rhadamanthys | hxxps://www[.]dropbox[.]com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School[.]zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

Analysis

max time kernel
385s
max time network
563s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Extracted

Family

rhadamanthys

https://147.124.220.233:7843/0a493f164c8de167e156e/s2u8lic7.93tn6

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

Revocation of copyright for The Music School.exe

description pid process target process

PID 2916 created 2952 2916 Revocation of copyright for The Music School.exe sihost.exe
Executes dropped EXE 2 IoCs

Processes:

Revocation of copyright for The Music School.exeRevocation of copyright for The Music School.exe

pid process

1120 Revocation of copyright for The Music School.exe
2916 Revocation of copyright for The Music School.exe
Loads dropped DLL 1 IoCs

Processes:

Revocation of copyright for The Music School.exe

pid process

1120 Revocation of copyright for The Music School.exe

description	pid	process	target process
PID 2916 created 2952	2916	Revocation of copyright for The Music School.exe	sihost.exe

pid	process
1120	Revocation of copyright for The Music School.exe
2916	Revocation of copyright for The Music School.exe

pid	process
1120	Revocation of copyright for The Music School.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint"	reg.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
1648	2916	WerFault.exe	Revocation of copyright for The Music School.exe
3884	2916	WerFault.exe	Revocation of copyright for The Music School.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Revocation of copyright for The Music School.execmd.exereg.exeopenwith.exeRevocation of copyright for The Music School.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Revocation of copyright for The Music School.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714719350188959"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3656 NOTEPAD.EXE

pid	process
3656	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exechrome.exeRevocation of copyright for The Music School.exeopenwith.exe

pid	process
3752	chrome.exe
3752	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2916	Revocation of copyright for The Music School.exe
2916	Revocation of copyright for The Music School.exe
2896	openwith.exe
2896	openwith.exe
2896	openwith.exe
2896	openwith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3752 chrome.exe
3752 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

Processes:

chrome.exe7zG.exe

pid	process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3844	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

OpenWith.exe

pid	process
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe
540	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3752 wrote to memory of 2264	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 2264	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 4752	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1116	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1116	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe
PID 3752 wrote to memory of 1564	3752	chrome.exe	chrome.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2952
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82b2ccc40,0x7ff82b2ccc4c,0x7ff82b2ccc58
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4380,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5028,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3004

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11961:150:7zEvent31451
1⤵
- Suspicious use of FindShellTrayWindow
PID:3844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:2924

C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1120
- C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe
  "C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 452
    3⤵
    - Program crash
    PID:1648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 440
    3⤵
    - Program crash
    PID:3884
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4792
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2916 -ip 2916
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2916 -ip 2916
1⤵
PID:3796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:540
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\msimg32.dll
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d188d592da031efdc088b431eddfccac

SHA1
836abe7703c69710dd0edce95b2284ef1c530059

SHA256
6e9efe357c272fc79e50c9f16441ca583517e96e27111c95a263905604cd1385

SHA512
e0b59ea7a5fe1683f457008ee463e9a307d3ed7f5e7eaa664204f72edf97a634d7509c3746c30c39acf6f8bb05d5d3b52d8bf21fab91beb798c995697c264d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d73b01655748924b336ee4354b9c8a0c

SHA1
088ba903cc0d3773879206ef294cab346e12521f

SHA256
1f59c8146bdd33bff85bdf53d5babf8c3efe05d9a35e6d8c6eda1eb3b4b5d753

SHA512
7083c700af71f24e4ef7f94f70423fbee23fb178a4dd64e2e373f691a5d74925a7655704fb5263a67f6025f17fac03b49ce2ceb14a81f8e19d88e77f54035fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
01bd19779bd4c6561a2e50a56606fbaf

SHA1
304d67b630576c18e2693f90d3a79110e6d79afb

SHA256
a331603efe39aebe5ef336dd10f48d4b31a9b00cbaa53d0fcc0f97b2a5f37a38

SHA512
3eaa282f5a286e205ba744bfdf9de00bf6c45526df5b453bb97d3115027dc6ecdc3042a84e8b07aeb00a7cdbc2fd9882c1dce6c8e8e802c7b7c56f7a5a1c6ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
be9a0be788efd4770a426f5164e5e639

SHA1
08294dd92f6510c0cf4d3a2890b7562ab30449ef

SHA256
4fb22c0be6d65385fa72c7b9778f80e7b12a43b8f49334e30063a02c42cc76d8

SHA512
29839d435f279f1772737d59f47f1461522ab0dd35fb44901080ebaf62792898b8a544e38df4a818662c05ddb7c4d6718b637dc2d49c7249d81f2e8d8891746a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
919c902f0272d40f4aade6c6c4607138

SHA1
8ca17db945496994896bb6c2ae09d17ca2ad30c3

SHA256
239f3d39918614667a1e38537362b498793768fdefecd6db8cd76972d0a7ff04

SHA512
8961b5464367fedd40728502d259c46cba8eb0106b0a9eaaef0549fa8d62ebcc7b48d7e193270794afebb9640837845b5f03b4dbc33776e5d383ccd5723ea5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a14e8b5af7a3aff46cc5036c48a7b5a1

SHA1
b3f5f4ac0ad5f2d32f60b59ccd1cd33e506f3a2b

SHA256
0356a2ba90734eb347b13b5bdfa7c66462343af95945c4fd85166b37b43815aa

SHA512
c7141fd53a828df1f8720547baa51aed8f4d539f46b5813993d59281a603943722737c6a9c41ba06b2c63253bbc17e76e96049886e287a4f18639195ac1ecaf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbe6594510040a0696b355a0b4e2b34d

SHA1
2a2d71f9a147187d4e64f9795c7c35114353c1ff

SHA256
22421bac7ea95551815f9959343989ade5cd8885dbda309b27294d7bbcd15c2b

SHA512
6cc3d57c40ed4d4e1033d4836ce0ec0919e1c99c761ae14a7f2477fb54373d93b4db6750062dcc0c9590cab35f87713651427705d89e10c39980dc214b14cdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85ae476b3c15209f37d45f5dbbbf34dd

SHA1
6c2e9bc564cfe080345a36a469740f6d12d1a134

SHA256
cb543fb0effcbdca6db9f99be23b37fca2a7c74030e10eebe31119478e54c69a

SHA512
aa0e114725dcb1cafc7b45ee7b92e44acf9422dff2ab9a32e864ba375297cfbdd8a76ab7e5c6f6c267c2cc9752e399fda3324197e0f8f598b6232fc688b30ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3be6cb6efb625f0915846cdd2040cf5

SHA1
bcb08fd6d4267c76da51d75c7625dd87cfa3dc71

SHA256
1018cef52844fa22582101ac2549eba858c301c0d8ffa2d37cc727e735b83c78

SHA512
6e81775b09e4daa06d960a9d15646fe60807747cc335d21a6ea7250e160735982f1e55900b27e35844d587281d0d38075491d76085d90c23d8e9830fd127f00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e4fcaffd2a37a8d8989c4a38fbb9024

SHA1
f3e56dd1068cdfa22e9f1f045c1d06c59dc8577f

SHA256
62cd6c0c91d85d8029f00fb28d0203fcc245a75327d66cac476312c7cf387e81

SHA512
622c214f1083ec530ccefb975aa204d18836dc429755a41be7c594416a5e28814a362f090b4464de7fd289ac932972e04c142d3db41015d84bbd71e611737087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de6658cba3f98467ec48c3becd7bbbbe

SHA1
c29258f5209b35eec2d36adae9ae965d55bf0fdb

SHA256
18e924663575dd276bc250a811b68761f8fe2e777be11e6ad0c30d6afadd725a

SHA512
bb8dceef17a1e50218bd03379a4294afb826b028edf8bbcea4b00571c8b243431b568fc90562f94cc9a7e85d1fa7173e3e594a6ae4ea13145024ba6b0d033542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6cb2de8b6234c41d8b0a2c5b13852c4

SHA1
412b476adef5a2dc9644919346a2ee31e8ee27b8

SHA256
e7ff3f144dcd8ecb0b6ec87e8be32c372d3815a2d90ec7b4a3421e4ae8290d0a

SHA512
be0659385e75d8783b38452a09399e42c29e6d7a920565eaed277609d613695192616341b74405d1f534ac243fdd4a45393d466f53f67685a2edec71f13bdf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3dc71e8af760d2ec84060cbc4a3183f

SHA1
7345a46974ebecfcf1d894c2064a76b8b32f1ad1

SHA256
e958e1881ae1b8d1ab5418f8d82ab675790d460d7c4dc309ddd7c1ac4543d248

SHA512
d97e28898ef83f49b850782bf2ac5c85e7e4f3ff0392129bb1896de355423a6cd85f1e706485c73d3a7104590263885b74b9bb0d58ba781106974016780fe66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d16ab56a06b1980e68ef79aa7a9d61be

SHA1
f6a15fd3688b6d9fa58f7f057b05057266d86a35

SHA256
09d20a8ccc772044b4e2418a79d46e368061a01e1c2ea72251e245002b7fc907

SHA512
e0a3164fbb0b43c8e3554a3f1f6bf6ee0f92bbdca3b53c7de3b3b860cc30d3f7918766be21d7ef3cd0800f1d7784a77cf5612f8a8284a1001df7e265b62fcafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
719b74a01602267c75821216b83c2ce2

SHA1
899f9f2a0e1c64d7466490bd14deabc449733e22

SHA256
477cd48901b6a8569a33c0340ce74e11b2e84b2d32f2badda5908cdc60622f22

SHA512
3893377ae309ccce0ca7781128b9660e186c16264a464d8ed7516e269f5c4180eaa3921be6006aec24afaa7aef8c8f1f8457417564e3d965f3846f9de8519b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4266977b5906cf833e44c24f6ae3dab0

SHA1
438f97988852638bfda2ea992c9749eda9aefcc9

SHA256
fe0384c6bec55055b917bdf87b66b0b39cdba979678191843db4d4458cc05ab1

SHA512
6f4e6dc16a110c6536de642f36e374dcd49ed3421a60e0cc99af5b42bc88fb462c059f6f6295778279ed8c4cbdc8f2b027511edc5ae556d8d547960def85285f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d97f20ee6329574d0a04dddb97b81e9

SHA1
ad6296dc3fc6779b3b32e6f9935a3da2d96a0cd1

SHA256
42950b7bbfe0c6345482148956a578501409a2f7059a5d8bfe35d50fa8c22238

SHA512
0bb9f469f3daeebc9de4e66a616029f07f026a11488cb8f21babbca8bbb9add1f3f19fe71ecc77d67f62f93996a54fd4b71ce60ce011bacd6cbf664f61206e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f894e3a8a50a62604b4fed42a1116583

SHA1
8842dc93b2899eb56275c176b26fbc18502a64b8

SHA256
2f2f9c77ac67e1f997b149612606155df74c661d633dc6ebe9d896864c9a25ce

SHA512
29cf78aecbb449320418ea8238d2be2d2dea2b326b57a239f14541b66cee8d23fc512f16f72262bc1deb720ac6831880bd22c5d848c1d19cadc1c2fb4629d19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04b2c41611a8730ddfdd5a08269f6657

SHA1
79b84960f93d02ce1f15e25996d40fbad79869d0

SHA256
afef8a310e1ed92c6dff38c5de9e84fd8b5539de236ef351aeabb7dfdc2b3b80

SHA512
dff50618a72790e79ccd14592c8a63756255eab325b08b3012d22108c1f662650ba385f9257efddcd6bf0e48de664e4c475825e3744289785c3bc8f6efb2964d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
501c485a8eef67387cce523a03062c8d

SHA1
e19bec5453e62288c41497bf08b5550021a85a25

SHA256
556dedb21b4bb335b7be43cf479e27210ca8eddfd93262e6af866b34a4a3a21f

SHA512
04135acf69c01c65b00c4dc8b4965b3a64caa01cf45ffa1fb22718c685d58e7a837fa129b1c3e00a198e0e3f80de392df2e54985b6fd0c8db60b6d30db9532e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
623899405870f48421a711f6593a8fd9

SHA1
8ed8728db197826a48b3c5496e8e3ea777fb74f8

SHA256
dd0b9ee567a84b20b454e5da61d419aecce8e4837cf8202c6b5eea3799700108

SHA512
2dc3d26cffb303269040c255283e5a7311b31dd4055f9c23c7757213147b68cbaafd228237285621f1e04e06bb72b1e4b9f34735ddd34685931e208d73cf43be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c748141aecb04315d0cc26c229e11a0

SHA1
660a5ce9d216bd259a08b7419a19259c39b85a8f

SHA256
648cbb5de2824dc8200272d08c0577606cd864ed1ac70825437bb1b64d20214e

SHA512
24d43814f0c498c87d716080a9e6386afbebb3d2d6d5611db3b7ffb2fc03c0754f1823ac7114b518192efd55cea5cb2a0e6f7be6743823c84c772c33cb13144c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd0b8bc4bf589dd5197edf29f08f961f

SHA1
6a25ad02cc6a878263db25aef922a0586baec4a8

SHA256
eb5c22109b07d5f108ffca99b4c90db09bc0f454aab5860fca57327560d474c5

SHA512
8deb658cc85f1074dd3ca704825eab23c74cc319b928acac15cc61f03bd899787d3482b31ad80a1df9644c9d82bc03cc349d28d583c47c67e14d81d71edbf2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb44ff4e84aa4bea3918fecc5658c2f2

SHA1
027904c83924cc611804d9ca9049020baece3856

SHA256
1fcccffe06a54237a4d609aa8710597901a5df43af5ca6ba3dc09ea78aec370c

SHA512
3972d4343b12d90909412ade07e0f0229da5cde1f2f60d09c53e873ee482e76d925b40cc797bc5b1af2796330440776cf36e6537692e1dd4c88565b4d8e8b06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2665fda6c863dedab501173d2cecaa8a

SHA1
6f07b6b452172902f6ff488956e2f82041ed0fb1

SHA256
3aab27935c5c7888ef0e2061a16c42ebdc0429367852c6bbb36c3d3d557fbcc3

SHA512
94da25b4711efdfc9d16282d113132ecdd085d168c961b3776b8932b8b8f188e85196d3d2c8efdc22dafd4a1556c06f4c4a94247ba52dce9b39ed3afd781d8e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
853280cba030afd565af3d20c8f68f7e

SHA1
31987e178d9aaba37d5a1dfd5b8ae660408a1da1

SHA256
250b4d4c28674baac4c0178ac3a2307c88b4c35a86ed9c6861c306a6797bd8e3

SHA512
bff951421b767e7f8ae81e69229183b5375446f1166ff9d96f733762ec8e4922dc47d6ac3b219938e1d1c80882f9a8b56298d25dff513d9bb7577751481d432c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b9cc7e83a92673e57df0e14c6cd1423

SHA1
01375c8120a07c708d2a759a02fdbe65a3e2061e

SHA256
49d121045adbdf9659a5f3bc03d2a1dac78537d010f4d851524501a2481c9a0c

SHA512
bad30087f742c6327d108acf67035bdcd64c5b0d7989876c90902382dbdd812dbbdce0c32aa04e9e626701a1be44a74514cf76febc226cfec31556549750c6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7cb6c35774439f74abae35f27e1c5f1

SHA1
f275dfa3d30bc4d71cf8cf72a76a0f724ec578ad

SHA256
6f705f9ab108148607c435191fbcd0700a0bfab1b2b56d1b1007f6cfc8b07887

SHA512
2f7c80f7a91988eae715257dc32e14b82b1a7e4b19bc927aa12bfa518f35df887948d94cc3522b68b1f1b28c0463deeb07a13804fe1af0a1cfb8651ff36b9898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb192ceceec0f0ec0181523ece4fc09b

SHA1
ef34045d738138799864893de70945df9f8b32e1

SHA256
b3c1e4d9015779ce8eb84e4c7427bf2359a7502308c553bab62f9d5fb5b2d945

SHA512
dac6f5f5962c804ad9a12da5a04d997f43b4b041075ec64e8a8d5e79ca4a355f542d724143ff9209bbbda552b110154a54632e885598bea4948405d3a1b3789f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9da790674aa534a197d419a6e3e4d91a

SHA1
857dcc158929fde12009ec1adcd221c78a0f83ed

SHA256
64677b54073f5754fb107823fe0a79852726bc1d6e4bf5015d0456cead6177ad

SHA512
2627f9bd8fcfee45c8fdb2aea5a841e7be0e4f57fa8af668b496389649dfec07395a756ce4cfb9dfcdfd658dd727bd37325b1ae8f7ddda44c70c4fc533cb536c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0e423a09577df81cf7c469b8d93da3a1

SHA1
974f8cf25b83e77c67b25cc7b060a87ae582c87a

SHA256
3656f8a9707230348c13d9c2fd7388667f800006c31e616fc7099801f75794b6

SHA512
01f567814e64f35a205e028d7359ee1d61671f6f6128f6500e7029f2c397c741507c5eb460133dfa5ec74f49412d22b4d28e0d1a23bff2962bba8235d47f5ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d9b65274cec56bbc379d6059f5847e9b

SHA1
afc216a828a67419b9cf451d3e6a20ab4e62a050

SHA256
f9ebf3a3fb5cfb40e9090c3af32ce1f09b78b94a3deaf008490f423068c271ad

SHA512
875caadadbd9bd1c57a24d4ada90bd8a5379cec267c4807f22ab005d5908bd969a9e77f4d29daadee1c473f52279892051d55360d8866994af4a58e6c0a6cb21

Download Submit
C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe

Filesize
6.1MB

MD5
4864a55cff27f686023456a22371e790

SHA1
6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

SHA256
08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

SHA512
4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

Download Submit
C:\Users\Admin\Downloads\msimg32.dll

Filesize
15.0MB

MD5
e29bbcc3dc9ac5bdfbca71244215a4f5

SHA1
4b97f6ccebb6f188def1640e1311500eeaf6e65a

SHA256
155b4e58c22533bee1ada6310498b54d031c7234f3dd54e9ab04d12c29d5497c

SHA512
618777b4a6605047f2dc2bcdd2c63a569165172a1244e3bba70769efc1a29b6bf544bd58223a8c1d3d023f20c8663e765c725e76dd3b882421ddd677162e8bc8

Download Submit
\??\pipe\crashpad_3752_AZOKRVCQBSPLPGUA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1120-227-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1120-233-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1120-228-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1120-225-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1120-226-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/1120-231-0x0000000010000000-0x00000000101E3000-memory.dmp

Filesize
1.9MB

Download
memory/2896-244-0x0000000002160000-0x0000000002560000-memory.dmp

Filesize
4.0MB

Download
memory/2896-245-0x00007FF839EF0000-0x00007FF83A0E5000-memory.dmp

Filesize
2.0MB

Download
memory/2896-247-0x0000000077070000-0x0000000077285000-memory.dmp

Filesize
2.1MB

Download
memory/2896-242-0x0000000000470000-0x0000000000479000-memory.dmp

Filesize
36KB

Download
memory/2916-238-0x00000000037D0000-0x0000000003BD0000-memory.dmp

Filesize
4.0MB

Download
memory/2916-230-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/2916-236-0x0000000000A30000-0x0000000000AAE000-memory.dmp

Filesize
504KB

Download
memory/2916-237-0x00000000037D0000-0x0000000003BD0000-memory.dmp

Filesize
4.0MB

Download
memory/2916-239-0x00007FF839EF0000-0x00007FF83A0E5000-memory.dmp

Filesize
2.0MB

Download
memory/2916-241-0x0000000077070000-0x0000000077285000-memory.dmp

Filesize
2.1MB

Download