Malware Analysis Report

2024-11-15 06:02

Sample ID 240922-lq8nkatbla
Target https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
Tags
rhadamanthys discovery persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1 was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery persistence stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Opens file in notepad (likely ransom note)

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 09:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 09:45

Reported

2024-09-22 09:55

Platform

win10v2004-20240802-en

Max time kernel

385s

Max time network

563s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 2916 created 2952 N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe C:\Windows\system32\sihost.exe

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" C:\Windows\SysWOW64\reg.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714719350188959" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3752 wrote to memory of 2264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 2264 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 4752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82b2ccc40,0x7ff82b2ccc4c,0x7ff82b2ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4380,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11961:150:7zEvent31451

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5028,i,12580344708937376285,5837935267270026929,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe"

C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe

"C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit

C:\Windows\SysWOW64\reg.exe

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2916 -ip 2916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 452

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2916 -ip 2916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 440

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\msimg32.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 uc5c4ed57d48f815abb985e20ef7.dl.dropboxusercontent.com udp
GB 162.125.64.15:443 uc5c4ed57d48f815abb985e20ef7.dl.dropboxusercontent.com tcp
GB 162.125.64.15:443 uc5c4ed57d48f815abb985e20ef7.dl.dropboxusercontent.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 59.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 cyberchef.org udp
US 45.32.165.199:443 cyberchef.org tcp
US 45.32.165.199:443 cyberchef.org tcp
US 45.32.165.199:443 cyberchef.org tcp
US 45.32.165.199:443 cyberchef.org tcp
US 45.32.165.199:443 cyberchef.org tcp
US 45.32.165.199:443 cyberchef.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 199.165.32.45.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.179.225:443 tpc.googlesyndication.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.68:443 www.google.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 45.32.165.199:443 cyberchef.org tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp

Files

\??\pipe\crashpad_3752_AZOKRVCQBSPLPGUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d188d592da031efdc088b431eddfccac
SHA1 836abe7703c69710dd0edce95b2284ef1c530059
SHA256 6e9efe357c272fc79e50c9f16441ca583517e96e27111c95a263905604cd1385
SHA512 e0b59ea7a5fe1683f457008ee463e9a307d3ed7f5e7eaa664204f72edf97a634d7509c3746c30c39acf6f8bb05d5d3b52d8bf21fab91beb798c995697c264d4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0e423a09577df81cf7c469b8d93da3a1
SHA1 974f8cf25b83e77c67b25cc7b060a87ae582c87a
SHA256 3656f8a9707230348c13d9c2fd7388667f800006c31e616fc7099801f75794b6
SHA512 01f567814e64f35a205e028d7359ee1d61671f6f6128f6500e7029f2c397c741507c5eb460133dfa5ec74f49412d22b4d28e0d1a23bff2962bba8235d47f5ca0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de6658cba3f98467ec48c3becd7bbbbe
SHA1 c29258f5209b35eec2d36adae9ae965d55bf0fdb
SHA256 18e924663575dd276bc250a811b68761f8fe2e777be11e6ad0c30d6afadd725a
SHA512 bb8dceef17a1e50218bd03379a4294afb826b028edf8bbcea4b00571c8b243431b568fc90562f94cc9a7e85d1fa7173e3e594a6ae4ea13145024ba6b0d033542

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be9a0be788efd4770a426f5164e5e639
SHA1 08294dd92f6510c0cf4d3a2890b7562ab30449ef
SHA256 4fb22c0be6d65385fa72c7b9778f80e7b12a43b8f49334e30063a02c42cc76d8
SHA512 29839d435f279f1772737d59f47f1461522ab0dd35fb44901080ebaf62792898b8a544e38df4a818662c05ddb7c4d6718b637dc2d49c7249d81f2e8d8891746a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9da790674aa534a197d419a6e3e4d91a
SHA1 857dcc158929fde12009ec1adcd221c78a0f83ed
SHA256 64677b54073f5754fb107823fe0a79852726bc1d6e4bf5015d0456cead6177ad
SHA512 2627f9bd8fcfee45c8fdb2aea5a841e7be0e4f57fa8af668b496389649dfec07395a756ce4cfb9dfcdfd658dd727bd37325b1ae8f7ddda44c70c4fc533cb536c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 01bd19779bd4c6561a2e50a56606fbaf
SHA1 304d67b630576c18e2693f90d3a79110e6d79afb
SHA256 a331603efe39aebe5ef336dd10f48d4b31a9b00cbaa53d0fcc0f97b2a5f37a38
SHA512 3eaa282f5a286e205ba744bfdf9de00bf6c45526df5b453bb97d3115027dc6ecdc3042a84e8b07aeb00a7cdbc2fd9882c1dce6c8e8e802c7b7c56f7a5a1c6ba9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c748141aecb04315d0cc26c229e11a0
SHA1 660a5ce9d216bd259a08b7419a19259c39b85a8f
SHA256 648cbb5de2824dc8200272d08c0577606cd864ed1ac70825437bb1b64d20214e
SHA512 24d43814f0c498c87d716080a9e6386afbebb3d2d6d5611db3b7ffb2fc03c0754f1823ac7114b518192efd55cea5cb2a0e6f7be6743823c84c772c33cb13144c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d9b65274cec56bbc379d6059f5847e9b
SHA1 afc216a828a67419b9cf451d3e6a20ab4e62a050
SHA256 f9ebf3a3fb5cfb40e9090c3af32ce1f09b78b94a3deaf008490f423068c271ad
SHA512 875caadadbd9bd1c57a24d4ada90bd8a5379cec267c4807f22ab005d5908bd969a9e77f4d29daadee1c473f52279892051d55360d8866994af4a58e6c0a6cb21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd0b8bc4bf589dd5197edf29f08f961f
SHA1 6a25ad02cc6a878263db25aef922a0586baec4a8
SHA256 eb5c22109b07d5f108ffca99b4c90db09bc0f454aab5860fca57327560d474c5
SHA512 8deb658cc85f1074dd3ca704825eab23c74cc319b928acac15cc61f03bd899787d3482b31ad80a1df9644c9d82bc03cc349d28d583c47c67e14d81d71edbf2b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 919c902f0272d40f4aade6c6c4607138
SHA1 8ca17db945496994896bb6c2ae09d17ca2ad30c3
SHA256 239f3d39918614667a1e38537362b498793768fdefecd6db8cd76972d0a7ff04
SHA512 8961b5464367fedd40728502d259c46cba8eb0106b0a9eaaef0549fa8d62ebcc7b48d7e193270794afebb9640837845b5f03b4dbc33776e5d383ccd5723ea5a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d73b01655748924b336ee4354b9c8a0c
SHA1 088ba903cc0d3773879206ef294cab346e12521f
SHA256 1f59c8146bdd33bff85bdf53d5babf8c3efe05d9a35e6d8c6eda1eb3b4b5d753
SHA512 7083c700af71f24e4ef7f94f70423fbee23fb178a4dd64e2e373f691a5d74925a7655704fb5263a67f6025f17fac03b49ce2ceb14a81f8e19d88e77f54035fef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2665fda6c863dedab501173d2cecaa8a
SHA1 6f07b6b452172902f6ff488956e2f82041ed0fb1
SHA256 3aab27935c5c7888ef0e2061a16c42ebdc0429367852c6bbb36c3d3d557fbcc3
SHA512 94da25b4711efdfc9d16282d113132ecdd085d168c961b3776b8932b8b8f188e85196d3d2c8efdc22dafd4a1556c06f4c4a94247ba52dce9b39ed3afd781d8e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a14e8b5af7a3aff46cc5036c48a7b5a1
SHA1 b3f5f4ac0ad5f2d32f60b59ccd1cd33e506f3a2b
SHA256 0356a2ba90734eb347b13b5bdfa7c66462343af95945c4fd85166b37b43815aa
SHA512 c7141fd53a828df1f8720547baa51aed8f4d539f46b5813993d59281a603943722737c6a9c41ba06b2c63253bbc17e76e96049886e287a4f18639195ac1ecaf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3be6cb6efb625f0915846cdd2040cf5
SHA1 bcb08fd6d4267c76da51d75c7625dd87cfa3dc71
SHA256 1018cef52844fa22582101ac2549eba858c301c0d8ffa2d37cc727e735b83c78
SHA512 6e81775b09e4daa06d960a9d15646fe60807747cc335d21a6ea7250e160735982f1e55900b27e35844d587281d0d38075491d76085d90c23d8e9830fd127f00a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbe6594510040a0696b355a0b4e2b34d
SHA1 2a2d71f9a147187d4e64f9795c7c35114353c1ff
SHA256 22421bac7ea95551815f9959343989ade5cd8885dbda309b27294d7bbcd15c2b
SHA512 6cc3d57c40ed4d4e1033d4836ce0ec0919e1c99c761ae14a7f2477fb54373d93b4db6750062dcc0c9590cab35f87713651427705d89e10c39980dc214b14cdaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6cb2de8b6234c41d8b0a2c5b13852c4
SHA1 412b476adef5a2dc9644919346a2ee31e8ee27b8
SHA256 e7ff3f144dcd8ecb0b6ec87e8be32c372d3815a2d90ec7b4a3421e4ae8290d0a
SHA512 be0659385e75d8783b38452a09399e42c29e6d7a920565eaed277609d613695192616341b74405d1f534ac243fdd4a45393d466f53f67685a2edec71f13bdf5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85ae476b3c15209f37d45f5dbbbf34dd
SHA1 6c2e9bc564cfe080345a36a469740f6d12d1a134
SHA256 cb543fb0effcbdca6db9f99be23b37fca2a7c74030e10eebe31119478e54c69a
SHA512 aa0e114725dcb1cafc7b45ee7b92e44acf9422dff2ab9a32e864ba375297cfbdd8a76ab7e5c6f6c267c2cc9752e399fda3324197e0f8f598b6232fc688b30ee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d16ab56a06b1980e68ef79aa7a9d61be
SHA1 f6a15fd3688b6d9fa58f7f057b05057266d86a35
SHA256 09d20a8ccc772044b4e2418a79d46e368061a01e1c2ea72251e245002b7fc907
SHA512 e0a3164fbb0b43c8e3554a3f1f6bf6ee0f92bbdca3b53c7de3b3b860cc30d3f7918766be21d7ef3cd0800f1d7784a77cf5612f8a8284a1001df7e265b62fcafd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e4fcaffd2a37a8d8989c4a38fbb9024
SHA1 f3e56dd1068cdfa22e9f1f045c1d06c59dc8577f
SHA256 62cd6c0c91d85d8029f00fb28d0203fcc245a75327d66cac476312c7cf387e81
SHA512 622c214f1083ec530ccefb975aa204d18836dc429755a41be7c594416a5e28814a362f090b4464de7fd289ac932972e04c142d3db41015d84bbd71e611737087

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d97f20ee6329574d0a04dddb97b81e9
SHA1 ad6296dc3fc6779b3b32e6f9935a3da2d96a0cd1
SHA256 42950b7bbfe0c6345482148956a578501409a2f7059a5d8bfe35d50fa8c22238
SHA512 0bb9f469f3daeebc9de4e66a616029f07f026a11488cb8f21babbca8bbb9add1f3f19fe71ecc77d67f62f93996a54fd4b71ce60ce011bacd6cbf664f61206e04

C:\Users\Admin\Downloads\Revocation of copyright for The Music School.exe

MD5 4864a55cff27f686023456a22371e790
SHA1 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
SHA256 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
SHA512 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

C:\Users\Admin\Downloads\msimg32.dll

MD5 e29bbcc3dc9ac5bdfbca71244215a4f5
SHA1 4b97f6ccebb6f188def1640e1311500eeaf6e65a
SHA256 155b4e58c22533bee1ada6310498b54d031c7234f3dd54e9ab04d12c29d5497c
SHA512 618777b4a6605047f2dc2bcdd2c63a569165172a1244e3bba70769efc1a29b6bf544bd58223a8c1d3d023f20c8663e765c725e76dd3b882421ddd677162e8bc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f894e3a8a50a62604b4fed42a1116583
SHA1 8842dc93b2899eb56275c176b26fbc18502a64b8
SHA256 2f2f9c77ac67e1f997b149612606155df74c661d633dc6ebe9d896864c9a25ce
SHA512 29cf78aecbb449320418ea8238d2be2d2dea2b326b57a239f14541b66cee8d23fc512f16f72262bc1deb720ac6831880bd22c5d848c1d19cadc1c2fb4629d19d

memory/1120-228-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1120-227-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1120-225-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1120-226-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1120-231-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/1120-233-0x0000000010000000-0x00000000101E3000-memory.dmp

memory/2916-230-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/2916-236-0x0000000000A30000-0x0000000000AAE000-memory.dmp

memory/2916-237-0x00000000037D0000-0x0000000003BD0000-memory.dmp

memory/2916-238-0x00000000037D0000-0x0000000003BD0000-memory.dmp

memory/2916-239-0x00007FF839EF0000-0x00007FF83A0E5000-memory.dmp

memory/2916-241-0x0000000077070000-0x0000000077285000-memory.dmp

memory/2896-242-0x0000000000470000-0x0000000000479000-memory.dmp

memory/2896-244-0x0000000002160000-0x0000000002560000-memory.dmp

memory/2896-245-0x00007FF839EF0000-0x00007FF83A0E5000-memory.dmp

memory/2896-247-0x0000000077070000-0x0000000077285000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 853280cba030afd565af3d20c8f68f7e
SHA1 31987e178d9aaba37d5a1dfd5b8ae660408a1da1
SHA256 250b4d4c28674baac4c0178ac3a2307c88b4c35a86ed9c6861c306a6797bd8e3
SHA512 bff951421b767e7f8ae81e69229183b5375446f1166ff9d96f733762ec8e4922dc47d6ac3b219938e1d1c80882f9a8b56298d25dff513d9bb7577751481d432c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 501c485a8eef67387cce523a03062c8d
SHA1 e19bec5453e62288c41497bf08b5550021a85a25
SHA256 556dedb21b4bb335b7be43cf479e27210ca8eddfd93262e6af866b34a4a3a21f
SHA512 04135acf69c01c65b00c4dc8b4965b3a64caa01cf45ffa1fb22718c685d58e7a837fa129b1c3e00a198e0e3f80de392df2e54985b6fd0c8db60b6d30db9532e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4266977b5906cf833e44c24f6ae3dab0
SHA1 438f97988852638bfda2ea992c9749eda9aefcc9
SHA256 fe0384c6bec55055b917bdf87b66b0b39cdba979678191843db4d4458cc05ab1
SHA512 6f4e6dc16a110c6536de642f36e374dcd49ed3421a60e0cc99af5b42bc88fb462c059f6f6295778279ed8c4cbdc8f2b027511edc5ae556d8d547960def85285f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb44ff4e84aa4bea3918fecc5658c2f2
SHA1 027904c83924cc611804d9ca9049020baece3856
SHA256 1fcccffe06a54237a4d609aa8710597901a5df43af5ca6ba3dc09ea78aec370c
SHA512 3972d4343b12d90909412ade07e0f0229da5cde1f2f60d09c53e873ee482e76d925b40cc797bc5b1af2796330440776cf36e6537692e1dd4c88565b4d8e8b06c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04b2c41611a8730ddfdd5a08269f6657
SHA1 79b84960f93d02ce1f15e25996d40fbad79869d0
SHA256 afef8a310e1ed92c6dff38c5de9e84fd8b5539de236ef351aeabb7dfdc2b3b80
SHA512 dff50618a72790e79ccd14592c8a63756255eab325b08b3012d22108c1f662650ba385f9257efddcd6bf0e48de664e4c475825e3744289785c3bc8f6efb2964d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7cb6c35774439f74abae35f27e1c5f1
SHA1 f275dfa3d30bc4d71cf8cf72a76a0f724ec578ad
SHA256 6f705f9ab108148607c435191fbcd0700a0bfab1b2b56d1b1007f6cfc8b07887
SHA512 2f7c80f7a91988eae715257dc32e14b82b1a7e4b19bc927aa12bfa518f35df887948d94cc3522b68b1f1b28c0463deeb07a13804fe1af0a1cfb8651ff36b9898

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 623899405870f48421a711f6593a8fd9
SHA1 8ed8728db197826a48b3c5496e8e3ea777fb74f8
SHA256 dd0b9ee567a84b20b454e5da61d419aecce8e4837cf8202c6b5eea3799700108
SHA512 2dc3d26cffb303269040c255283e5a7311b31dd4055f9c23c7757213147b68cbaafd228237285621f1e04e06bb72b1e4b9f34735ddd34685931e208d73cf43be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb192ceceec0f0ec0181523ece4fc09b
SHA1 ef34045d738138799864893de70945df9f8b32e1
SHA256 b3c1e4d9015779ce8eb84e4c7427bf2359a7502308c553bab62f9d5fb5b2d945
SHA512 dac6f5f5962c804ad9a12da5a04d997f43b4b041075ec64e8a8d5e79ca4a355f542d724143ff9209bbbda552b110154a54632e885598bea4948405d3a1b3789f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3dc71e8af760d2ec84060cbc4a3183f
SHA1 7345a46974ebecfcf1d894c2064a76b8b32f1ad1
SHA256 e958e1881ae1b8d1ab5418f8d82ab675790d460d7c4dc309ddd7c1ac4543d248
SHA512 d97e28898ef83f49b850782bf2ac5c85e7e4f3ff0392129bb1896de355423a6cd85f1e706485c73d3a7104590263885b74b9bb0d58ba781106974016780fe66e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b9cc7e83a92673e57df0e14c6cd1423
SHA1 01375c8120a07c708d2a759a02fdbe65a3e2061e
SHA256 49d121045adbdf9659a5f3bc03d2a1dac78537d010f4d851524501a2481c9a0c
SHA512 bad30087f742c6327d108acf67035bdcd64c5b0d7989876c90902382dbdd812dbbdce0c32aa04e9e626701a1be44a74514cf76febc226cfec31556549750c6ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 719b74a01602267c75821216b83c2ce2
SHA1 899f9f2a0e1c64d7466490bd14deabc449733e22
SHA256 477cd48901b6a8569a33c0340ce74e11b2e84b2d32f2badda5908cdc60622f22
SHA512 3893377ae309ccce0ca7781128b9660e186c16264a464d8ed7516e269f5c4180eaa3921be6006aec24afaa7aef8c8f1f8457417564e3d965f3846f9de8519b38