Analysis Overview
Threat Level: Known bad
The file https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1 was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
System Location Discovery: System Language Discovery
Program crash
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Opens file in notepad (likely ransom note)
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 09:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 09:45
Reported
2024-09-22 09:55
Platform
win10v2004-20240802-en
Max time kernel
385s
Max time network
563s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2916 created 2952 | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" | C:\Windows\SysWOW64\reg.exe | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714719350188959" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\openwith.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\openwith.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\openwith.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\openwith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82b2ccc40,0x7ff82b2ccc4c,0x7ff82b2ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4380,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11961:150:7zEvent31451
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5028,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe"
C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2916 -ip 2916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 452
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2916 -ip 2916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 440
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\msimg32.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uc5c4ed57d48f815abb985e20ef7.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uc5c4ed57d48f815abb985e20ef7.dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | uc5c4ed57d48f815abb985e20ef7.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.170.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cyberchef.org | udp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 199.165.32.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 45.32.165.199:443 | cyberchef.org | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons3.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3752_AZOKRVCQBSPLPGUA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d188d592da031efdc088b431eddfccac |
| SHA1 | 836abe7703c69710dd0edce95b2284ef1c530059 |
| SHA256 | 6e9efe357c272fc79e50c9f16441ca583517e96e27111c95a263905604cd1385 |
| SHA512 | e0b59ea7a5fe1683f457008ee463e9a307d3ed7f5e7eaa664204f72edf97a634d7509c3746c30c39acf6f8bb05d5d3b52d8bf21fab91beb798c995697c264d4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0e423a09577df81cf7c469b8d93da3a1 |
| SHA1 | 974f8cf25b83e77c67b25cc7b060a87ae582c87a |
| SHA256 | 3656f8a9707230348c13d9c2fd7388667f800006c31e616fc7099801f75794b6 |
| SHA512 | 01f567814e64f35a205e028d7359ee1d61671f6f6128f6500e7029f2c397c741507c5eb460133dfa5ec74f49412d22b4d28e0d1a23bff2962bba8235d47f5ca0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de6658cba3f98467ec48c3becd7bbbbe |
| SHA1 | c29258f5209b35eec2d36adae9ae965d55bf0fdb |
| SHA256 | 18e924663575dd276bc250a811b68761f8fe2e777be11e6ad0c30d6afadd725a |
| SHA512 | bb8dceef17a1e50218bd03379a4294afb826b028edf8bbcea4b00571c8b243431b568fc90562f94cc9a7e85d1fa7173e3e594a6ae4ea13145024ba6b0d033542 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | be9a0be788efd4770a426f5164e5e639 |
| SHA1 | 08294dd92f6510c0cf4d3a2890b7562ab30449ef |
| SHA256 | 4fb22c0be6d65385fa72c7b9778f80e7b12a43b8f49334e30063a02c42cc76d8 |
| SHA512 | 29839d435f279f1772737d59f47f1461522ab0dd35fb44901080ebaf62792898b8a544e38df4a818662c05ddb7c4d6718b637dc2d49c7249d81f2e8d8891746a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9da790674aa534a197d419a6e3e4d91a |
| SHA1 | 857dcc158929fde12009ec1adcd221c78a0f83ed |
| SHA256 | 64677b54073f5754fb107823fe0a79852726bc1d6e4bf5015d0456cead6177ad |
| SHA512 | 2627f9bd8fcfee45c8fdb2aea5a841e7be0e4f57fa8af668b496389649dfec07395a756ce4cfb9dfcdfd658dd727bd37325b1ae8f7ddda44c70c4fc533cb536c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 01bd19779bd4c6561a2e50a56606fbaf |
| SHA1 | 304d67b630576c18e2693f90d3a79110e6d79afb |
| SHA256 | a331603efe39aebe5ef336dd10f48d4b31a9b00cbaa53d0fcc0f97b2a5f37a38 |
| SHA512 | 3eaa282f5a286e205ba744bfdf9de00bf6c45526df5b453bb97d3115027dc6ecdc3042a84e8b07aeb00a7cdbc2fd9882c1dce6c8e8e802c7b7c56f7a5a1c6ba9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c748141aecb04315d0cc26c229e11a0 |
| SHA1 | 660a5ce9d216bd259a08b7419a19259c39b85a8f |
| SHA256 | 648cbb5de2824dc8200272d08c0577606cd864ed1ac70825437bb1b64d20214e |
| SHA512 | 24d43814f0c498c87d716080a9e6386afbebb3d2d6d5611db3b7ffb2fc03c0754f1823ac7114b518192efd55cea5cb2a0e6f7be6743823c84c772c33cb13144c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d9b65274cec56bbc379d6059f5847e9b |
| SHA1 | afc216a828a67419b9cf451d3e6a20ab4e62a050 |
| SHA256 | f9ebf3a3fb5cfb40e9090c3af32ce1f09b78b94a3deaf008490f423068c271ad |
| SHA512 | 875caadadbd9bd1c57a24d4ada90bd8a5379cec267c4807f22ab005d5908bd969a9e77f4d29daadee1c473f52279892051d55360d8866994af4a58e6c0a6cb21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd0b8bc4bf589dd5197edf29f08f961f |
| SHA1 | 6a25ad02cc6a878263db25aef922a0586baec4a8 |
| SHA256 | eb5c22109b07d5f108ffca99b4c90db09bc0f454aab5860fca57327560d474c5 |
| SHA512 | 8deb658cc85f1074dd3ca704825eab23c74cc319b928acac15cc61f03bd899787d3482b31ad80a1df9644c9d82bc03cc349d28d583c47c67e14d81d71edbf2b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 919c902f0272d40f4aade6c6c4607138 |
| SHA1 | 8ca17db945496994896bb6c2ae09d17ca2ad30c3 |
| SHA256 | 239f3d39918614667a1e38537362b498793768fdefecd6db8cd76972d0a7ff04 |
| SHA512 | 8961b5464367fedd40728502d259c46cba8eb0106b0a9eaaef0549fa8d62ebcc7b48d7e193270794afebb9640837845b5f03b4dbc33776e5d383ccd5723ea5a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d73b01655748924b336ee4354b9c8a0c |
| SHA1 | 088ba903cc0d3773879206ef294cab346e12521f |
| SHA256 | 1f59c8146bdd33bff85bdf53d5babf8c3efe05d9a35e6d8c6eda1eb3b4b5d753 |
| SHA512 | 7083c700af71f24e4ef7f94f70423fbee23fb178a4dd64e2e373f691a5d74925a7655704fb5263a67f6025f17fac03b49ce2ceb14a81f8e19d88e77f54035fef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2665fda6c863dedab501173d2cecaa8a |
| SHA1 | 6f07b6b452172902f6ff488956e2f82041ed0fb1 |
| SHA256 | 3aab27935c5c7888ef0e2061a16c42ebdc0429367852c6bbb36c3d3d557fbcc3 |
| SHA512 | 94da25b4711efdfc9d16282d113132ecdd085d168c961b3776b8932b8b8f188e85196d3d2c8efdc22dafd4a1556c06f4c4a94247ba52dce9b39ed3afd781d8e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a14e8b5af7a3aff46cc5036c48a7b5a1 |
| SHA1 | b3f5f4ac0ad5f2d32f60b59ccd1cd33e506f3a2b |
| SHA256 | 0356a2ba90734eb347b13b5bdfa7c66462343af95945c4fd85166b37b43815aa |
| SHA512 | c7141fd53a828df1f8720547baa51aed8f4d539f46b5813993d59281a603943722737c6a9c41ba06b2c63253bbc17e76e96049886e287a4f18639195ac1ecaf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3be6cb6efb625f0915846cdd2040cf5 |
| SHA1 | bcb08fd6d4267c76da51d75c7625dd87cfa3dc71 |
| SHA256 | 1018cef52844fa22582101ac2549eba858c301c0d8ffa2d37cc727e735b83c78 |
| SHA512 | 6e81775b09e4daa06d960a9d15646fe60807747cc335d21a6ea7250e160735982f1e55900b27e35844d587281d0d38075491d76085d90c23d8e9830fd127f00a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bbe6594510040a0696b355a0b4e2b34d |
| SHA1 | 2a2d71f9a147187d4e64f9795c7c35114353c1ff |
| SHA256 | 22421bac7ea95551815f9959343989ade5cd8885dbda309b27294d7bbcd15c2b |
| SHA512 | 6cc3d57c40ed4d4e1033d4836ce0ec0919e1c99c761ae14a7f2477fb54373d93b4db6750062dcc0c9590cab35f87713651427705d89e10c39980dc214b14cdaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6cb2de8b6234c41d8b0a2c5b13852c4 |
| SHA1 | 412b476adef5a2dc9644919346a2ee31e8ee27b8 |
| SHA256 | e7ff3f144dcd8ecb0b6ec87e8be32c372d3815a2d90ec7b4a3421e4ae8290d0a |
| SHA512 | be0659385e75d8783b38452a09399e42c29e6d7a920565eaed277609d613695192616341b74405d1f534ac243fdd4a45393d466f53f67685a2edec71f13bdf5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 85ae476b3c15209f37d45f5dbbbf34dd |
| SHA1 | 6c2e9bc564cfe080345a36a469740f6d12d1a134 |
| SHA256 | cb543fb0effcbdca6db9f99be23b37fca2a7c74030e10eebe31119478e54c69a |
| SHA512 | aa0e114725dcb1cafc7b45ee7b92e44acf9422dff2ab9a32e864ba375297cfbdd8a76ab7e5c6f6c267c2cc9752e399fda3324197e0f8f598b6232fc688b30ee3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d16ab56a06b1980e68ef79aa7a9d61be |
| SHA1 | f6a15fd3688b6d9fa58f7f057b05057266d86a35 |
| SHA256 | 09d20a8ccc772044b4e2418a79d46e368061a01e1c2ea72251e245002b7fc907 |
| SHA512 | e0a3164fbb0b43c8e3554a3f1f6bf6ee0f92bbdca3b53c7de3b3b860cc30d3f7918766be21d7ef3cd0800f1d7784a77cf5612f8a8284a1001df7e265b62fcafd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e4fcaffd2a37a8d8989c4a38fbb9024 |
| SHA1 | f3e56dd1068cdfa22e9f1f045c1d06c59dc8577f |
| SHA256 | 62cd6c0c91d85d8029f00fb28d0203fcc245a75327d66cac476312c7cf387e81 |
| SHA512 | 622c214f1083ec530ccefb975aa204d18836dc429755a41be7c594416a5e28814a362f090b4464de7fd289ac932972e04c142d3db41015d84bbd71e611737087 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d97f20ee6329574d0a04dddb97b81e9 |
| SHA1 | ad6296dc3fc6779b3b32e6f9935a3da2d96a0cd1 |
| SHA256 | 42950b7bbfe0c6345482148956a578501409a2f7059a5d8bfe35d50fa8c22238 |
| SHA512 | 0bb9f469f3daeebc9de4e66a616029f07f026a11488cb8f21babbca8bbb9add1f3f19fe71ecc77d67f62f93996a54fd4b71ce60ce011bacd6cbf664f61206e04 |
C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe
| MD5 | 4864a55cff27f686023456a22371e790 |
| SHA1 | 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c |
| SHA256 | 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2 |
| SHA512 | 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb |
C:\Users\Admin\Downloads\msimg32.dll
| MD5 | e29bbcc3dc9ac5bdfbca71244215a4f5 |
| SHA1 | 4b97f6ccebb6f188def1640e1311500eeaf6e65a |
| SHA256 | 155b4e58c22533bee1ada6310498b54d031c7234f3dd54e9ab04d12c29d5497c |
| SHA512 | 618777b4a6605047f2dc2bcdd2c63a569165172a1244e3bba70769efc1a29b6bf544bd58223a8c1d3d023f20c8663e765c725e76dd3b882421ddd677162e8bc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f894e3a8a50a62604b4fed42a1116583 |
| SHA1 | 8842dc93b2899eb56275c176b26fbc18502a64b8 |
| SHA256 | 2f2f9c77ac67e1f997b149612606155df74c661d633dc6ebe9d896864c9a25ce |
| SHA512 | 29cf78aecbb449320418ea8238d2be2d2dea2b326b57a239f14541b66cee8d23fc512f16f72262bc1deb720ac6831880bd22c5d848c1d19cadc1c2fb4629d19d |
memory/1120-228-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1120-227-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1120-225-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1120-226-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1120-231-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/1120-233-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/2916-230-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/2916-236-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/2916-237-0x00000000037D0000-0x0000000003BD0000-memory.dmp
memory/2916-238-0x00000000037D0000-0x0000000003BD0000-memory.dmp
memory/2916-239-0x00007FF839EF0000-0x00007FF83A0E5000-memory.dmp
memory/2916-241-0x0000000077070000-0x0000000077285000-memory.dmp
memory/2896-242-0x0000000000470000-0x0000000000479000-memory.dmp
memory/2896-244-0x0000000002160000-0x0000000002560000-memory.dmp
memory/2896-245-0x00007FF839EF0000-0x00007FF83A0E5000-memory.dmp
memory/2896-247-0x0000000077070000-0x0000000077285000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 853280cba030afd565af3d20c8f68f7e |
| SHA1 | 31987e178d9aaba37d5a1dfd5b8ae660408a1da1 |
| SHA256 | 250b4d4c28674baac4c0178ac3a2307c88b4c35a86ed9c6861c306a6797bd8e3 |
| SHA512 | bff951421b767e7f8ae81e69229183b5375446f1166ff9d96f733762ec8e4922dc47d6ac3b219938e1d1c80882f9a8b56298d25dff513d9bb7577751481d432c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 501c485a8eef67387cce523a03062c8d |
| SHA1 | e19bec5453e62288c41497bf08b5550021a85a25 |
| SHA256 | 556dedb21b4bb335b7be43cf479e27210ca8eddfd93262e6af866b34a4a3a21f |
| SHA512 | 04135acf69c01c65b00c4dc8b4965b3a64caa01cf45ffa1fb22718c685d58e7a837fa129b1c3e00a198e0e3f80de392df2e54985b6fd0c8db60b6d30db9532e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4266977b5906cf833e44c24f6ae3dab0 |
| SHA1 | 438f97988852638bfda2ea992c9749eda9aefcc9 |
| SHA256 | fe0384c6bec55055b917bdf87b66b0b39cdba979678191843db4d4458cc05ab1 |
| SHA512 | 6f4e6dc16a110c6536de642f36e374dcd49ed3421a60e0cc99af5b42bc88fb462c059f6f6295778279ed8c4cbdc8f2b027511edc5ae556d8d547960def85285f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb44ff4e84aa4bea3918fecc5658c2f2 |
| SHA1 | 027904c83924cc611804d9ca9049020baece3856 |
| SHA256 | 1fcccffe06a54237a4d609aa8710597901a5df43af5ca6ba3dc09ea78aec370c |
| SHA512 | 3972d4343b12d90909412ade07e0f0229da5cde1f2f60d09c53e873ee482e76d925b40cc797bc5b1af2796330440776cf36e6537692e1dd4c88565b4d8e8b06c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04b2c41611a8730ddfdd5a08269f6657 |
| SHA1 | 79b84960f93d02ce1f15e25996d40fbad79869d0 |
| SHA256 | afef8a310e1ed92c6dff38c5de9e84fd8b5539de236ef351aeabb7dfdc2b3b80 |
| SHA512 | dff50618a72790e79ccd14592c8a63756255eab325b08b3012d22108c1f662650ba385f9257efddcd6bf0e48de664e4c475825e3744289785c3bc8f6efb2964d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7cb6c35774439f74abae35f27e1c5f1 |
| SHA1 | f275dfa3d30bc4d71cf8cf72a76a0f724ec578ad |
| SHA256 | 6f705f9ab108148607c435191fbcd0700a0bfab1b2b56d1b1007f6cfc8b07887 |
| SHA512 | 2f7c80f7a91988eae715257dc32e14b82b1a7e4b19bc927aa12bfa518f35df887948d94cc3522b68b1f1b28c0463deeb07a13804fe1af0a1cfb8651ff36b9898 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 623899405870f48421a711f6593a8fd9 |
| SHA1 | 8ed8728db197826a48b3c5496e8e3ea777fb74f8 |
| SHA256 | dd0b9ee567a84b20b454e5da61d419aecce8e4837cf8202c6b5eea3799700108 |
| SHA512 | 2dc3d26cffb303269040c255283e5a7311b31dd4055f9c23c7757213147b68cbaafd228237285621f1e04e06bb72b1e4b9f34735ddd34685931e208d73cf43be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb192ceceec0f0ec0181523ece4fc09b |
| SHA1 | ef34045d738138799864893de70945df9f8b32e1 |
| SHA256 | b3c1e4d9015779ce8eb84e4c7427bf2359a7502308c553bab62f9d5fb5b2d945 |
| SHA512 | dac6f5f5962c804ad9a12da5a04d997f43b4b041075ec64e8a8d5e79ca4a355f542d724143ff9209bbbda552b110154a54632e885598bea4948405d3a1b3789f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c3dc71e8af760d2ec84060cbc4a3183f |
| SHA1 | 7345a46974ebecfcf1d894c2064a76b8b32f1ad1 |
| SHA256 | e958e1881ae1b8d1ab5418f8d82ab675790d460d7c4dc309ddd7c1ac4543d248 |
| SHA512 | d97e28898ef83f49b850782bf2ac5c85e7e4f3ff0392129bb1896de355423a6cd85f1e706485c73d3a7104590263885b74b9bb0d58ba781106974016780fe66e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b9cc7e83a92673e57df0e14c6cd1423 |
| SHA1 | 01375c8120a07c708d2a759a02fdbe65a3e2061e |
| SHA256 | 49d121045adbdf9659a5f3bc03d2a1dac78537d010f4d851524501a2481c9a0c |
| SHA512 | bad30087f742c6327d108acf67035bdcd64c5b0d7989876c90902382dbdd812dbbdce0c32aa04e9e626701a1be44a74514cf76febc226cfec31556549750c6ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 719b74a01602267c75821216b83c2ce2 |
| SHA1 | 899f9f2a0e1c64d7466490bd14deabc449733e22 |
| SHA256 | 477cd48901b6a8569a33c0340ce74e11b2e84b2d32f2badda5908cdc60622f22 |
| SHA512 | 3893377ae309ccce0ca7781128b9660e186c16264a464d8ed7516e269f5c4180eaa3921be6006aec24afaa7aef8c8f1f8457417564e3d965f3846f9de8519b38 |