b89c5a691db205f3741c42cabda8d20ffda51896263fff06ccff8857f50a1923fb99f08ced0312ea9da2eb6