Analysis Overview
Threat Level: Known bad
The file https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1 was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Adds Run key to start application
Browser Information Discovery
System Location Discovery: System Language Discovery
Program crash
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 09:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 09:01
Reported
2024-09-22 09:08
Platform
win10v2004-20240802-en
Max time kernel
371s
Max time network
372s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 972 created 2672 | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | C:\Windows\system32\sihost.exe |
| PID 4580 created 2672 | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | C:\Windows\system32\sihost.exe |
| PID 2616 created 2672 | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | C:\Windows\system32\sihost.exe |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" | C:\Windows\SysWOW64\reg.exe | N/A |
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714693399437208" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb70f6cc40,0x7ffb70f6cc4c,0x7ffb70f6cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4844,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5240,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5384,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2376 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4016,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5864,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5732,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3304,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5964,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6084,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3232,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6096,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6080,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6472,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6484 /prefetch:8
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 972 -ip 972
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 464
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 972 -ip 972
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 372
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4580 -ip 4580
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4580 -ip 4580
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 436
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6636,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6744,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6756 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6792,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6344,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6348,i,8777111959100886490,12385490403903968180,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6632 /prefetch:8
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2616 -ip 2616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 436
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2616 -ip 2616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 432
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uce86376306243be9eb06789c9ed.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uce86376306243be9eb06789c9ed.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.178.3:443 | recaptcha.net | tcp |
| GB | 142.250.178.3:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | 8.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.178.3:443 | recaptcha.net | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.178.3:443 | recaptcha.net | tcp |
| GB | 142.250.178.3:443 | recaptcha.net | tcp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.178.3:443 | recaptcha.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c3.gcp.gvt2.com | udp |
| JP | 34.84.111.50:443 | e2c3.gcp.gvt2.com | tcp |
| JP | 34.84.111.50:443 | e2c3.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 50.111.84.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 142.250.179.227:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3352_BVBHGNFIRBEBQJWO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5a57fb1cf49deaa2296468ba98b77921 |
| SHA1 | 2f6bf2d3f75a44440e8069cab98b89b4f54e188c |
| SHA256 | 1656664f68c7bf41f9b77b061da3414d1e54b4d7d9ecb98115e7fb55e0e9832e |
| SHA512 | 500a443cbd43fab4b4d88b95187bb056f5cda210e0c93e6e2e634a5658883f4b9a5d46ba0d9f5e2389a4bccad70cae787246add531b36985d7ae24ea7ca6a5b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1b52fae7557f110ef52aa060a831a6f0 |
| SHA1 | e35b3c5ad3ecd896146b85b1f5999ff5385ac01e |
| SHA256 | 50a600e8fc7ed1c9e238ba576b0180ab22a912bbf29bfd653ca8385dc10fb948 |
| SHA512 | 32b514748a49d3e76818f7e4ac5e652c130f5cb4db08f03c8c8c598416b8cab8d314053b48f8f8fee1c49086db889eb9b90ed875515f1c34c83186fc5bead453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bc50d11f914c2ff777ad0f6b9152240 |
| SHA1 | aa864763bcef012f2b1d4b1e6bbe1420d8200640 |
| SHA256 | 44aeb97f39468f65f578b1936900ee6d595dd5d1e29cc08ff3ff09d664ddbe22 |
| SHA512 | c5ac41cc608504d8f83f28d5c568fbf430d6fe44fa4ac47f04525df5957d85028ef9bd8bdbe0349b378e01973abf630b79f98148b7081d01a7efbd76f79bb3c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b3af959c4cbefc07bd79db39f5139ce2 |
| SHA1 | 1b5170eaaae99d88b52a6732c91f4ef78c626c61 |
| SHA256 | d7a36b4acc03e63ec4e0fd6b610b996f3923d449af28c7ec122378caaf5411ef |
| SHA512 | cbcbe426467dc9b40a7b059d8f4fec7373b27fe6191e20c969279e7d47bf250865441e3cce1bb7b57a02318033eb583ba6371a515dcc04a31b64ffbc1513afd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 683736fc55bcb5cadb2077998682a751 |
| SHA1 | 8ddc94324a78c0faf1e3bd8687d32dbc19d5ef0c |
| SHA256 | 4d04b8e8daec5f0ee4675340ddd519e9d85d1ec0b5e3158b923353800fe86628 |
| SHA512 | 938de1bee7e985dab0c2080498b3079c2be0e867a3aad57cf2758b276a64f66b9248bd0eb478a1d08bd13892679df5632334bb0c486aa7e2fa8492fb8dbe937d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 08ec57068db9971e917b9046f90d0e49 |
| SHA1 | 28b80d73a861f88735d89e301fa98f2ae502e94b |
| SHA256 | 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1 |
| SHA512 | b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 213a0b6a2af0a61588970ffb55ce25e7 |
| SHA1 | 87b3803039b60a9efc6744b700d206124edbb076 |
| SHA256 | 074b36e9e01ee6731150f89ea0e24d462fdbe06b7475c0c7cb2c4b05c89591e2 |
| SHA512 | 7dc2fa9bc94f2a797425f15d886fb9968bb9b49c1c2b322a8125e23e3682abd24a5d05eb1a647536d9e737af8ae6d897ac0a2356fb7c9658bb80226c87ffd1c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ee8d4e7e50f18b97e7b3b01d8b43c09e |
| SHA1 | 54762edd57f00ed30c6bcaf6b28686cc1deabce5 |
| SHA256 | 8530362e2f467457e3151284c53969efac8613dca745b4c5dd533b5dbc3f7b1b |
| SHA512 | 905ea9829c623ee9ac6d34cf8305c460a9a93ce32a0d0740fbd1635e22325b905a216525865769393cfcc2e4b1b5ac5aa0a519c3c403d30077eeb2fbc0181ac1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9496ef929ee89af5abb8d2394b981075 |
| SHA1 | cddd99178067959b2589a69e81eca53fcad09cb3 |
| SHA256 | c3ae9c9a17afcbd50dd90e8b6fa3e552d9eca26577a9e02563a52e1da30440d1 |
| SHA512 | 29dcaa1146d5d149b2b499979f5d93e592e4d4c787eef9f0cb8a74506446e49c8ff90883019cb2428ee11eed3c67ec7f7f790a246cbc579897c4d8a07883ff80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb832699216f87bfbeb63b3f23027a6d |
| SHA1 | 1de2066929569dd69cc490b18102323b52ea7f54 |
| SHA256 | 7fc0e5600052bb283c7b9540ff8f8454b9f6dd43321c061d328c9209b514f338 |
| SHA512 | 55e9057863204ebe981f63c1ada150a2f12582b78cff93f21c9fb14f4e8fca1bbd4133bd64fca47f5b635d3d97ec3e6181baa8bb4bcb89b5967c1091e21f9471 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 11b0da58c72a87cb4a00b536b3dc037c |
| SHA1 | c0bd2a4bdbf7b6402949b121eaa108b646309803 |
| SHA256 | fcde76eaa6182a4b2b69871c1b931b74480c08b9fb3d2deff0db536cb12f38e0 |
| SHA512 | 5b001ffc59be46596a195b76aa157fa3886d32bf63bde95d6e9158a297cf401121de3ff840898a779d69f8c96ffab011144faa1d1a6de8d875f94d2dee6a09f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | be4469038b1fcbb1334f82b3e17fca3e |
| SHA1 | 09e4a3f3287bd6ad4f7a21decbffab2a75a82291 |
| SHA256 | 5b08c2263324cca43fc020253cf04fba32bda591fcbf8ddd0dc10cb2045392dd |
| SHA512 | b7dad4aec864706f22f1a8bf247fb3448d39bfc14a0551358c45a8bce0d8edffd42f82a0e004d31ab55a5701e58303e338ae95af89f5e5679d587738071e6711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 6b5c5bc3ac6e12eaa80c654e675f72df |
| SHA1 | 9e7124ce24650bc44dc734b5dc4356a245763845 |
| SHA256 | d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81 |
| SHA512 | 66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4761aef5a58858bee335c03dcd9426b |
| SHA1 | 4344fd819721786133e5006c281c7901b51416f4 |
| SHA256 | d30347685d2195f2e9549e11756704b223ed2aac087fd16eb3b626ce52094563 |
| SHA512 | 0958b5e22d03c89f183864bcd8d106d8c390d6652376e24b5cba4ca988b46ab383aa40f4eed6964a8b464848d19ed4676496b45b87890dfb6780af3c1c8e59c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd56f163fd2be83a36f4ed95f49c1389 |
| SHA1 | 6538c0accc8dd130546127718be8bbbcb051c76d |
| SHA256 | 592fa9f9adeee5ca5210e02019bdd71e6d0a75a5f81e2406b675ffd8fccb9c11 |
| SHA512 | 95bfe156914991c578cff1ce1081d80fe52aea2d7415886c1467d46074780a08eb56af2e9b2d698ed413cde7a0f875026c17eaff50351312ce0a37d8f83328c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09703913c389a80372549fd7f35a5b94 |
| SHA1 | 046043bd5f6ceb5032a5edf14c4e0e12931310e6 |
| SHA256 | c244ab3d059285593c93e684a687744e66b8b6057bc6ea0c0402b9b15bae64d7 |
| SHA512 | 796350248011eb3b88d5d6ddaed99e5734372072cd9dc2e9dedd6d5c3655634e57034948173b0cdc57b111759944c32c327094ecc594309972bb50dc18d6eb0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9bfb0392e2bbea09e80c7e777a8baedc |
| SHA1 | ce042f92015fb21cd7ec305664647771b5cb7b2b |
| SHA256 | 8e8ea442059f0d0ff7d987513cba790a5578373b0e44f08897f132151093d602 |
| SHA512 | 5df9a3b6178a78036d7143fb7a8d3dfeb3553af8271f39edeff35c020b9a268b339af99e1aa30997b793dfc6b890e9fbf8c9816ac3c106700de054fcfce0c0c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\31f20ef6-6aba-4fb1-9f08-6d84a0e588cc.tmp
| MD5 | e1b35557a07370a62a09fc06f882725a |
| SHA1 | a4a4c0929de085bd758ed96f4b3629434fa4ba33 |
| SHA256 | 9bb80cb37e90214e0bfcca2b26cb2584e32b6238996a43ab46a5a1e428e1ef64 |
| SHA512 | 6afe265effa2edcddab38a7b88644a89ffe78d530e46403c72852829be48de24df663287d4c9d2ef98839e446ed863b7f6a1bbde89f33d20ede6abe88b942d1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | ad53a6597d77a7fa4bba74af404a5627 |
| SHA1 | 2316afda7f86ae61220e5f804987ffc90d8e5972 |
| SHA256 | fa12a613bc086a19f2303d929a6943da8b8f3f75e2047df01040a2703bdda485 |
| SHA512 | d18a0bf3710d36efac0fe7d83e660214293e099c0b0cefa276df14cdd1512b2791a12bff01b45ae19499a9957228370f19b20dadad8ed5bf084bea6a0f331ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 15bfb0394e5bae8d693e743337bbaf6c |
| SHA1 | 663b7b8dacddf432ead620d7fab8629c5c50eeaf |
| SHA256 | efafeafb612d3745d108ee70cde4a17127db8e334e29bcb635a148793a6a5c87 |
| SHA512 | f90894e9130217f34f9c40b27f45fbe1eddfa706e2aead1d99963fa522e036db744650d3c81f3b2f3228d6a3c0f324267b8d8ceccddb8e20842ed125ab893276 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | fd91b53c4a62878e592cb2cbfe909e11 |
| SHA1 | 1ca9a8865efb94e1d6809cb558acc5f59f95a5f1 |
| SHA256 | a2903017ae6d8a2e02f2205df637ab5f1a99401b4ac668ea02762652b95c127e |
| SHA512 | ece89edb4ceacba51f091cb137fb1cecd06cfbb3f0e11659a89d20a0df80536046c625ba850c08570c70f090b6f77508c2a21b23c092d2df301f128f81d95e09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 0cf073ce762780b25ab047b7bd97a1e8 |
| SHA1 | be0c7a673506bcd55bf1822c764221ed40030ac3 |
| SHA256 | 5612e9131414c70749cd41849fc05f52803ab4638eefa88edcab8719c2816619 |
| SHA512 | 7dac21665988e09c74ebdbf85da4a69208cc167e807056da03936bf5899e78d4dd2b7e2ce302fa559450c9df33483bcec316995be19c8adcc1cbc46a67d0fa91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 35a46116980c974751122a331d47fd84 |
| SHA1 | cd6e9014e38596c681641a27706124b5b69f86fc |
| SHA256 | ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66 |
| SHA512 | aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 48743a670fa866d07b162f046726b2ec |
| SHA1 | 5f180be674c56c4519f531f0796b5b958c20127c |
| SHA256 | 9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966 |
| SHA512 | cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 5c034f6ea77c94cea42a2c6a104c96c5 |
| SHA1 | 8cdd02dba48bfc9ba263c91fd7ac311783e50f5b |
| SHA256 | 9fb8530058b0477178e0290a2cce25c25e04ad0e3b86df0227f490198847b0ad |
| SHA512 | dcda00fc9cd3c0371f7f482de17cd2ad4f73d83452dd2b6362343431e6410c94f051ad8acb3c9381c9d7588de48ab9ba4ff8fcf5f61777d3fbe29baf76b0d32b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | e6d5b5fc3025ed5445db4405f1d80d6b |
| SHA1 | 703536f74a7b6132844c9c8bf8bce847105ffc6e |
| SHA256 | 460cc6876c723e6d7a174a0e0e0f3e136e3b332f2c93b56958ebb48608fad9a1 |
| SHA512 | 9dd2d6df34cfa9528daabbf46034b413f08b2c27d85a5def6d30dbbce2756a3728999f429c37f8ac7f0b9924aa9f1349a53735506fe679509367c8319a2dd425 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03b9611b840ba379432fa64d3a764e0e |
| SHA1 | 98df675800f60e641d50d0c6ae29803280dabb46 |
| SHA256 | cd6caf95377188f9703921ed6e5f8037150570fac93a9d285545913af99c8564 |
| SHA512 | 0c52b122c940feac04a387244b5b6d76c134cf25ab7fd75595d3d9dbfa944e60532037154a76e1a4d865b83f47e36d2d0cca2882a48e9bec5b8d96a74d40beb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1787089cacbc2a76_0
| MD5 | e949dc8ec31ea386987f7a7ea4b3be22 |
| SHA1 | 0db875328d6da57d3bd92e0d7d06584fa1351e3f |
| SHA256 | c30dc8dba37732d5a5228e7295d4d7e1fb89a93aa6d3052809f50e1912e1d545 |
| SHA512 | 440aea48865bb657e1fd120d35abc384ee29b52105825d39a045f63a369bad3ef0c5ba9044ae012dd9e4f22628c8463b4797d98a3391e412a71db8c6a16beb11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\033b1994e07850fb_0
| MD5 | 387e60f0d6f2bf62b538149fcd876119 |
| SHA1 | e772b3634322a818bd0b34a3e0d489a67eef6ac6 |
| SHA256 | a61e77c922426a9e6e11262f4ee92adf44b7b4ed03b86e9be9ecdda5429e9769 |
| SHA512 | b67ea46bc8417d0edd9e1c757c5e338433d01738605dadec2c1abea50d9b31042f33da21822a7915709f0c9dc750bd86072db5e7e877b0bee66718c15aad9dd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89adc96373ad0e9d4b0359dc3f3800f7 |
| SHA1 | 7b5b8ba2ea1848dff4fdc69aab4fc56d39fa8bbb |
| SHA256 | dbcda4aaee8d8b74fff2a23c6d6b4cd187069ca071d63a384613054b48828838 |
| SHA512 | 8deccaa7c0f2d5d932298d802f1863a1e53ceb8d0db485396f31e318e18df08bf783df73353045553e02735eadecaecf6d667af7daf696eca565dd178e3ee988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8753b8935b982693c1dbb951e81f1253 |
| SHA1 | 42dc146d3720337c16411be7d90d33b1d35ea58f |
| SHA256 | 53a644993406c948b5a869afd205a086c88349eecc5ccae1252783e05f6e23a6 |
| SHA512 | f53b585ea2613fe3dee4996a1c47dfb4797a7df47a5cc3f34a821ae6ab2b5a108d40ef007509f7505ef5ca5922b06ca6aafc78247a72d7b96c5ea528a7638a0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e4c54bb1fb23c8dcddbe7a8719b5048e |
| SHA1 | affa4346014d0b08a03dcec35b3e51ab7044fc34 |
| SHA256 | 5e7f72af4effd8e430690249dcb1c31bdef7018fc99225cbf6013de6854d19b2 |
| SHA512 | b5cec04fdbcef21e0569604c20d7d35532e133206946986a90d14ced0ee00a2f2a5038cd1f1ee697c43d370625677f3e27e3a5a8775b1b5ba142b18f32636add |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c07ddc13f361a63e24965b09c99b8254 |
| SHA1 | b960d7bb872d893bab675c45b0d8b287eceb81bc |
| SHA256 | 4b0a3892158077109d1b47b74c4dfd0716facae670ebe2288955082a6d73f70d |
| SHA512 | 1531c7e3f46e96cbd36e27a181c48841d874b89db679263a4b058957450711555b4213b412159d82c6055b6de557e42ee47be4ee7dad4764eeb15e5f2c713219 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b446ad603135dadaddd5b219d6efc19d |
| SHA1 | e3442c5a3d29dcf387bb32417e5fb49dfd66b906 |
| SHA256 | 093ba5ea80118b5c84c7393206e37f188830dd33eb35c4e886ccd7bc0b14dbea |
| SHA512 | 17ae4524ac5e82b8d8119ae71bdbadd91cb3afba87fc8308af4963f0377094db68e735ae6d3a427fedbc2ef63cd009e7fac4813d1392e25d553a8953a8ed4abb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fcf7ec0f5c3e0865d915443a99b18f6e |
| SHA1 | f0ae8e5c59d2edd349b37fd58e85eb291e04a84e |
| SHA256 | dcec42f17235c9e9a464b9df8ea3e056f0643e3d14ed7743d9b5f13abf058107 |
| SHA512 | 973d62ba67d8e40ea288e7be0d3a42b3dc02ea0ad0fe581fd81e491b81e454ce8d3e3d188a54ee75c24ebc28e916fd0d6b171260cba69c1d85fb09183830b4f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bbb74ac15026d8a283dcd97a1a871879 |
| SHA1 | e4932ad575c82f83c016448bf5df42dbe650c8f6 |
| SHA256 | dc7b6551afbe1005432c99ec97f6046d47bbb746728c7edb3f506a6fdc40c0a4 |
| SHA512 | c6b720cf2ba1fa28011c2ef1d43c4c5af6d2b5cdbef4881c5ff0ed6dd74695070c9a2dbc09955da53841da7a0e9fbcbe35738f79c70ce803834b08016e0793d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5b2fa6de40e1c0559a3d4cf047c3067e |
| SHA1 | b3c68f7caf7f20c2dfe443f77ce4b9a91a2e26eb |
| SHA256 | 82af55e63f4b7a94b0aac7412b2b721a3b73052664a9dcbdfd6035850e768e8a |
| SHA512 | 82c67d38afbac33ec3ed13e92d113d67bf8fd93456df90993842703f7ebcf4eb2edc9b15207735b302d62d02aac2be54122495490675510f84952e68b509ff31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65043829e7a093e1f01de0bc881f70b9 |
| SHA1 | 5884aa39639c5b94760aa8c278f1473b4844fec2 |
| SHA256 | b734f678ffd1ca416c96c9481b818fbbd1f1e693c3a3adf854e611170347847c |
| SHA512 | a688a1552082be66db0e1562d9355091df719ffaccd114c9e79486a8cb5ccac716f5186a54d4d0a96a3907c2e2c9b49dc3a0224410947257fc7eedc0effd2873 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cab8f8074806fa29f74bd8f28ff27785 |
| SHA1 | de588c8d4271f34e908ed4cb2a63ebee53174ad5 |
| SHA256 | 64b67e35ce1c35a5f44e535367b82df7b0a2eb6a66be91ecc467e12fa6e5a4af |
| SHA512 | 8394fe9f185019f459245d5405f9a0820f97b0c700bcf38d3a83d059e82c2bf2a1410bd1128fc04fee7d85d27347b7711006ad013ab35835b16637643761aa93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b5f73607dd4d46b5bdb364937ea58d8 |
| SHA1 | 52d78eb3d1383e9c4286c6ddff59716ece93997a |
| SHA256 | 4cad6c94972d5edb1715859222dc8eb38c3ce4ba6f32ace5cd5db59f4643a5bd |
| SHA512 | 0898297b0d9ffde28c7d7d9b6cecd8605e30e696a3361e35222cb89440c5239e98c599683bef8abce924743bfd4d388e034ed97ea990248d1f5579023af5e3e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 465bfad9973089e66e8bd60bb20fb878 |
| SHA1 | f5baf4013e7ead222b3e0ec9ec5ee7dd4661bcec |
| SHA256 | 9fb10235928fc69a6529a844e3f54cd744c3cf92abb976656c205b99a4b3a0f3 |
| SHA512 | 666cacb4193275dd8afa80d4ac6d24a5171997352011c28ff7e892306d4043cf2d3c18548882cb644f55b47a6c227fb6deb6c63c9dfbcc45aa1efba743c6b28f |
memory/1992-542-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1992-541-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1992-546-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/972-553-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/972-552-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/1992-548-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/972-554-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/1992-551-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/972-547-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/1992-545-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1992-539-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1992-540-0x0000000010170000-0x000000001017B000-memory.dmp
memory/972-555-0x0000000003820000-0x0000000003C20000-memory.dmp
memory/972-556-0x0000000003820000-0x0000000003C20000-memory.dmp
memory/2196-560-0x0000000000320000-0x0000000000329000-memory.dmp
memory/972-559-0x0000000075230000-0x0000000075445000-memory.dmp
memory/972-557-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp
memory/2196-562-0x0000000002060000-0x0000000002460000-memory.dmp
memory/2196-563-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp
memory/2196-565-0x0000000075230000-0x0000000075445000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24770a01298ad2f1456c6c4cf4366817 |
| SHA1 | 5dc34a78cc770a2a24cccdcfefb34050e2ad82fc |
| SHA256 | 5cb1aeba53bcf006320634c8c0985b41713ea029decd112979d2c4920f6b7713 |
| SHA512 | f79130a303a9a299df1f58d1bc2d8079e130b798325130f3a83864660679d166afa6e5954ecef2f26280ee098389d31775633b88e95c8b481a7936b37e67b41e |
memory/3580-578-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/3580-577-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/3580-583-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/4580-585-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/3580-581-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/3580-575-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/3580-576-0x0000000010000000-0x00000000101E3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a08bbea3ed2e8b033cace2e8b4e02a6f |
| SHA1 | 0fc42749f25a2e610b6641aab200f9462f9c3901 |
| SHA256 | dc58cf88428cac351511d01cbe4a4a378c685975ff73b03dc027bb3ea8d7df09 |
| SHA512 | 262fffd93a13e3707881b4e5e0028de851a35b2bf3c3650737559af9bbb7645cc4336fec462469cc950318f6fcd503a89f1994aa04c3f4c0e8216a4464256ad5 |
C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll
| MD5 | 8da23dbb8f4b718bf99600febd657bfd |
| SHA1 | 2bb78d79d2137460b7a969d7b97fe8fd7cae54c1 |
| SHA256 | c345eded871650d87eb8961d4b1fa59c76160d89045ef49a0b6239bfb7ab90fe |
| SHA512 | 113805bed2e98f0307299071d0c2d7cfaacc74478d306309927b27f8251fa5c6657e8f1baf69dd3a1131b9664a6d4f18191b2079605cc48bb031df66a1e5a1d9 |
memory/4580-597-0x00000000037D0000-0x0000000003BD0000-memory.dmp
memory/4580-598-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp
memory/4580-600-0x0000000075230000-0x0000000075445000-memory.dmp
memory/4084-603-0x0000000002330000-0x0000000002730000-memory.dmp
memory/4084-606-0x0000000075230000-0x0000000075445000-memory.dmp
memory/4084-604-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e50aa1babed5acb6661e68996a915e65 |
| SHA1 | 8c7e1e693fa440f744a42dce44601f104538b5f3 |
| SHA256 | bbee94f8012ad75d660385e1d48326371ae76ae7c4c1ec66ee637a4dc04da630 |
| SHA512 | ec8333ce20fa89e4a31f71e5874b99627cf877753afc7b40fd0f0d2019c951973452106040a1c0ec084f6814fa0494aff3943dd0aedcb4bf3e452db87499aa5f |
C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe
| MD5 | 4864a55cff27f686023456a22371e790 |
| SHA1 | 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c |
| SHA256 | 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2 |
| SHA512 | 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 66b062542d590ea804747a7fddf7f2c1 |
| SHA1 | 963df5151a8c720f525bf608757148c48cb18478 |
| SHA256 | 05f5445b4850b2aea80c33522fb9ca882804d2a73e7548213fe02f575d819d3d |
| SHA512 | 09ed337d23c26f3d4ef3b3e8ba0d40c3c3def136a6f45317e77c7e8c2afadb64b78a5735cd6a3679f9ab26a4f6b18fe5a46e102bf8005fcdf940f4df59f3b29a |
memory/2696-637-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2696-642-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2696-644-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2616-646-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/2696-639-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2696-638-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2696-636-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2616-652-0x0000000075230000-0x0000000075445000-memory.dmp
memory/2616-650-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp
memory/2616-649-0x00000000038F0000-0x0000000003CF0000-memory.dmp
memory/3436-655-0x0000000003060000-0x0000000003460000-memory.dmp
memory/3436-658-0x0000000075230000-0x0000000075445000-memory.dmp
memory/3436-656-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f75aa81fc6c7a9082fcfca5d6a8c9cef |
| SHA1 | b3d5feef223498e586d646e1bf6b9fbe06ffb195 |
| SHA256 | b03e641f49a9da189b616a3663533ca1e57d416d2db606d78cd92c0d470f1e44 |
| SHA512 | 8bb479f40d1b18f777b5cbf679183694aeeda1cec8b82e3850d8c3d559826e389018a9b59fba2a56f9a595ee87daeae437976c794f6f3690a24196271ee36179 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b32f8f0d2858ea458312e5d72aadcdd4 |
| SHA1 | 0dbfdad688098f072ac4867df419e90372372ce7 |
| SHA256 | 7f0189c0c49fa6d0a03487e2be8f9c13f4081bfa5b5bcb626d2e7a41c7430cf1 |
| SHA512 | ace85b2d674e60975aa945a8329a47e928dfe1ede9486a53c7a738131c3cd60c0349d373eeaa9b2de327bd964cf083f562b845727893ce58a8be1787ca1eb966 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad8f4220f743081bb9e5ed52fe77ebcb |
| SHA1 | 5cc63897f34c4d61620f5ba84617d3d2ef001bad |
| SHA256 | 75f4723e4668fd81d554a35d616d9ae609c1755b68bf4bd42e970e398a3a51f7 |
| SHA512 | 7164e097d12a15ee3eb08544d1bfe4967e5d86f213457590ac23aa863967822da698471bf45f18abe050a8ceca6e3cf318793eca9697002b19201a981725a73d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37cb6b6f13b6d26da36095f6f5cdd744 |
| SHA1 | 388fb16248c6fcfcc4ca355724e3229c926b76b4 |
| SHA256 | 5cbc6027c7e77179d307ece2a2267da48539e70ee5a0afddb46fb75ec477bdc6 |
| SHA512 | cd4343381820d67cbe8bd290f9c0f1c4060422c54a8b0e6e03073b587068686aa39ca6cb2326036cb4341789bbf41281e19d845efc1e8de1d4b9304462b12d67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27893f16036287301b9184307eea769f |
| SHA1 | d51cd0766ce40eef5a4490ba0f3865e596d704a7 |
| SHA256 | e75d65008adc9eea346db10f5b0e0e37e6bf32cbebe4fd948b5e78772cbe19b8 |
| SHA512 | ec7cbf963e23db76ddedffb5146607d3aad8957217e2cc4bfd04f21993da089ed715370cbf4aa0afc4129c153dc6e2c42caebca247ec086e6d35678f99aa8307 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 067fdf8df1167c46dca808ae895bbf53 |
| SHA1 | 1a7c58bd1f6dd32f1b9bf33def8ea895ef518d54 |
| SHA256 | 1d53f0199eee8cda8a111c07fad1faf9664397f4c2c86fe0d567a15d58a98dd2 |
| SHA512 | 64729f4ce6fd9f2af74fccbb4d46caf8624d16069425827c8d7888d506511ff12be13b898086e07f106bbf878a786658f7d546577f5586e1d711a0a5839e318e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8120759547cf1e60d896d27ada5217ef |
| SHA1 | 6ea5fb15e9014d0f53d222221ac3e148ad3b912a |
| SHA256 | 766f079cde25a725927e65a696d218e9c3f82bedde194ba99df13e6ee63051a9 |
| SHA512 | cb41de7f64161cc65b754245f67f0139684a70ea6b89c5a691db205f3741c42cabda8d20ffda51896263fff06ccff8857f50a1923fb99f08ced0312ea9da2eb6 |