Analysis Overview
Threat Level: Known bad
The file https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1 was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
System Location Discovery: System Language Discovery
Browser Information Discovery
Program crash
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-27 06:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-27 06:06
Reported
2024-09-27 06:12
Platform
win10v2004-20240802-en
Max time kernel
353s
Max time network
347s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4124 created 2760 | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco = "rundll32.exe C:\\Users\\Admin\\Documents\\CiscoUpdater000_PARTIAL.dll,EntryPoint" | C:\Windows\SysWOW64\reg.exe | N/A |
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133718907815293805" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/84aaoddpxlr3zz78hvwul/Revocation-of-copyright-for-The-Music-School.zip?rlkey=dapi9fh3bhwsdbg34c9ek7l44&st=9hrxlndc&dl=1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff849edcc40,0x7ff849edcc4c,0x7ff849edcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3992,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\" -spe -an -ai#7zMap2317:150:7zEvent4761
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Revocation of copyright for The Music School\rename_me.rename_me"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
"C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=538CD8DF22621C9EA217764A690FA588 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=538CD8DF22621C9EA217764A690FA588 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A66C43215CCB6D75A3AF65EACCE0E918 --mojo-platform-channel-handle=2004 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=101D5CB9543405E91381EC628BBA25DC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=101D5CB9543405E91381EC628BBA25DC --renderer-client-id=4 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{5AAABB05-F91B-4BCE-AB18-D8319DEDABA8}
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4124 -ip 4124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 500
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4124 -ip 4124
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ED2B014BF044329CBFEB0D348276061F --mojo-platform-channel-handle=2748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 508
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=961A0E2E5561B864FDD54F796144066E --mojo-platform-channel-handle=2124 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C9609F6373CD9BC77E38CB9AF990EA9 --mojo-platform-channel-handle=2984 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Revocation of copyright for The Music School\msimg32.dll
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4576,i,5784051829624890734,9667946550727621032,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3512 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| NL | 162.125.65.18:443 | www.dropbox.com | tcp |
| NL | 162.125.65.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.65.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uc38dc5e3df14514b814eca62528.dl.dropboxusercontent.com | udp |
| NL | 162.125.65.15:443 | uc38dc5e3df14514b814eca62528.dl.dropboxusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 15.65.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2960_YVDCRVPYTNOBNMRQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1f31b4cf4e3cdfd1c88009f5fadac08a |
| SHA1 | 0a8f83faf9e983cdcf982e311cae0a211d8b0f3f |
| SHA256 | c5fdf996ae40f2ebce7e74972d1d6e937b9c0b54aa59589a6ea1a1ee7f0150c5 |
| SHA512 | 2f7284d0e14bcaeeaf1b38bcb6297704f29c6fc3e84660e1955012182ed372a84571595360b13881cfda8bd22e8dd4f9e99f67ca9ce0148a4ed6053caa921701 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ad03d7c1c75da85b0735b00c92c91568 |
| SHA1 | 86338611f218de5f2f3c7c0c720a2d6e195c3e0a |
| SHA256 | 0b06be9b65c7cf826d1535fa211f24885e2f2c8aa826e67945b3ba581822b6fe |
| SHA512 | 758da25eb1856c9f6062a02d7214134b5acf2ac3628041a6b64fa6e1a1f9deb756572d0917cfe2d238dbb4702daff5d15c8ee6d4d04520f4d6b0511cab5be101 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 278a55c32f3fe6033cf7a391ea2e5de2 |
| SHA1 | eefe6181417805e92337ff9b7feb81c0dc4676aa |
| SHA256 | fadca56339cce946e0177e26b608152c99290d9862e15334977b481b36873fce |
| SHA512 | c6f54df688e74d187a2fea9784ce2ffe9b2e6618af1e2393d1d18caa8b8588b7ec8faed3185792c2f49959507c87f2fe1d268852540e21baebd1792554fd65a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab676028e3cd6b6dfc65e40edc124a45 |
| SHA1 | 5944e0ae88a34c6016c3d90b0dd7ca44df85ba60 |
| SHA256 | 8c797de3b1df6a2be46f2701457a1b2459c438ec3a843eefddf6526c3695544e |
| SHA512 | 44d465293ad3c9af257ef3eec0458f3b7ab098651483a7bfc7a2713a94e5c306aeedd49f924c466765f723df5ca9dbd4784c64f8698450d2f605f437571f3c99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdff2dbe7bd6a8b85df3ca191e1a3a7e |
| SHA1 | d16cf9772a3a6378ac4b688a724aaeaef0b61d45 |
| SHA256 | 6a7cff8d6db9590832e9de32f3b37b50b6a12783783d0f9633443ea363fb469e |
| SHA512 | 76efffecaa85bbe6a56986fca1b3d7988cd8d4a86c9f3480df79be8364c2d50f7598bd10e911add92420cb73404adf28f9f8bf61024df4050774c4e38880751e |
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\Revocation of copyright for The Music School.exe
| MD5 | 4864a55cff27f686023456a22371e790 |
| SHA1 | 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c |
| SHA256 | 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2 |
| SHA512 | 4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb |
C:\Users\Admin\Downloads\Revocation of copyright for The Music School\MSIMG32.dll
| MD5 | e29bbcc3dc9ac5bdfbca71244215a4f5 |
| SHA1 | 4b97f6ccebb6f188def1640e1311500eeaf6e65a |
| SHA256 | 155b4e58c22533bee1ada6310498b54d031c7234f3dd54e9ab04d12c29d5497c |
| SHA512 | 618777b4a6605047f2dc2bcdd2c63a569165172a1244e3bba70769efc1a29b6bf544bd58223a8c1d3d023f20c8663e765c725e76dd3b882421ddd677162e8bc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c10a4f7f781dcf221ebc529ed1513d59 |
| SHA1 | 899b4face1cbf308be5800ed023e3147f8e3e13c |
| SHA256 | 625cc2459a6f314dede0cee0f149a992b0e3d24a84487a5fbeb9e64352948aef |
| SHA512 | 1845031a9afe53cbd1a4b9bb1714d61253a5c42fe9730b33624a9e7980b084f57b66b333359e2cc31211400bccc8490f7422b7c143d035c36245835a124e2ecd |
memory/408-80-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/408-83-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/408-88-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/4124-91-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/408-86-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/4124-85-0x0000000000A30000-0x0000000000AAE000-memory.dmp
memory/408-82-0x0000000010000000-0x00000000101E3000-memory.dmp
memory/408-81-0x0000000010000000-0x00000000101E3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9a0e6d16f1f89a923ecfc06b1806759e |
| SHA1 | a7997e0739ab104e0d5ebb341fda1bd3de0b721e |
| SHA256 | 322017f0b48833d2bee7335de48d10eb0837f4943ae3a2ccabf95c5e431e599a |
| SHA512 | 5ebdcbe4ea24c1798ebe14f95ae6db84f7eae3c5de36c9426c4fa8240cd4ff80c4694c5a471d28b0b83e596eee4ab20663e5341ac71bc63955ec9d4eab674e54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22d8d450c7e5033379c30a0c9d3be095 |
| SHA1 | dd293b29c086df1f4fed34d82c951676685b4bbc |
| SHA256 | 9f2ad6c75269f842b48c7c6af19ed8093ff847f17908ba445ab9e78534a41e26 |
| SHA512 | 18fbfd54845012e1acb1bc105adf63b1851d887641b1473168be49106b4dbff9c37dc8abd87d10064231d4b888298394e09af907c78873568a14f63a9cda0f8e |
memory/4124-121-0x00000000037B0000-0x0000000003BB0000-memory.dmp
memory/4124-122-0x00000000037B0000-0x0000000003BB0000-memory.dmp
memory/4300-126-0x0000000000ED0000-0x0000000000ED9000-memory.dmp
memory/4124-123-0x00007FF857F10000-0x00007FF858105000-memory.dmp
memory/4124-125-0x0000000076BF0000-0x0000000076E05000-memory.dmp
memory/4300-129-0x00007FF857F10000-0x00007FF858105000-memory.dmp
memory/4300-131-0x0000000076BF0000-0x0000000076E05000-memory.dmp
memory/4300-128-0x0000000002A50000-0x0000000002E50000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | b30d3becc8731792523d599d949e63f5 |
| SHA1 | 19350257e42d7aee17fb3bf139a9d3adb330fad4 |
| SHA256 | b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3 |
| SHA512 | 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 752a1f26b18748311b691c7d8fc20633 |
| SHA1 | c1f8e83eebc1cc1e9b88c773338eb09ff82ab862 |
| SHA256 | 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131 |
| SHA512 | a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 051c82d7787de6fe5293ba30a60fa69e |
| SHA1 | a2c9a1859be4974255cc6cc864c2bcaa6fac25af |
| SHA256 | 4741208900c05754cb3e5ff53f159ba7717ea02fe33a14b2e1656aa81d70a614 |
| SHA512 | 4fb6c28a5181c7de19efb3ef345f204137f861112e70c6a2d6ad76fe36aee9c5dbde23681d16cf78470fe21713fc5bc1863bd489a7a4106bbc3dbc0ccefd706e |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | e8aa18e4ac0ad9ff7291469e82eaa105 |
| SHA1 | 2e1a5965a618e77eb88d4cd47e761a3021d53cbd |
| SHA256 | 8d91d3d890428db04c2b92c9145e1e5f1b463fb8ac010f0b733089859ea3f520 |
| SHA512 | 53b168815ff617e32e8955d3df5ba4a6c3af6d28b6e8cedae62ff3e566377b26a39b5b43213bbb1394938f1a28fd2154ec267cc8c47ac2ae9b7ce2606b79ac1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a58dcff143d71b45989534904416258c |
| SHA1 | d6c8827955e43821004ee75f9a2e3f2bd3add186 |
| SHA256 | 0544825a6fa87d46c6b49cc347c324197a436f836c1fde9598d825ba485dfeca |
| SHA512 | eab451779b36d2062b3670fd96c3b549003eb8425eee48c9cfbf2d52ab9083f428a7c62e4b41935fdc5c3774a02347d7e5aaf7efa64485b7fde30f1a9b88f848 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3d8f99318f66e603831887a41654bcbd |
| SHA1 | a1fd228d268066930a47aca06c6490c9d9693290 |
| SHA256 | 65eb45d8fca7592fc5ad8eed53c160369611ea3d6250490b3e0e56db680536e8 |
| SHA512 | 55064ae95d4dde0270de362cc7e5862283b7451b28a37cea5b9956655a70069cc0752953858fac814c2deb66bb419cbe662442c0ea72ed18b5b2de9ba3d1cd27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec67977d4e19002e6ed518e7e31fc2c2 |
| SHA1 | 35aec47852a54aaa813e304331359b37c8fdfcd9 |
| SHA256 | 0ef24ec0191578adfa0d2ad0b978e73bc41c5f793011131dcafd2d8617056bd4 |
| SHA512 | d5ddf7d05d035bd4bbd64420a912e6b40103e44c3449c6d957ecde79f66a962933970a2f92995b09589a6fcb2b2fddff5b9699310a25593b65f71af5989d3680 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec8e3631aa0d6b550ad7ded879b14996 |
| SHA1 | fe38e18e2e2aa2d8279a7a03a9c576a3ab7c1831 |
| SHA256 | a615f9e9c61a0baebe08c33cdd29dc8aa7c0819a78fd68530431991db7295616 |
| SHA512 | fedf8fbb6e4da3ee973d924cbcb6c0f6de3528f72223db3d0394a529347325d24133a5714bab1adc96cf15fb3b72dc5e7d7b443c6bf8035ea6c84ae84736f906 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf2ec7a6a00df5b9a98071c09e858501 |
| SHA1 | cdbf7dfe3668a79544af18322dc6f5ee5225c33e |
| SHA256 | 5b75fd04c475eb806b5bda934e726028ce10e7c96f26e48321c7e47dc363bc4f |
| SHA512 | 711c12a7f115da89b301bb3e42f1fbb69f847f602d6202b1cd300901aa5c12da97c65dc3dda042780f9228dcee77e5be80d6137cace76a7144aba441949caa13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c4d4259cc0f2ac655a4a3d7b96e5a81 |
| SHA1 | af968f503d32ba0320da9050fadce652f5611d16 |
| SHA256 | 1b30dd00ac324d7778f289fdc546151b1be5c9f3ad4b1d6d3f7f89ca535e3c14 |
| SHA512 | 597f29e43a8ff91a98aa617f6f7928b2b3989c7350c5db5a4310be3fd1b2ffe2778bfa1c6147da31e6ab49bc57ff60db5bbf1b5facc4fcacde68e3af068c92e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d22e0a9d3bf2f05dcdb9fd80b2fff70 |
| SHA1 | d6e3be2bdca67061ba01ed0bee25eaff3da29c3a |
| SHA256 | 8ab8e1179d42d6c2fe8b4dd66e581f979f7ec2ac705a4f9b8568466de84af962 |
| SHA512 | 14783d373769e7e6316b2b6f34208d67688ee01315d15dd39772408d607089b3b5bb33a10d18ed7133abe50044b0fbddc8d1850817b42d59dc0821f592ab7bdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c53bbc3e032dcc7ef4502c78e2b07a1 |
| SHA1 | 09f0ff3d3d1dc82f1b7a4a69ec5804b63c03227c |
| SHA256 | db9e99150901ad973b2ac6b6b52a0e53c810bbcd6711d8435a7d485af68ac4b5 |
| SHA512 | 3f5ed2ad80553293d6f24e8e50ea7e4fbb315a5b6c310c66aff03808b6998bd8fd8b0597df883903e31e4b63b4882e4076228e7b94a60e8bf13cb423514cafb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f18a7ef8df977a4994c83589d7c5b31d |
| SHA1 | b248c0d042fb8e38c4494e88d8756b14b8f64173 |
| SHA256 | 18580fa994abb0fb9078abb4abc35d51fd3b545cb163a03ca99b94bc9366b589 |
| SHA512 | 50fceabdac9f29d0d2a3a976b5e34e50a328d2b37bc536ebf206a553a5c585728f79d34198cc60f2f57a2c91e745e5919b669f64519eed9ab772eef8a5a97781 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b0da32bc56584b7f08b344961502f36d |
| SHA1 | 99b9498a5f58f70f31bab0402c40fc8a43d02d59 |
| SHA256 | ab47357288de902de1563c5486debd46b31091d9c48e2e66fac1b2b338c898fe |
| SHA512 | a3f3d03dbfc0c6edb0a0ce7972c6c5837a9811157c4e5a8aa7cff004c8ff701ce10ebff723876751db2f6a697aa751902dbb9f02ec0cddab95f441f8b3e90457 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5aacebfb2f4f9998be72068741b0f0c |
| SHA1 | ea028548c97c174fe75e2014938db1960e325fe5 |
| SHA256 | 4b7c1fabc4bbd08758447d8ae8fb305a830dd0688adea2f8da3ffb7ebd79b3a0 |
| SHA512 | 4263e94507c62d02b1a85ec312c07eaf6a264ed20a2806a8066a517a6d463acbd014b5f04dbd129486b4a7278703c2b130a781d56118441326f677668d3d6419 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3583bc3ae6e382ee192b864302351e80 |
| SHA1 | 1c21bb23b5b2469fc2ad49fb26184d4884fb6f79 |
| SHA256 | d3352a3c6effb60c5dee6ec13a757df80c8def02150478701526b467b804828b |
| SHA512 | 966d79b5c150f1531b3c1631b36378e3af102dfb506315a02c490b6aec4e8442dc618a45cdb91fbd4b8bd65194e98608824408b7ec8287933f1649a222299644 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d8530f2d0c9925366ba33c5be680068b |
| SHA1 | 39dcff87d2ae11fb4a9390c6a4e1b850e77a9ca4 |
| SHA256 | c98d176173d96a6a0fc96208e367242d810cafab836ae6a4780a8c61b2ad95de |
| SHA512 | a953f40a9438a042663e232547c9ffa2036edc8e894384faa52fd8f8fe081a4aabdf60ad9f38d2d201f757bfc11403c56879971e88bf32c25cc1de1bdb363ad5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7dbc861acb5db62f643f50db7776b12f |
| SHA1 | 0c6c3521a7194bfd49063d0e61aed3b7844f45be |
| SHA256 | 232500e108cd594043084d553127dde15d696344e2a4d3036a4ff4dc700e310a |
| SHA512 | b29fd3cccf4857e60dca93edf44a4882813798fbcba735f4cbbcf7d774ae4b3361ca2b98c05b7c29e6b9068f5aa8dc74d1ebdbe8a46feb46078a68023f3e63eb |